Home  /  Newsroom  /  Insights  /  Cyberspace risks and challenges to NATO / EU

Cyberspace risks and challenges to NATO / EU

Cyberspace is the only manmade domain. In this domain, scores of things are extremely interconnected: it consists of the Internet, interdependent networks, the Internet of Things (IoT), and an innumerable quantity of related devices covering a myriad of different purposes. It offers the capability of remote actions such as assistance, maintenance, control, decision making, problem solving etc. All of this spells out why the possibility of attacking through a new kind of threat may arrive at any time from any part of the world. An attack can take place within routers, provider’s routers, personal computers, laptops, servers, printers, cameras, mobile devices, etc. The potential area for attack grows every day and, although cyber warfare is currently limited to information networks and network-attached systems, the situation could develop unpredictably. Thus, new technologies such as Quantum Computing,  Blockchains,  Artificial Intelligence, Big Data, Human Assisted Machine Learning and 5/6G will change our way of thinking not only about cyber defence, but also our approach to human life.  To effectively react to these new threats, passive measures of defence (e.g. firewalls, intrusion detection systems, antivirus, antimalware, etc.) are important, but they must be complemented by active measures, such as: intelligence, network monitoring, red vs blue team assessment, threat hunting, adapting procedures to the threat, and lessons learned. It is necessary to adopt “in depth” defence, which is defence using layered and overlapping technologies to monitor, detect and defend networks and all their end-points. At the same time it is necessary to analyse the techniques and tactics used by adversaries, develop signatures and indicators of compromise that match the patterns that are unique to a particular attack. An attacker wants to gain access, remain in the system and execute his/her malicious code. Digital forensics is effective and helps a lot but it is time consuming; the solution comes with smart information triage to effectively guide defence. These complex topics, with the associated risks particularly to NATO and the EU, and the main challenges that need to be faced when conducting operations in or through cyberspace were discussed during the NATO Rapid Deployable Corps Italy (NRDC-ITA) International Cyber Seminar held online on 15^th June 2022. The event saw the participation of academics, and military and civilian personnel working in the cyber domain and it stimulated some important discussions driven by real events from the current conflict in Ukraine used as case studies. In accordance with the seminar agenda, Mr. Mario BECCIA, Deputy Chief Information Officer for cybersecurity at NATO HQ, presented cyberspace domain challenges in the context of modern warfare; OF5 Julien MERMILLON, Head Operational Planning at NATO SHAPE Cyber Operations Centre (CyOC), discussed the challenges for planning and managing cyberspace operations at operational level; OF4 Fabio BIONDI,  Cyber Ops Researcher at the NATO Cyberspace Centre of Excellence, addressed the common patterns detected within the adversary’s cyberspace operations; and Professor Stefano ZANERO, Polytechnic of Milan, presented a speech about cyberspace war through a series of retrospectives.

In the light of this fruitful event, it is worth recapping a few points to identify some takeaways and pave the way for the next edition. First of all, the seminar addressed the role of industry in the modern era.  It was highlighted that although cyberspace is not fully owned, managed and governed by anyone, a large number of commercial entities have a primary role in it, with governments barely having loose control over them. The accelerated pace seen in the current conflict in Ukraine, where part of the targeting has been done with an Uber-like application for smartphones - that when compared to conventional systems and tools, although rudimentary, seems significantly quicker - stresses how the  combination of the precision of new technologies (e.g. drones or smartphone applications) together with intelligence offer the possibility to exploit new capabilities and opportunities, generating a game changer in the military field that could also challenge the Alliance’s security. Another interesting topic was the unceasing development seen in sub-threshold activities. Sub-threshold activities are actions/operations in cyberspace that make it possible to achieve a perpetrator’s goal without triggering any armed response from the State/victim. However, although such activities are engineered to stay below the threshold of an armed conflict, they are considered to be “the noise” of cyberspace activities. Additionally, not only has there been a huge increase in the number of such activities, but also the frontier of such operations is always being pushed further. A third point worth mentioning is the critical importance that conducting Defensive Cyberspace Operations (DCO) retains, although NATO is working around the clock to develop its capabilities in the conduct of Offensive Cyberspace Operations (OCO). At present, DCOs are no longer pure defence of own networks but require, without doubt, a profound analysis of Mission Vital Infrastructure (MVI) and their dependencies on cyberspace.  What seems to be an already well-addressed capacity ¬- the conduct of DCOs - actually comes with some difficulties due to the disproportionate ratio between the high demand for cyber assets and the low-density/availability of resources; moreover, this is exacerbated by the challenges encountered by operational commands that own the physical battlespace but not the virtual one. 

The cyber domain is definitely a domain of war. It is used by State and non-State actors to conduct cyber-attacks in the context of military operations. So, when considering the growing importance of cyberspace, with reference to cyberwarfare, we need to change our mind and start thinking of “operations security” rather than “communications security”. Modern military forces rely heavily on enabling systems for logistics and C2: the integration of continuously developing technology will increase the importance of cyberspace and its associated risks.  In the short term, OCO will also be integrated into joint operations, requiring the development of new TTPs which will constitute alternate and modern means for all Commanders.  The current war on Europe's eastern flank offers on-the-ground proof that cyber “assaults” will be increasingly part of future armed conflicts. In fact, Moscow increased its reconnaissance of potential Ukrainian targets for cyber- attacks a year before the 24th February invasion. In this time, Russia had already placed malware on Kyiv’s financial sector, energy infrastructure and governmental functions to pressure Ukraine to fall in line. Even before the first Russian tank entered Ukraine, hackers launched “WhisperGate” malware against around 70 Ukrainian government sites, followed by a Distributed Denial of Service (DDoS) campaign that disrupted banks, radio stations and websites. Moscow was then suspected of being behind the “Hermetic Wiper” virus that knocked out some 300 Information Technology (IT) systems in Ukraine, while hackers targeted the VIASAT satellite operator to deactivated thousands of internet modems, including military communications. 

This brings us to an important observation: we all know that cyber-attacks have more echo in peace time (their effects cannot be compared to kinetic ones) and that they are more suited to sabotage, espionage and information warfare; however, we must not forget that the impacts of cyber-attacks are often not revealed until months or years after they are deployed. It took nearly two years before the public learned about the Stuxnet computer virus that allegedly destroyed around 1,000 of Iran's nuclear centrifuges, used to refine uranium for use in atomic weapons. The fourth topic to be pointed out is the fact that NATO must continue to educate staff at all levels of command on the capability and availability of cyber assets. A robust coordination and de-confliction mechanism is critical to the effective employment of cyber capabilities. To this end, NATO operational Commanders are requested to develop and manage relationships not just with national cyber capability providers, but also with host nations and global private sector partners. Even if the cyber domain is considered the 4th domain of war, digitalization involves both military and civilian infrastructures, pushing not only nations but also organizations to develop their own cyber security strategies. This underscores the need to expand partnerships with industry, academia and allies’ research centres to benefit from their unique insights as part of enhancing overall resilience. The final but no less important point is the fact that the insider threat continues to be a real challenge. To this regard, it is paramount to provide our troops with a good level of cyber awareness, making them aware of the risk of using modern technologies, especially mobile phones. Education, specialization and training will continue to play a significant role for all of us. In conclusion NATO has to speed up the process to integrate OCO into its operations but, at the same time, it has to keep the experience already acquired in the conduct of Defensive ones. Preparation for conducting cyber operations requires appropriate doctrine, training, cyber warriors and cyber weapons development. The cyber aspects must be exercised thoroughly and more resources must be spent in order to be ready to offer a more resilient posture and flexibility at the same time. The need to understand the process and the technique used by an attacker remains a challenge since the attacker’s imagination is the only limit on an attack. Finally, the Alliance should also consider speeding up its procurement method, especially in the Communication Information System (CIS) sector, which remains slow with respect to the development of technology. From the approval of new Capability Packages (CP) with CIS projects to the implementation of those projects, it can take 2-3 years; this means that when the technology is set up and ready to be used, it is already legacy and not fit at all for purpose. 

Story by Lieutenant Colonel (ITA Army) Giuliano MAURIZI  – NRDC-ITA