CyCon 2012, a cyber conflict conference organised by the NATO Cooperative Cyber Defence Centre of Excellence brought together 400 participants from 39 countries. The event stretched over 4 days with the workshops on the conference pre-day and the main event taking place from 6-8 June.
Opening speeches on the first day by MG Jaap Willemse from NATO ACT and Dr Rain Ottis from NATO CCD COE raised questions about offensive capabilities in cyberspace and the future of cyber conflict. Both speakers agreed that nations need red team capability to test the resiliency of their networks and organisations in a non-conventional situation. Later talks by Frédéric Dreier and Kenneth Geers confirmed the necessity since technical exercises need strong red teams to do feasible attacks against the blue teams.
Forrest Hare took a novel approach to attribution and deterrence in his speech. He suggested that in the end, attribution is a political decision not a legal concept and moreover, attribution is not always required to coerce the adversary. Technical Track also devoted fair amount of time to the attribution issue. Attribution is hard because of the nature of attacks, which tend to have several stages and the whole attack is spread over a long period of time. It is of no help either that the Internet is governed by multiple jurisdictions so international cooperation is necessary but often lacking.
Another key issue in the realm of cyber security is the transition to IPv6 which was extensively covered by Dr Latif Ladid. More and more technology gets connected to the Internet and new addressing system has to be used. This, on the other hand, brings about many new vulnerabilities and the need for increased competence in device and network designers and managers.
Technical Track also bounced news and ideas on case studies on botnets and a cyber attack case study by Symantec. Mario Golling from the Munich University summarised key trends in computer network attacks based on regular research. He emphasised that while sophistication of malware is rising, attackers need less skills to perform malicious activities. New developments that pose risks to computer security include the rise of number of smartphones, cloud computing and encryption tools used by the attackers.
Law and Policy Track covered a wide array of questions, discussing the threshold and intensity of a cyber conflict, if and when is it appropriate to exercise the Law of Armed Conflict, what is an armed attack in cyberspace, under which circumstances can a cyber attack trigger lawful self-defence measures. Professor Michael N. Schmitt introduced the work done by a group of experts with a goal to develop authoritative reference on the international law applicable to cyber conflict. The Tallinn Manual or Manual on International Law Applicable to Cyber Warfare will be published in 2013.
Professor Schmitt also gave his overview of the notion of an attack. Some of the key points he stressed was the idea that even an attack that includes delayed effects is an attack and that severity of consequences is always the key. At the same time, the notion of status of the target as the key is slowly fading away.
Popular talks in the Strategy Breakout Session discussed cyber defence through a conventional military prism, raising questions on the effects, persistence and target attributes of cyber attacks. An informative talk on cyber capabilities in Iran by Jeff Bardin packed the room full of conference participants to receive an introduction to different groups in Iran involved in hacking activities, training and education and covert operations. Keir Giles’ great talk on Russia’s stance on information warfare was another highlight of the session. One of his main conclusions was that the ideas floated by Russia in international information sphere are essentially not new but are increasingly being followed by a significant number of like-minded nations.
Last day in the Strategy Breakout Session a tabletop exercise, orchestrated by Colonel Timothy Evans from the Maryland National Guard, took place. The exercise featured a number of distinguished experts and practitioners on cyber security, (inter)national security and law. The fictitious scenario included cooperation between intelligence agencies and law enforcement agencies, international cooperation among like-minded and not so like-minded countries, attribution, internal and international crisis communication and public-private partnership.
In one of the final talks of the conference, President of Estonia Toomas Hendrik Ilves expressed his pleasure over the fact that Estonia is no longer a lone voice in discussing cyber security at the international level as there are capitals stressing the importance of the issue all over the world. However, there seems to be a lack of strategic awareness in Brussels – NATO and EU seem to be lagging behind their member states
CyCon 2012 was supported by IEEE, Cisco, Gamma International and Microsoft.
CyCon 2013 will concentrate on automated decision making systems. The call for papers will be announced in autumn 2012.