Cyberspace is no longer an abstraction; it is something very real that has tangible impact on our daily lives. That is why NATO has recognised cyber as a domain of operation par with the traditional security domains. Every year NATO organises the NATO Information Assurance & Cyber Defense Symposium (NIAS), and YATA Denmark Research participated in this year’s event in Mons, Belgium to get acquainted with state of the art of cyber security.

Cyberspace as domain of operation

Robert Langdon, the world-wide celebrity professor from Harvard University, finds himself on unfamiliar grounds in the latest Dan Brown novel Origin. Instead of analysing historic symbols, Langdon communicates with a computer with synthetic intelligence and accesses an off-site server via his smartphone. This might all seem a bit too fantastic, but in fact it is not that far off. While cloud computing is already widespread, artificial intelligence (AI) has not yet reached the levels of Brown’s fiction. It is, however, a field marked by rapid expansion, and it has become a prime focus area in cyber security, while cyber security itself has become a top priority for the overall national and international security strategies. So much so that NATO at the Warsaw summit in 2016 recognised “cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land, and at sea”. Certainly, this was also the underlying premise on which the NIAS 2017 conference was conducted.

What is NIAS?

NIAS is an annual gettogether of cyber security experts from the industry, military and academia, hosted by NATO Communications and Information Agency (NCIA). This year’s two-and-half-day event took place at the Mons Expo in Belgium and was honoured by the presence of NATO’s second-in-command, Deputy Secretary General Rose Gottemoeller, and Vice-Prime Minister of Belgium, Alexander De Croo. The conference consisted of a wide array of distinguished keynote speakers including policy decision-makers, military officials, industry developers and academic scholars, as well as a long list of topic specific workshops and industry exhibition stands. While the majority of the conference was dominated by the industry’s showcase and sales operations, there were lot of interesting insight to gain for the layman with interest in cyber security policy.

What is a cyberattack?

According to one speaker, “phishing” attacks constitute as much as 90 percent of all successful cyberattacks – a similar figure is suggested by various websites. This means that 9 out of ten cyberattacks occur because the victims actually release the malware themselves by clicking on a link or opening a file, they have reived in their inbox.

A common form of malware is ransomware. As the name suggests, it is a malware that steal your data by encrypting your files and demand money in exchange for a decryption key. One such ransomware is WannaCry which hit nearly 100 countries around the world in May 2017. The most severe case was that of the British National Health Service (NHS) as the cyber-attack managed to paralyse several hospitals in Britain. The malware spread from PC to PC throughout the NHS network and as such a single human error of clicking on the wrong link, could affect some 40 NHS organisations.

This illustrates perfectly that an attack in cyberspace can result in serious ramifications in the physical world. An attack on hospitals can cause non- or maltreatment of patients, which in a worst-case scenario can cause deaths. This goes for other sectors of the modern digitalised state’s critical infrastructure such as the energy or transport. Therefore, the primary objective of cyber security is not only to ensure that our data is safe, but essentially to protect us physically.

How to avoid it?

The answer to avoid cyberattacks is not to go off-line. Few modern businesses would be able to survive off-line for more than a week. A case in point is the Danish shipping company Maersk Line. The company suffered an estimated loss of some 255 million euros due to unshipped containers following a cyberattack, which forced the temporary reintroduction of pen and paper at the offices.

The obvious solution to the problem of phishing is: Don’t click! Education of company employees as well as ordinary citizens is mandatory. One of the more curious examples of cyber education is the US initiative in which Girl Scouts now can earn a badge in cyber security as well as baking or camping. But another solution to prevent the devastating effects of cyberattacks is simply to have the latest security updates.

The NHS was partly responsible for their own vulnerability as the patch – developed by Microsoft two months prior to the attack and which could have prevented it – had not yet been installed on the organisations computers. Furthermore, some of the operating systems at the NHS was even as old as 15-years, systems for which Microsoft no longer make security updates. The industry at NIAS was obviously not late to use the NHS example in promoting the need for their cyber security solutions.

Intelligent malware

While NATO takes ransomware such as WannaCry seriously, there is far more intelligent form of cyberattack. When a malware is released, it is possible for the security experts and security systems to detect and deal with it. But high-level and nation state hackers are not interested in releasing their malware to everyone who may click on the link. Therefore, they use profiling.

First of all, the phishing mail has to be highly sophisticated as to ensure that the intended target does not suspect it to be malware. When the victim opens the attached file, a profiling malware is installed on the victim’s computer. This malware communicates with the Computer Numerical Control (CNC) and thus retrieves relevant information about the victim. If the victim is not interesting enough to attack, nothing further happens. But if the victim, however, is an interesting target, the real malware will be released. By profiling the target, the hacker can ensure that he or she gets access to a relevant server before releasing the payload.

The state of the art of cyber security

One thing all speakers at NIAS could agree on was that cyber security is as important as the traditional domains of operation, if not more so. In our digitalised societies we are extremely vulnerable as a well-orchestrated cyberattack can shut down the very servers and computers which our modern-day efficiency is so dependent on. Therefore, cyber security is no longer something you develop to protect a certain software; it is the very core of software developing.

While some speakers were reluctant to name NATO’s main adversaries in the realm of cyberspace, others quite bluntly identified China and Russia while emphasising that these players had an advantage vis-à-vis NATO as they were unitary actors not constrained by the same juridical bonds as the heterogenous NATO. There were, however, agreement among the speakers that in order to counterbalance the threats, further cooperation was needed. This includes cooperation between all participants in cyber security such as NATO, individual member states, industry and academia. But while all could agree that further cooperation was needed, few had any tangible suggestion on how to facilitate such cooperation. And this is probably the biggest challenge for NATO cyber security: That while all agree that information sharing is key in developing effective security, everyone still hold their cards close to their chests in fear of putting themselves in a vulnerable position.

NATO has launched several initiatives to stay at the forefront of cyber security including the Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, but in a world where cyber-crime has become a multi-million dollar industry, where ransomware can shut down critical infrastructure and where nation state hackers have the ability to influence and shape other states domestic opinion and policies, the question is whether that is enough.

YATA Denmark Research will follow the developments in cyber security closely and give you more detailed insights to cyberspace as a domain of NATO operation. Stay tuned!

Photo:NIAS 2017 at Mons Expo (NCIA)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s