Year 2014 has begun and it has brought a new projects and tasks for the NATO Cooperative Cyber Defence Centre of Excellence. Since our work is conducted in an annual cycle with projects at hand usually not spanning over more than 12 months, it is worth to take a look at the main priorities and key products of this year.
Active Cyber Defence
One of the rising trends in cyber is definitely the concept of active defence which will run as a common thread in many activities we have planned for this year. For one we chose this as the topic for our this year’s CyCon conference (3-6 June in Tallinn). In addition to inviting numerous experts and entities to share their thoughts on the topic we will also be presenting, in a form of a workshop, the results of our study on legal and technical aspects of active cyber defence. The study will be partly technical and partly legal, making the best of Centre’s interdisciplinary approach to research. The first part of the study will offer an insight into active defence measures whilst the second part tries to offer a common legal framework for active tracing of attack activities as well as for conducting responsive countermeasures. The study will be published in June this year.
Practice Makes Perfect
Training the people to enhance their defence skills is definitely a key for successful future which is why the Centre is offering a variety of courses. Although most of these are targeted to technical or legal experts we are also offering basic awareness courses to educate the average users in their everyday computer matters. One of those courses is available as an e-course on the NATO e-Learning Joint Advanced Distributed Learning portal and we would strongly advise everyone to have a look and test their knowledge in IT security.
However, the best training opportunity is the annual technical cyber defence exercise Locked Shields. Planned for May, it will put 12 defending teams against one big attacking team in an elaborate scenario and specially built virtual environment. Involving more than 250 people, 17 nations, military, industry and volunteers from the Estonian Defence League’s Cyber Unit, it is a unique cyber defence exercise that encourages cooperation while also comparing the effectiveness of the participating teams. NATO’s team consisting of NCIRC members was declared winner last year but other teams will surely be eager to claim the title this year.
To give the exercise a boost in the coming years we are planning to run a Penetration Testers Workshop where we could test the concept of the new technical exercise planned for 2015 and also strengthen the red-team capability for Locked Shields. Good red-team skills are vital for the execution of the exercise since the defenders need a challenge only a good attacker can offer.
Since the interest in the exercises is growing each year we have also decided to put together a technical manual which will give step by step guidelines on how to build a virtual infrastructure with enough hardware resources to run a cyber defence exercise. Expected to be published in the end of this year, the manual will help to share the know-how we have gathered over the years.
Supporting the Allies
Our Locked Shields exercise is designed with mostly IT security experts in mind but there are several other exercises organised by NATO and we continue to support many of these. Most notably NATO organises Cyber Coalition, a multi-layered exercise which aims to train technical and operational skills and procedures as well as decision-making processes and collaboration among NATO and national bodies. We have helped to plan, develop and execute Cyber Coalition since 2009 and we are proud to do it again this year. In addition we will be supporting NATO interoperability testing and operational-level military headquarters training via CWIX 2014 and the TRIDENT JAGUAR and JUNCTURE exercise series.
Economy and Cyber
When looking at the planned research for this year then one important question in the continuing times of austerity is the economic aspects of national cyber security strategies. One of our research projects for 2014 aims to offer a practical reference material for the nations to help them keep track of the government sector’s spending on cyber security. It is necessary to understand which sectors are the most resource-consuming and how they all relate to the success rate of raising the level of national cyber security. We are hoping this research will be an eye-opener for the governments and allow a review of fund-allocation keeping in mind the most critical vulnerabilities. A workshop on the matters will be organised late spring and the outcome of the research will be published in the end of the year.
Another important issue we are researching on is one of the least explored areas of cyber vulnerabilities – nations’ dependencies on critical information infrastructure which is located outside of their national territory. These cross-border dependencies create an additional vulnerability and source of instability even for countries that have addressed these problems domestically. A simple example would be an attack on communications infrastructure in country A which also disables banking or even power supply in country B. The research will include a review of studies done on the topic so far and a survey of the Allies’ current situation on the topic. The research is expected to be published in the end of the year.
Continued Research on the International Law
In 2013, the long-awaited publication of the Tallinn Manual on the International Law Applicable to Cyber Warfare caught the attention of international media, nations as well as the legal and IT security communities. It is a landmark study that discusses how international law governs the most destructive and disruptive cyber operations. However, already before the book’s official completion we had launched the Tallinn Manual’s follow-on project, Tallinn 2.0, which examines the international law regulating hostile cyber operations of a lesser gravity. The project will result in the second, expanded edition of the Tallinn Manual in 2016.
To pass on the findings and thoughts from the Tallinn Manual we are continuing with the International Law of Cyber Operations Courses which give an in-depth overview of the application of the jus ad bellum and international humanitarian law to cyber operations. Course participants will have the opportunity to apply the acquired legal and technical knowledge in practical exercises. The course will take place twice this year, once in Tallinn right after CyCon and once in NATO School Oberammergau in July.
The year 2014 promises to be a busy one for the Centre and we hope to deliver high level research and training to further support the cyber defence efforts of NATO and its Allies.