Escolar Documentos
Profissional Documentos
Cultura Documentos
Abstract: Cyber security became a matter of interest and global importance once with
the globalization of communications networks, infrastructures component of information
technologies, as well as economic, political and military systems increasingly using cyber
systems in the decisional-making processes. Cyberspace is the new field of war that lately
joined the traditional arenas of battle, meaning land, maritime, air and space. In the
framework of the North-Atlantic Treaty Organization (NATO) Summit in Wales (September 4,
2014), the Enhanced NATO Policy on Cyber Defence was adopted; it rises cyber defence to
the level of strategic component of NATO concept of collective defence.
Starting from these aspects, our scientific initiative has as goal to present structures and
main trends on cyber defence within NATO.
Introduction
1
Cyber defence, 27 iulie 2016, available online at: http://www.nato.int/cps/en/natohq/topics_78170.htm accesed
on 05.09.2016.
323
The evolution of cyber defence concepts in the NATO framework are strongly
influenced by the nations disposing of technological advantages of own defence industries as
the United States of America, the United Kingdom or France.
Thus the diverse approaches, from the one centred on the origin and characteristic of
the attacker or oriented on the concept of critical infrastructure specific for the US, the one
oriented on combating hybrid threats and the concept of cyber defence organizing based on
flexible command structures „Cyber Future Force”2 type focused on the achievement of
immediate tactical objectives subordinated to the tactical component responsible of the
objective – characteristic of cyber defence of British Armed Forces -, or France’s approach
constructing a core authority – National Agency for the Security of Informational Systems
(Agence Nationale pour la Sécurité des Systèmes d’Information)3, subordinated to the General
Secretary for Security and Defence, all of those determined the concomitant apparition in
NATO of some structures for cyber defence which although in theory can seem contradictory,
practise proved their efficiency. For example, we mention the implementation to the level of
NATO Computer Incident Response Capability – NCIRC4 of “Cyber Red Team”5 concept,
deriving from the British cyber defence strategy and defined by the British Ministry of
Defence as “…a team formed with the objective to submit to an organization plans,
programs, ideas and hypothesis for thorough analysis and to challenge … will offer to the
end-users (commandant, leader or manager) with an initial value more robust for decision
making”6 and migrating to “Cyber Rangers”7, characteristic to US Department of Defence.
If the operations of a “Red Team” are characterized by penetration actions against
some ICT infrastructures and associates together the same field of production and operation
on each ICT system, by contrast the operations of a “Cyber Rangers” team defined by DOD
as “…testing, evaluation of concepts, policies and technologies in the cyberspace…”8, is
based on building some simulated environments where actions of the adversaries are mimed
and attacks are virtually executed.
Although both teams are multidisciplinary and have similar structures, the first have
only mobile capabilities and the latter are fixed and often organized around some laboratories.
Still the practice have shown that by cooperation in the framework of a tactical operation of
the both types of teams, the added intelligence value is extremely valuable, the concept of
2
House of Commons - Defence Committee - Sixth Report of Session 2012–13, Published on 9 January 2013 by
Authority of the House of Commons London: The Stationery Office Limited, available online at:
http://www.publications.parliament.uk/pa/cm201213/cmselect/cmdfence/106/106.pdf, accessed on 05.06.2016.
3
Patrice Tromparent, French Cyberdefence Policy, Delegation for Strategic Affairs Ministry of Defense Paris,
France presentation for 2012 4th International Conference on Cyber Conflict, available online at:
https://ccdcoe.org/cycon/2012/proceedings/d2r3s2_tromparent.pdf, accessed on 05.06.2016.
4
NATO Wales Summit Guide, available online at: http://www.nato.int/nato_static_fl2014/assets/pdf/
pdf_publications/20141008_140108SummitGuideWales2014-eng.pdf accessed on la 05.06.2016..
5
UK Ministry of Defence, Red Teaming Guide, dated January 2013 - The Development, Concepts and Doctrine,
Centre Shrivenham SWINDON, Wiltshire, SN6 8RF, available online at: https://www.gov.uk/
government/uploads/system/uploads/attachment_data/file/142533/20130301_red_teaming_ed2.pdf, accessed on
05.06.2016.
6
Ibidem, p. 9.
7
Todd Arnlod, Rob Harrison, Gregory Conti, Professionalizing the Army’s Cyber Officer Force, United States
Military Academy, West Point NY 10996, available online at: http://www.westpoint.edu/acc/SiteAssets/
SitePages/Reports/PACOF.pdf, accessed on 05.06.2016.
8
Department of Defense Strategy for Operating in Cyberspace, US DoD, 2011, available online at:
http://csrc.nist.gov/groups/SMA/ispab/documents/DOD-Strategy-for-Operating-in-Cyberspace.pdf, accessed on
05.06.2016.
324
these mixed teams, called “NATO Rapid Reaction Team”9 is more used in the late decade of
years.
Diversity of cyber capabilities uses represents one of the great challenges NATO has
in defining its role in cyber defence. Thus, NATO strategists identified two categories of
cyber attacks where the organization can have determinant role10:
1. Cyber espionage indifferently is executed on the operational or strategic levels, can
compromise ICT systems confidentiality, and also the confidentiality of systems for
information collecting, thus revealing military secrets and sensitive information to the
adversaries.
2. Sabotage done by cyber means or with dominant cyber component can have
important physical effects, particularly when systems of weapons, military decision-making
systems, logistical systems or telecommunications systems are aimed and such are damaged
including decisional command and control, but also civil systems as the critical
infrastructures.
Along with the protection of own ICT infrastructures, NATO is the organization
granting particular concern to the personnel cyber protection, to all the levels and in all fields.
In the late years, following the analysis of the attacks over the NATO critical infrastructures,
the social engineering component of the “Advanced Persistent Threat - APT11 particularly
regarded NATO personnel, by trials to involve it in extortion of money or different frauds for
financial gains, as preliminary phase in undergoing above mentioned types of attacks.
The analysis of cyber incidents on diverse NATO structures lead to two conclusions:
1. Until now, the most dangerous adversaries of NATO in the cyber field are the nation
states; although in the last year there were identified a series of attacks presumed to come
from the hackers groups sympathisers of ISIS12, they have not the intended success. Such,
although intelligence systems reported in the late years that despite the increase of offensive
capacity in the organized crime networks which could be used in the future by non-state
actors as terrorists, private organizations specialized in extremely sophisticated espionage acts
and sabotage in the cyber field, they need capacities, a level of knowledge and understanding
of NATO technical systems and a determination generated by a report cost – benefit to the
level of a nation-state.
2. Until now, although over NATO infrastructures there were not produced kinetic or
physical damages determined by terrorist actions with major cyber component, cyber attacks
technology evolves continuously, component elements of cost – benefit analysis become
increasingly complicated and reactive to the change of international security environment,
thus terrorist attacks with determinant cyber component remain serious threat against
information security or even against NATO communications infrastructure.
These conclusions, along with the analysis of attacks against public and private
infrastructure of Estonia in May 2007, determined the defence ministers of the allied countries
that in the meeting in June 2007 from Brussels to adopt a series of measures in order to grow
the cyber resilience of NATO structures as a whole on three main directions of activity.
9
NATO Rapid Reaction Team to fight cyber attack, 13 martie 2012, available online at: http://www.nato.int/
cps/en/natolive/news_85161.htm, accessed on 05.06.2016.
10
Cezar Vasilescu, Cyber Attacks: Emerging Threats to the 21st Century Critical Information Infrastructures,
aprilie 2012, available online at: http://www.defenceandstrategy.eu/filemanager/files/file.php?file=73464
accessed on 05.06.2016.
11
Defence Against Terrorism Review, Vol. 3, No. 2, Fall 2010, COE-DAT, pp. 23-36, available online at:
http://www.coedat.nato.int/publication/datr/volume6/03How_Cyberterrorists_Could_Be_Living_Inside_Your_S
ystems.pdf, accessed on 05.06.2016.
12
Benjamin Runkle, Is the Islamic State a Cyber Threat?, 9 septembrie 2015, available online at:
http://warontherocks.com/2015/09/is-the-islamic-state-a-cyber-threat/, accessed on 05.06.2016.
325
The first direction of research: coordination and assistance for cyber defence is in this
moment implemented by military, political and technical authorities of NATO concomitantly
with the ones implemented by component nations and based on experience and expertise of
component nations with technological advantages. An important aspect of this direction was
the settlement of Cyber Defence Management Authority – CDMA13, with exclusive missions
to coordinate cyber defence in the whole Alliance, this body being coordinated by the Council
of Management Authority for Cyber Defence that comprises political, military, operational
and technical NATO leaders with responsibilities in the cyber defence field.
The second direction of research: CDMA represents the most important organization
of NATO offering advice to the North Atlantic Council and to the member states in strategic
issues related to the cyber defence.
The third direction of research: before the attacks in Estonia in 2007, NATO cyber
defence efforts greatly focused on the protection of communication systems owned and
operated by the Alliance. Following the attacks in Estonia, there was shown that a massive
attack over the critical infrastructure of a member state nor only can imply an Article 5 type
reaction but can also disturb the logistical and operational flows of the Alliance and these
concluding in the extension of NATO defence focus to the national level, on the combating
and also prevention components. Although until now in all the strategic documents of the
Alliance is underlined that the allies themselves have main responsibility for the security of
their own ICT systems and their information, on the core level of NATO, there were
developed assistance mechanisms for the allies requesting support to protect their ICT
systems, including when cyber attacks occur, by the intervention of Rapid Reaction Team –
RRT14 composed by maximum 6 national or NATO experts, as the type or characteristics of
the missions require.
As concerns the research/development and training direction of specialized personnel
in the cyber defence field in Tallinn a centre of research was established in 2003 and in 2008
gained NATO accreditation as excellence centre and was named NATO Excellence Centre for
Cooperation in Cyber Defence – CCDCOE, which nowadays has research/development
attributions but also training attributions for NATO or sponsor nations personnel (Czech
Republic, Estonia, France, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Holland,
Poland, Slovakia, Spain, Turkey, United Kingdom of Great Britain and United States of
America).
In the middle of 2002 year, the implementation of Cyber Defence Program was
approved by the North-Atlantic Council and afterwards was implemented in three phases:
2003-2006 - NCIRC request and operating and settlement of its provisory operation
capabilities; 2006-2012 – bringing to optimum operational level to NCIRC at the end of 2012;
2012-present – identification of requirements and resources necessary to attenuate and
eliminate vulnerabilities in the cyber field, regarding to include CDMA in the development by
the specialized industrial sectors of the component countries of some technologies to be
available on all the security space of NATO.
Besides CCDCOE and CDMA, NATO Communications and Information Systems
Services Agency – NCSA15 is responsible to protect communication systems with four main
tasks: ICT support for NATO operations: ICT support for NATO exercises; ICT support for
NATO Major Staffs; to provide support for the implementation of new ICT systems and
13
173 DSCFC 09 E BIS - NATO and Cyber Defence, available online at: http://www.nato
pa.int/default.asp?SHORTCUT=1782, accessed on 05.06.2016.
14
Men in black – NATO’s cybermen, 24 aprilie 2015, available online at: http://www.nato.int/cps/en/natolive/
news_118855.htm, accessed on 05.06.2016.
15
Connecting Forces, NATO Communications and Information Agency, available online at:
https://www.ncia.nato.int/About/Pages/About-the-NCI-Agency.aspx, accessed on 05.06.2016.
326
projects at the Alliance level. The functional structure of NATO cyber defence capabilities is
illustrated in Figure no. 1.
Supplementary, NCIRC has the responsibility to evaluate NATO security networks, to
detect and to response by countermeasures to any cyber attack over a NATO infrastructure or
associated to it; „NCIRC experts have the missions to support system administrators to block
the informatics attacks, to limit their deterioration and to fix software errors classified as
vulnerabilities and making possible such kind of attacks”16.
In this structure, CDMA is the single authority on the defence against cyber attacks,
being responsible of the initiation and coordination of each effort, but the NATO cyber
defence actions between the members and external organizations take place in CDCSC. On
the other hand, NCIRC is the department with technical and operational capabilities of
intervention and is responsible for the development, implementation and maintenance of
cyber defence services of the Alliance.
327
accomplish not only because of political aspects but also because of technological or social
aspects existing conceptual and technological discrepancies in the ICT infrastructure building
among the member states of the Alliance, as is, for example, the difference in approach of
USA, Germany and France. Another aspect with negative impact over the implementation of
common defence principle in the ICT infrastructures area is that despite some political or
diplomatic declaration inside the Alliance, the component states use for their cyber protection
information, technologies and capabilities that creates them a strategic advantage and many
times they prefer to keep these capabilities classified from any other else and, secondly, the
decision making factors are afraid of revealing these capabilities to a potential enemy can
become vulnerable in front of a potential attack. On the other hand, the NATO partnership
policy with the defence industry and the integration in the defence flow of the academic
environment of the member states, promoted in the late decade, brought significant
enhancements not only to the used technologies but also as regards the training of specialists
in cyber security, which in the end lead to the creation of a level of trust between the defence
industry and the structures of the Alliance with responsibilities in the cyber defence field.
19
What is Transformation? - An Introduction to Allied Command Transformation, NATO UNCLASSIFIED –
PUBLICLY DISCLOSED, January 2015, available online at: http://www.ieee.es/Galerias/fichero/Otras
Publicaciones/Internacional/2015/NATO_Introduction_AlliedCommand_Transformation_Jan2015.pdf, accessed
on 05.06.2016.
20
Myriam Dunn Cavelty, Cyber-Allies, Strengths and weaknesses of NATO’s cyberdefense posture, ETH Zurich
- Center for Security Studies, February 2012, available online at: http://papers.ssrn.com/sol3/
Delivery.cfm/SSRN_ID1997153_code1782288.pdf?abstractid=1997153&mirid=1, accessed on 05.06.2016.
328
Another major challenge that will influence in the future how NATO capabilities
develops is the issue of the gap existing between the smaller and greater nations, the latest
aiming to enlarge NATO role in certain specific problems. In the cyberspace this phenomenon
manifests by the will of smaller countries with limited resources to benefit from NATO
defensive cyber capacities and even to extend them, but countries as US, UK, France and
Germany owed to the fact they invest great deal of money in own systems of cyber defence
field, and therefore are reluctant to redirect money in NATO missions and projects doubling
the already existing capacities.
The debate on the balance of tasks in NATO, although overcome the cyber defence
framework will be in the future the most influential element owed to the dynamics of stability
the Alliance has to confront as well because of growth of cyber component in the global
threats of security, and thus owed to this unbalance, the Alliance risks to become “a
multilevel organization wherein only part of the members have cyber capabilities of battle
and want to use them”21.
Conclusions
Although cyber attacks were considered to be asymmetric threats since the Riga
Summit in 2006, hardly following the attacks over Estonia in 2007 NATO achieved the fact
that “cyber war, as is often called, refers inclusively to a campaign supported by cyber
operations concerted against IT infrastructures of target-state, and this leads to the mass-
destruction of websites by using spam and malware infections”22.
In the late decade, NATO became an organization actively contributing in all the
spaces to the global security, standing mainly as an alliance with Euro-Atlantic vocation
and maintaining unchanged the collective defence principle, stipulated in the Article 5
provisions of North-Atlantic Treaty. As a political-military organization, it bases its activity
on a strategic concept made up by a structure of doctrinaire ideas and a mechanism defining
the goals and means of their achievement for defined periods of time.
BIBLIOGRAPHY:
1. Döge, Jenny, Cyber Warfare, Challenges for the Applicability of the Traditional
Laws of War Regime, Archiv des Völkerrechts, volume 48, number 4, December
2010.
2. http://www.publications.parliament.uk/pa/cm201213/cmselect/cmdfence/106/106.
pdf
3. https://ccdcoe.org/cycon/2012/proceedings/d2r3s2_tromparent.pdf
4. http://www.nato.int/nato_static_fl2014/assets/pdf/pdf_publications/20141008_140
108SummitGuideWales2014-eng.pdf
5. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/142
533/20130301_red_teaming_ed2.pdf
6. http://www.westpoint.edu/acc/SiteAssets/SitePages/Reports/PACOF.pdf
7. http://csrc.nist.gov/groups/SMA/ispab/documents/DOD-Strategy-for-Operating-
in-Cyberspace.pdf
21
Transcript of Defense Secretary Gates’s Speech on NATO’s Future, Brussels, June 2011, available online at:
http://blogs.wsj.com/washwire/2011/06/10/transcript-of-defense-secretary-gatess-speech-on-natos-future/,
accessed on 05.06.2016.
22
Döge, Jenny, Cyber Warfare, Challenges for the Applicability of the Traditional Laws of War Regime,
Archive des Völkerrechts, Volume 48, Number 4, December 2010, p. 489.
329
8. http://www.nato.int/cps/en/natolive/news_85161.htm
9. http://www.defenceandstrategy.eu/filemanager/files/file.php?file=73464
10. http://www.coedat.nato.int/publication/datr/volume6/03How_Cyberterrorists_Cou
ld_Be_Living_Inside_Your_Systems.pd
11. http://warontherocks.com/2015/09/is-the-islamic-state-a-cyber-threat/
12. http://www.nato pa.int/default.asp?SHORTCUT=1782
13. http://www.nato.int/cps/en/natolive/news_118855.htm
14. https://www.ncia.nato.int/About/Pages/About-the-NCI-Agency.aspx ,
http://www.cepolicy.org/sites/cepolicy.org/files/attachments/08_-
_tpb_cyber_terlikowski_vyskoc11.pdf
15. https://info.publicintelligence.net/NATO-COPD.pdf,
16. http://breakingdefense.com/2014/08/natos-september-summit-must-confront-
cyber-threats/,
17. http://www.ieee.es/Galerias/fichero/OtrasPublicaciones/Internacional/2015/NAT
O_Introduction_AlliedCommand_Transformation_Jan2015.pdf
18. http://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID1997153_code1782288.pdf?ab
stractid=1997153&mirid=1
19. http://blogs.wsj.com/washwire/2011/06/10/transcript-of-defense-secretary-gatess-
speech-on-natos-future/.
330