Kenneth Geers
Naval Criminal Investigative Service, U.S. Representative to the Cooperative Cyber Defence Centre of Excellence
Twenty-five years after War Games, cyber attacks remain somewhat of a mystery. Specifically, is computer hacking a threat to national security? The answer lies in the history of mankind’s conquest of the oceans, skies, and outerspace. The first arrivals are explorers, who can hardly be blamed for their actions. But as settlement and commerce begin to flourish, criminals, com-petitors and enemies appear, by arrival or by birth. Cyberspace is no different. It is already inhabited by political and military adversaries, alliances, and soldiers from every international conflict on Earth.
What military officers call the “battlespace” grows more difficult to define – and to defend – over time. Advances in technology are normally evolutionary, but they can be revolutionary: artillery reached over the front lines of battle; rockets and airplanes crossed national boundaries; today, cyber attacks can target political leadership, military systems, and average citizens anywhere in the world, during peacetime or war, with the added benefit of attacker anonymity. The nature of a national security threat has not changed, but the Internet has provided a new delivery mechanism that can increase the speed, diffusion, and power of an attack.
Real-world cyber battles of increasing importance are easy to find. Since the earliest days of the World Wide Web, Chechen guerilla fighters have demonstrated the power of Internet-enabled propaganda. During the 1999 war over Kosovo, likely non-state actors tried to disrupt NATO military operations through computer hacking, and claimed minor victories. In 2001, simmering tensions between the U.S. and China spilled over into a “patriotic” hacker war with uncertain consequences for national security leadership. In 2007, Syrian air defense was reportedly disabled by a cyber attack moments before the Israeli air force demolished an alleged Syrian nuclear reactor, and the denial-of-service attack against IT-dependent Estonia brought unprecedented attention to cyber security from governments around the world. In 2008, the war in Georgia demonstrated the connection between cyber attacks and conventional military operations. In 2009, the entire nation-state of Kyrgyzstan was knocked offline during a time of political crisis.
Such a quick evolution suggests that cyber attacks will play a lead role in future international con-flicts. However, preparing for cyber warfare is not easy. The intangible nature of cyberspace can make the calculation of victory, defeat, and battle damage a highly subjective undertaking. Amaz-ingly, even knowing whether one is under attack can be a challenge. Much information lies outside the public domain, there have been no wars between two first-class militaries in the Internet era, and the ignorance of many organizations regarding the state of their own cyber se-curity is alarming.
In summary, the Internet has changed almost all aspects of human life, to include the nature of warfare. Every political and military conflict now has a cyber dimension, whose size and impact are difficult to predict. The ubiquitous nature and amplifying power of the Internet mean that future victories in cyberspace could translate into victories on the ground. National critical infra-structures, as they are increasingly connected to the Internet, will be natural targets during times of war. Therefore, nation-states will likely feel compelled to invest in cyber warfare as a means of defending their homeland and as a way to project national power. As a consequence, national security planners have no time to waste in reevaluating all aspects of international conflict, including the Geneva and Hague conventions, Just War theory, and much more.
The full article was first published in Common Defence Quarterly, Spring 2010 issue.
Estonia on the virtual battlefield
Nations across the globe are arming to prepare for cyber conflicts. For years now U.S. experts have warned against the “electronic Pearl Harbour”, “digital 9/11” or “Cybergeddon”. Estonia was the first NATO member to be hit by a digital attack. In spring 2007 Estonian banks, public organisations and political parties suffered an intense online fusillade for three weeks. Estonia became the first battlefield of cyber war. The use of the term “war” in this context has been dubious from the start as there were no casualties. However, the onslaught against Estonia has made it clear that virtual attacks can also have devastating consequences in the physical world. The Internet has become a virtual battleground reflecting the conflicts in the real world. The Western intelligence and military are convinced that the enemy – much like in the days of the Cold War – is in the East, Russia and China. (Der Spiegel, 7/2009)
NATO officials say their computers are under constant attack from organisations and individuals bent on trying to hack into their secrets. The attacks keep coming despite the implementation of a cyber defence policy set up after a wave of cyber attacks on Estonia in 2007. The attacks recently hit Georgia, too. Cyber attacks are not new – web traffic was jammed during the Kosovo war 10 years ago. But when Estonia came under cyber attack in 2007, the alliance realised it needed a proper cyber defence policy and fast. (BBC News, 3.2)
Estonia recently suffered the largest political cyber-attack ever seen on EU soil. Now the government is organising an EU ministerial meeting on the protection of vital infrastructure against cybercrime. On 27 April 2007, officials in Estonia relocated a Soviet-era war memorial. The move incited rioting by ethnic Russians and the blockade of the Estonian embassy in Moscow. It also started an extensive attack on Estonian national websites. The Estonian cyber war set the global community on alert, with NATO promising to protect its member state from a new and little-understood threat. What is first needed appears to be a Europe-wide debate on the threat. Next, the Commission and EU member states must define appropriate guidelines and promote them at the global level. (EurActiv.com, 9.4)
Members of the Kremlin-backed youth movement Nashe have claimed responsibility for the April 2007 cyber attacks against Estonia. Estonian officials said the attacks originated in Russia; the latter has consistently denied any involvement. Now, however, Konstantin Goloskokov, a “commissar” in the youth group Nashe, said that he and some associates are behind the attack. It is the first time anyone has claimed responsibility for launching a cyber attack. According to Goloskokov they did not do anything illegal, just visited the various internet sites, over and over, until they stopped working. He denied acting on the orders of the Russian government; saying the youngsters acted based on their own initiative. (FT, 11.3)
Estonia and the U.S. are involved also in cyber co-operation. In the photo: foreign minister Urmas Paet and U.S. Secretary of State Hillary Clinton.
© Valge Maja
The European Commission is planning to impose harsher penalties for cybercrimes. Large-scale attacks in Estonia and Lithuania in recent years have highlighted the need for a stronger stance on cybercrime. Estonia, Lithuania, France and the UK also have longer sentences for such crime, and the European Commission is looking to harmonise practice across the member states. Barack Obama has declared cybercrime to be a priority. In addition to stronger laws, the EU is looking to set up a system through which member states can contact each other quickly to notify one another of attacks. That would help to build a picture of the scope of cybercrime. (FT, 15.6)
Citizens’ awareness and K5 provide cyber defence for Estonia
NATO is only just beginning to recognise that the Internet has become a new battleground that also requires a military strategy. To counter such threats, a group of NATO members, including the U.S. and Germany, last year established a cyber defence centre in Tallinn. The 30 staffers at the Cooperative Cyber Defence Centre of Excellence analyse emerging viruses and other threats and pass on alerts to sponsoring NATO governments. Experts on military, technology, law and science are wrestling with such questions as: what qualifies as a cyber “attack” on a NATO member, and so triggers the obligation of alliance members to rush to its defence; how can the alliance defend itself in cyberspace? Answers to these questions are strikingly different: Washington creates new funds for cyber defences; Estonia is aiming to create a nation of citizens alert and wise to online threats. The choice of Estonia as the home to NATO’s new cyber war brain trust is not accidental. In 2007 Estonia suddenly found itself in the midst of cyber attacks. The fact that this happened in “E-stonia,” a proud digital society, was eye-opening. The trick, from NATO’s standpoint, is figuring out whether the attack was just hacker mischief or a military matter. Back in 2007, Estonia’s minister of defence stated that the attacks cannot be treated as hooliganism, but as an attack against the state. But no troops crossed Estonia’s borders, and there was nothing that could be regarded as a conventional conflict. The U.S. clearly wants to take a military strategy approach. Estonia, on the other hand, prefers to demilitarise the issue by educating citizens on how to identify risks and promote a culture of cyber security, starting with schoolchildren. The Estonians have the right idea. A society of savvy citizens is the best defence. (Newsweek, 18.4)
Signing the co-operation agreement of opening NATO’s Cooperative Cyber Defence Centre of Excellence, Brussels 14.05.2008.
© Kaitseväe Peastaap
A few years ago, the idea of hackers bringing the world to the brink of catastrophe was just a fun Hollywood plotline. Now, cyber-attacks are on the rise and NATO’s top computer experts have gathered in a military base in Estonia to prepare cyber war defences. The Tallinn-based establishment carries the official name of Cooperative Cyber Defence Centre of Excellence, but is usually referred to by the code name K5. K5 is where the alliance’s top computer experts - high-ranking researchers, academics and security specialists - work in teams to analyse potential cyber threats and predict exactly how NATO will fight virtual wars in the future. Rain Ottis in the Cooperative Cyber Defence Centre of Excellence is a serious-looking Estonian computer scientist who speaks flawless English. His solution to avoid future cyber attacks is a gigantic counter-strike that cripples the target and warns anyone else off launching a cyber war. Ottis thinks that a severe cyber war can be compared to a nuclear attack. Nuclear weapons do a lot more damage in a physical sense, but a cyber-weapon could have global consequences, he says. Inside NATO’s cyber defence HQ in Estonia, the day-to-day business largely involves people staring at computer screens. 30 experts stationed here are tasked with gathering and processing information, enabling scientists to simulate possible responses to cyber-attacks. (The Guardian, 16.4)
NATO’s Cyber Defence Centre in Tallinn has been up and running for a few months. It is the front line of NATO’s work on avoiding future cyber attacks. Virtual wars are drafted and simulated in the centre. It is an ongoing manoeuvre without a single soldier making a move on the battlefield. Do they mean business or is this just plain fun? What is war, or peace? The boundaries get blurred in cyberspace. Why is the centre located in Estonia? After gaining independence, the Baltic nations put an emphasis on information technology. It was done with such enthusiasm that the nation’s economic, political and cultural life depends on the Internet to the extreme. Estonians experienced the consequences first hand as their computers suddenly became inoperable in 2007. (Die Welt, 23.4)
In a twist of history, the cyber war that was supposed to cause permanent damage has instead helped put the country on the map and boosted its high-tech industrial sector. The attacks in spring 2007 were serious but not completely disastrous, and many people were impressed by tiny Estonia’s ability to stand up to such a massive onslaught. Unwittingly, the cyber-criminals had provided an ideal showcase for the Baltic state’s online capabilities. Estonia earned the reputation of an e-nation thanks to its scheme to introduce e-government, open an online embassy, and even install parking meters paid via text messages. Tallinn became the venue for a high-level EU conference to decide the bloc’s future cyber security strategy. Now a pan-European cyber defence exercise is planned for 2010 to test the EU’s cyber defence capability. Several EU member countries already run simulated attacks on a national level, but the pan-European cyber-war-game would be a first. (Earth Times, 30.4)
Experts from seven states - Estonia, Latvia, Lithuania, Germany, Spain, Italy and the Slovak Republic – work together in the CCDCOE. Turkey, Hungary and the U.S. have expressed interest in joining CCDCOE.
© CCDCOE
Given the frequent use of the term “cyber war”, one would think that a working definition has been settled on. Yet it is a hard problem, experts said at the Cooperative Cyber Defence Centre of Excellence Conference on Cyber Warfare. Johannes Kert, an advisor to the Minister of Defence for Estonia, finds that according to the traditional mindset only hooligans and criminals use Internet attacks, but the last couple of years indicate that it is a politically motivated activity. The Centre intends to create a lexicon of cyber definitions as quickly as possible, according to Kenneth Geers, the conference organiser. (Security Focus, 17.6)
There is still no political decision by Finland on involvement in the projects of NATO’s Cyber Defence Centre in Estonia. The head of the Cyber Defence Centre, Colonel Lieutenant Ilmar Tamm, emphasises that due to high IT competence the Finns have a lot to offer. Colonel Ilkka Korkiamäki from the HQ of the Finnish Defence Forces says that once the political decision is there, the Defence Forces are ready to participate, given the Finns also benefit from it. Agreeing on common standards of cyber security is yet another crucial aspect. “Finland and Estonia participate in several NATO operations, thus compatibility should be worked on”. Experts from several NATO member countries staff the Cyber Defence Centre in Tallinn. The centre carries an important meaning for NATO as the alliance considers cyber war to be one of the biggest threats of tomorrow. (Aamulehti, 8.6)
K5 Director Ilmar Tamm
© CCDCOE
