Page 1

ISSN 2294-1274

ATLANTIC TREATY ASSOCIATION

Volume 2 - Issue 5, May 2012

THE GROWING CYBER-THREAT: What role for the Transatlantic Alliance? The cyber-threat is omnipresent in our world of email-driven private and professional communication, online social media, but also computerbased critical infrastructure and not least military technologies. If we narrow the focus down to the political and military spheres, the oft-cited computer worm ‘Stuxnet’ of June 2010 is probably the most outstanding individual incident of a modern cyber-attack with a political background. This supposedly state-sponsored malware tool brought considerable damage to the Iranian nuclear facilities which are believed to serve military

53 per cent of companies believe they have experienced an attack waged with a specific political goal in mind.

purposes. The ’Stuxnet’ episode demonstrates the role

Contents:

of cyber-space as a central sphere for political, diplomatic and military disputes and confronta-

Global Pulse: Cyber-attacks: A short guide

tions of the 21st century. With the difficulty of

Marie Harbo Dahle provides an overview of important definitions and clarifications in order to

attributing a cyber-attack, national governments

structure the general debate about cyber-security and cyber-attacks. Thereby, she especially

can easily hide attacks behind private computers.

looks at the distinction between cyber-espionage and cyber-attacks as well as at current interna-

Looking at the growing and asymmetrical cyber-

tional law.

threat and the complexity of this security challenge, NATO as a military alliance, based on

NATO and the fight against the cyber-threat

Article 5 and collective defense, does not only

Emine Akcadag looks at the nature of cyber-space and the related security issues. In the main

need to constantly sophisticate and adapt its own

part of her article, she provides a detailed insight into NATO’s efforts in the field of cyber-

cyber-defense capabilities, but also to soon find

defense, triggered by the events of 9/11 and the massive cyber-attacks on Estonia in 2007. The

ways to develop a common blueprint for an Arti-

article finally calls for even stronger cooperation among NATO members in order to foster the

cle 5-type reaction to attacks in cyber-space.

fight against the cyber-threat.

Atlantic Voices, Volume 2, Issue 5

1


GLOBAL PULSE The transatlantic partnership was forged in war two generations ago and maintained for decades under the looming threat of renewed conflict. With the Alliance now at a crossroads, its future depends on the active engagement of its members’ young citizens. Committed to this endeavor, YATA is proud to partner with Atlantic Voices and help bring the opinions, analysis, and commentary of young Atlanticists to the forefront of international debate. By presenting security, economic, and diplomatic issues through the eyes of future policy and decision makers, Global Pulse aims to build a bridge between the challenges of today and the solutions of tomorrow.

Cyber-attacks: A short guide By Marie Harbo Dahle As cyber-security and cyber-attacks become part of the mainstream secu-

systems that control infrastructure, industrial processes or com-

rity debate, a brief overview of the crucial definition issues can be helpful

munication lines. If the effects are destructive enough, the at-

to keep the discourse on the right track.

tacks might trigger a proclaimed right to defensive action according to international law. Cyber-espionage, although more fre-

Cyber-espionage is not a cyber-attack – it’s merely espionage

quent, is like all forms of espionage legal under custom interna-

First, what is a cyber-attack? And what is it not? In the influential

part different debate entirely.

tional law. Although an integral element of national security, it is

‘Joint Doctrine for Information Operations’ by the U.S. Joint Chiefs of Staff, cyber-attacks are defined as ‘deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or

Cyber-attacks are subject to current international law

the information they hold’. A cyber-attack requires information

According to international law and custom, a state may respond

about a vulnerability in the target computer system, access to it,

forcefully to an armed attack against it. This right of self-defense

and the malicious software (malware) the

also holds in the case of cyber-warfare, if the

attacker wishes to insert. In the media, the

attack had effects which caused destruction

term cyber-attack is usually also used to

on the same level as a conventional strike. If

describe the espionage that businesses and

the attack falls below this threshold, yet is

government agencies are subject to every

still considered highly intrusive, it remains

day, as well as the so-called ‘distributed

unclear how a state could and should re-

denial of service’ (DDOS) attacks to dis-

spond. Once again, we are not discussing

rupt access to targeted websites. For the

incidents of espionage, but attacks with the

sake of clarity, a lot of experts now distin-

The vast majority of malware is designed to goal of disrupting or damaging systems. steal or compromise data (Photo: Foreign Policy guish between a cyber-attack and an act of Association)

cyber-espionage. The first kind aims to destroy information, while the latter seeks to extract it. When

Equal access does not mean equal

resources

information systems are destroyed the elements that they control

A common perception seems to be that because virtually anyone

might also feel the effect of the attack – and this is what we most

can access cyber-space and acquire hacking skills, distinguishing

fear in the security context. Likely targets are the computer

between state and non-state actors is nearly impossible. But

Atlantic Voices, Volume 2, Issue 5

2


equal access to cyber-space does not mean equal resources. The

cases where analysts came to different conclusions drawn from

financial resources and the intelligence capabilities available to

the same set of technical and circumstantial data.

some states usually dwarf the resources available to the average hacker. Sophisticated weapons in cyber-space, meaning the malware created for purposes of

Cyber-attacks do pose a challenge to international law

destruction or espionage,

The practical problem with

are incredibly difficult and

the attribution of cyber-

expensive to create. This is

attacks is obvious. Even if

the reason why famous cyber

the attack amounts to an

-operations

such

as

armed attack according to

‘Duqu’

and

the UN Charter, the tar-

‘Flame’ have all been attrib-

geted state wouldn’t know

uted to states, even though

where to direct the counter-

no analyst has been able to

attack. And if it had some

provide

proof

general idea, the discussion

concerning the origin of the

quickly becomes: How sure

attack.

do you need to be before

‘Stuxnet’,

definitive

Cyber-attack? Cyber-espionage? Cyber-crime? A major problem of the discussion you strike? This is an essen-

Attacks can easily be around the cyber-threat is a lack of clear definitions and reference in interna- tial legal question, as a use of tional law. conducted anonyresponsive force would need mously to be justified according to international law as well. Counter-

With ‘attribution’, we arrive at the core of the practical and

action will usually entail a risk of harming innocent third parties,

conceptual challenges associated with cyber-attacks. Attribution

and the risk becomes significantly higher in the case of cyber-

means locating the origin of the attack and identifying the at-

attacks. In regards to a conventional attack, there would be

tacker. Sophisticated hackers will have little difficulty hiding and

evaluations in terms of proportionality and discrimination, but

distorting evidence of their identity and location. They can in-

there will probably be little doubt as to where the attack ema-

struct their electronic traffic to exit at different routers from the

nated from and where to direct the response. (International

ones they use themselves, making it look as if the attack came

terrorist attacks are a different matter – these must be investi-

from a completely different city or country. The attacked state will have to engage in long processes of analysis of both the code of the malware as well as circumstantial evidence in order to arrive at

gated, much in the same way as cyber-

With ‘attribution’, we arrive at the core of the practical and conceptual challenges associated with cyberattacks.

judgments about the attacker’s identity.

attacks need to be). In addition to the obvious uncertainty that will arise in a public which has been attacked, the targeted state will also have difficulties justifying a forceful response. The process of

From what we have seen in the cases of ‘Stuxnet’ and ‘Duqu’,

reaching to a definitive judgment could be a rather lengthy one,

this is a time-consuming task. Independent cyber analysts, inter-

and if the accused state doesn’t admit fault then it will be very

net security companies and government cyber security centers

hard to provide the international community with definitive

have to spend months, even years, to analyze the code of the

proof.

malware. In addition, what one might call the circumstantial evidence – the political context, recent events, and financial and technical capabilities of possible culprits – needs to be included in the analysis. And even then, it could be tough to present conclusive evidence of the attacks’ origin. There have also been

Atlantic Voices, Volume 2, Issue 5

Marie Harbo Dahle is President of YATA Norway. She holds a BA in Political Science and French from the University of Oslo, and wrote her thesis on the normative implication of the attribution problem with cyber-attacks.

3


NATO and the fight against the cyber-threat by Emine Akcadag

T

The cyber-threat The revolution in information technologies gave birth to the

he end of the Cold War has brought about high

globally-interconnected digital information and communica-

expectations concerning the maintenance of

tion infrastructure known as “cyber-space” and revealed a

permanent peace in the whole world. How-

new society, the so-called “network society”. National gov-

ever, as the new security threats became rather alarming, it

ernments were obliged to adapt themselves to the age of in-

was seen that these optimistic views were not the reflection

formation technology and carried their departments and ser-

of the reality. Mere military matters, as a result of a paradigm

vices to cyber-space. While offering a great deal of easiness

shift, have been replaced by new security threats such as the

and comfort, cyber-space has also caused the emergence of a

proliferation of weapons of massive destruction, terrorism,

new threat which has an asymmetrical and multidimensional

cyber-security, energy security and environmental security.

dimension.

More and more vulnerabilities of computer systems are being identified worldwide. NATO as a political-military organization is constantly adapting its cyber-defense policy.

Centered upon the individual and society, the main character-

Because of their dependency on information technology

istic feature of these threats is their being transnational in

and computers (e.g. banking and financial services, telecom-

nature. One of the most pressing and potentially dangerous of

munication systems, electricity networks, water supply),

these threats originates from the cyber-realm. In today’s

network societies have become more vulnerable to cyber-

world which has been shaped by communication and informa-

attacks. For example, a cyber-attack launched from outside

tion revolutions, the cyber-threat has become a central issue

the United States, hit a public water system in Illinois in No-

in private life and (international) business and politics.

vember 2011. Therefore, it has become an obligation to take

Atlantic Voices, Volume 2, Issue 5

4


appropriate measures in both the public and private spheres in

make it available for takeover and remote control. Addition-

order to fight the cyber-threat. Many national governments

ally, ‘Botnets’ (i.e. Internet computers that, although their

have added the cyber-dimension to their national security

owners are unaware of it, have been set up to forward trans-

strategy.

missions – including spam or viruses – to other computers on

Among the multi-faceted threats

the Internet) and other examples of

in cyber-space, the first one that

malicious codes can operate to assist

needs to be mentioned is ‘cyber-

cyber-criminals in their identity theft

crime’. Although there is currently

undertakings. For example, the

no globally accepted definition of

prominent ‘I LOVE YOU’-worm

cyber-crime, it refers to all activities

attacked tens of millions of Microsoft

in cyber-space with a criminal intent,

Windows personal computers in May

and it can target natural persons,

2000 when it started spreading as an

business or non-business organiza-

email message from the Philippines.

tions and governments. The distinc-

This worm produced over $15 billion

tion between cyber-crime and other

in damages, including $5.5 billion in

cyber-based malicious acts is the ac-

the first week alone.

tor’s motivation. Cyber-criminals

Besides, terrorists that are known for

generally exhibit a wide range of self

using information technology and the

interests, deriving profit, notoriety,

Internet to formulate plans, raise

and/or gratification from activities

funds and spread propaganda may use

such as hacking.

cyber-attacks to disrupt critical sys-

Smart grids and next generation computing for energy tems in order to harm targeted govand solar technologies in homes will lead to the creation ernments or civilian populations. includes a wide variety of crimes, of more vulnerabilities.

Although the term “cyber-crime”

There is a number of hacker groups

according to the Council of Europe Convention on Cybercrime, there are four different types of

such as ‘Iron Guard’ which are affiliated with Islamic terrorist

offenses. The first type is the offense against the confidential-

organizations1. ‘Iron Guard’ is a group of hackers that was

ity, integrity and availability of computer data and systems

formed during the Israeli-Palestinian cyber-conflict in late

which includes illegal access such as hacking and cracking,

2000. This group is believed to be technically adept and it is

espionage, illegal interception, data and system interference.

reported to have ties to Hezbollah and other Islamist extremist groups. Iron Guard’s call for a cyber

The second type is the content-related offense which covers content that is considered illegal, including child pornography, xenophobic material or insults related to religious symbols. The

It has become an obligation to take appropriate measures in both the public and private spheres to fight the cyber-threat.

third type is the computer-related of-

-jihad was supported by al-Muhajiroun, an organization with well-known ties to former al-Qaeda leader Osama bin Laden2. As for ‘cyber-attacks’, it is possible to

fense which covers a number of offenses that need a computer

define them as any action taken to undermine the functions of

system to be committed such as computer-related fraud,

a computer network for a political or a national security pur-

computer-related forgery, phishing and identity theft, as well

pose. There is a variety of activities that fall within the defini-

as the misuse of devices. The fourth type is the copyright-

tion of cyber-attacks such as the so-called ‘Distributed Denial

related offense which includes the exchange of copyright-

of Service’ (in April 2007, Estonia suffered this kind of at-

protected songs, files and software in file-sharing systems and

tack) and planting inaccurate information (in 1999, the

the circumvention of digital rights management systems.

United States developed a plan to feed false target data into

Cyber-criminals can use malicious codes, such as viruses,

the Serbian air defense command network, inhibiting Serbia’s

worms or Trojan Horses in order to infect a computer to

ability to target NATO aircraft). Unlike cyber-crimes (though

Atlantic Voices, Volume 2, Issue 5

5


in some cases it is possible), cyber-attacks need to undermine

in Iran. The United States and Israel were accused by Teheran

the target computer network and have a political or national

of having deployed ‘Stuxnet’. Recently, the United States and

security purpose. Nevertheless, sometimes cyber-crime can

Israel were once again blamed to jointly develop the sophisti-

also include attacks against computers to deliberately disrupt

cated computer virus ‘Flame’ that collected intelligence in

processing, or may include espionage to make unauthorized

preparation for cyber-sabotage aimed at slowing down Iran’s

copies of classified data.

ability to develop a nuclear weapon. As a result, state-

In the context of cyber-attacks, it would be useful to take

sponsored attacks have come to be considered as a growing

an additional look at state-sponsored

feature of the cyber-threat.

attacks. Three international incidents

As nowadays the dimension of the cy-

involving Estonia, Georgia, and Iran have informed recent discussions on state-sponsored attacks. As men-

No nation or corporation is truly in a position to face and manage cyberthreats on their own.

ber-threat is continuously evolving, it could be mentioned that no nation or corporation is truly in a position to face

tionned above, in spring 2007, a series

and manage cyber-threats on their

of cyber-attacks on Estonia blocked

own, thus a concerted international

websites and paralyzed the entire Internet infrastructure of

effort is needed to fight against these threats. Being aware of

the country by swamping the websites of the national parlia-

this reality, the Transatlantic Alliance itself, just like many

ment, banks, ministries, newspapers and broadcasters. These

other international organizations, has launched and developed

cyber-attacks came at a time when Estonia was embroiled in a

an ambitious cyber-defense policy.

dispute with Russia over the removal of a Soviet-era war memorial from the center of Tallinn. In this context, the Rus-

NATO’s Cyber-Defense Policy

sian government

During the Kos-

was

publ i c l y

ovo crisis at the

blamed by Esto-

end of the 1990s,

nian officials for

NATO faced its

launching

and

first serious inci-

these

dents of cyber-

backing

attacks. Hackers

attacks. In

2008,

sympathetic

a

to

series of strategic

Serbia electroni-

cyber-attacks

cally

disabled Georgian

attacked” NATO

command

and

web servers. This

control systems.

led, among other

These

things,

intrusions

“ping-

to

the

coincided with the The discovery of the ‘Stuxnet’ worm forced governments and businesses around the world to examine Alliance’s e-mail their cyber-defense measures more rigorously. account being broader armed blocked for sev-

conflict that broke out in August 2008 between the Russian Federation and

eral days for external senders, and to a repeated disruption of

Georgia over South Ossetia. Thus, the Russian government

NATO's website.

was once again accused of being behind a cyber-based incident.

Facing this challenge, the Alliance started to realize the seriousness of the cyber-threat. However, the key

In June 2010, a malicious software worm called ‘Stuxnet’

event which drew attention to potential vulnerabilities in the

attacked among others the operations of nuclear centrifuges

digital infrastructure of the NATO Allies were the attacks of

Atlantic Voices, Volume 2, Issue 5

6


Cyber-security is an unavoidable issue and the threat is growing daily.

9/11. Consequently, NATO issued an important call to im-

and conducts appropriate security risk management, and the

prove its “capabilities to defend against cyber-attacks” as part

Cooperative

of the Prague Capabilities Commitment, agreed in November

(CCDCOE) which complements the work of the other re-

2002. The most important element of the Cyber-Defense

lated institutions by improving cooperation and information-

Program was the creation of the NATO Computer Incident

sharing.

Response Capability (NCIRC), the Alliance’s “first responders” to prevent, detect, and react to cyber-incidents. Another key moment forcing the Alliance to reconsider the need for a common cyber-defense policy were the cyber-attacks on Estonia in 2007, which pushed the Alliance to adopt a

Cyber-Defense

of

Excellence

Furthermore, NATO’s new Strategic Concept and the 2012 Chicago Summit Declaration recognize that cyber-

A key moment for NATO to reconsider the need for a common cyber-defense policy were the cyber-attacks in Estonia in 2007.

formal “NATO Policy on Cyber-

Center

attacks continue to increase significantly in number and evolve in sophistication and complexity. The Strategic Concept also emphasized the need for accelerated efforts in cyber-defense and tasked the North Atlantic Council to

Defense” in January 2008. As a result, the 2008 Bucharest

develop a new NATO Policy on Cyber-Defense and an Ac-

Summit emphasized “the need for NATO and nations to pro-

tion Plan for the policy’s implementation by June 2011. On 8

tect key information systems; to share best practices; and to

June 2011, NATO Defense Ministers approved this Cyber-

provide a capability to assist Allied nations, upon request, to

Defense Policy which is by far the most important step the

counter a cyber-attack.” Following the Bucharest Summit, the

Alliance has taken so far.

Alliance established two major cyber-defense institutions: the

The 2011 NATO Cyber-Defense Policy “sets out the

Cyber-Defense Management Authority (CDMA) which initi-

framework for how NATO will assist Allies, upon request, in

ates and coordinates the cyber-defenses, reviews capabilities

their own cyber-defense efforts, with the aim of optimizing

Atlantic Voices, Volume 2, Issue 5

7


information-sharing and situational awareness, collaboration

fenses in 2012, spending 58 million Euros to establish

and secure interoperability based on NATO agreed stan-

a NATO Cyber Incident Response Capability that will be

dards.” Furthermore, the new policy and the Action Plan for

fully operational by the end of 2012. A Cyber Threat Aware-

its implementation provide NATO nations with clear guide-

ness Cell will also be set up to enhance intelligence-sharing

lines and an agreed list of priorities on how to bring the Alli-

and situational awareness. Moreover, the Alliance continues

ance's cyber-defense forward, including enhanced coordination within NATO as well as with its partners.3 Besides, in 2011, NATO started to formulate a rapid reaction team con-

to conduct frequent cyber-exercises

NATO decided to expand its defenses in 2012, spending 58 million Euros to establish a NATO Cyber Incident Response Capability.

cept. “These cyber-defense experts are

and the interested partners take part in NATO's cyber-security activities. For instance, the most recent ‘Cyber Coalition 2011’ exercise included six partners: Finland and Sweden were play-

responsible for assisting member states which ask for help in

ers, and Australia, Austria, Ireland and New Zealand sent

the event of an attack of national significance,” explains Alex

observers, as did the European Union.

Vandurme, expert in NCIRC, and he adds: “The types of cyber-attacks experienced by Estonia and Georgia will be-

Recommendations

come the most frequent form of cyber-attacks in the future. A

NATO Deputy Assistant Secretary General for Emerging

mixture of protest, or traditional war, and a cybernetic ele-

Security Challenges Dr Jamie Shea identifies three main levels

4

ment.” Hence, this rapid reaction team will be an important

of potential threat that NATO currently faces and monitors.5

tool for NATO to enhance the protection of its communica-

The first involves direct attacks on NATO's computer infra-

tion and information systems against attempts at disruption

structure. The second threat is one engineered to defame or

through attacks or illegal access. Any NATO member nation

damage the reputation of the institution. The third consists of

suffering a significant cyber-attack will be able to ask for

new types of malware, which at the moment are being di-

NATO's help.

rected against third parties or countries, but which NATO has

As for the 2012 Chicago Summit Declaration, it empha-

to monitor on a constant basis. “Each day, we are seeing up to

sized that NATO Allies

30 significant attacks on

have committed to provid-

our digital networks or on

ing

individual

the

resources

computers,

and completing the neces-

mostly by way of emails

sary reforms to bring all

infected by spyware and

NATO bodies under cen-

sent to individual NATO

tralized cyber-protection,

employees,”6 says Lt. Gen.

to ensure that enhanced

Kurt Herrmann, Director

cyber-defense capabilities

of the NATO Communi-

protect

collective

cation and Information

investment in NATO. It

Systems Services Agency

also affirmed that the Alli-

(NCSA). The statements

ance will develop fur-

of Shea and Herrmann

ther its ability to prevent,

give us an idea of the seri-

detect, defend against, and

ousness and complexity

recover

that cyber-attacks contain

our

from

cyber-

for NATO. Hence, the

attacks.

Alliance must be able to

In addition, NATO decided to expand its de-

The continuous development of information and communication technologies opens new possibilities for cyber-criminals.

Atlantic Voices, Volume 2, Issue 5

find answers to all of these 8


next phase should be the alignment of national cyber-defense

threats. As mentioned above, cyber-defense has been an important

capabilities with those of NATO. Ensuring the standardiza-

part of NATO’s agenda for more than a decade. Neverthe-

tion of the cyber-defense policy that caters for 28 member

less, it is an obligation for NATO to keep improving its cyber

nations is without doubt a difficult issue. However, NATO

-capabilities in order to fight against cyber-attacks that are

needs uniform cyber-security standards so that all members of

becoming more pervasive, complex and costly. For that pur-

the Alliance do understand cyber-security in the same way. For that purpose, member nations

pose, taking into account that NATO operations rely heavily on cyberenabled networks, first of all, the Alliance should be able to defend its command, control and cyber-systems by

The next phase should be the alignment of national cyber-defense capabilities with those of NATO.

developing its cyber-capabilities, espe-

should identify their own national critical infrastructure, which links to NATO's systems. “Just as all of us in NATO know to which standards the tanks, aircraft and ammunition of the

cially by investing into research. Furthermore, the ‘Cyber

Alliance must conform, we also need international co-

Defense Awareness, Education, Training and Exercise pro-

operation among Allies to find common standards in cyber-

gram’ has a special importance in terms of being able to pro-

security,”9 says the Estonian President Toomas Hendrik Ilves.

tect NATO’s networks and infrastructures. These exercises

Besides, as NATO offers a forum suitable for coordination

also highlight possible shortfalls in crisis management arrange-

and consultation with regard to the cyber-threat, it may help

ments between civilian and military authorities. For example,

to ensure coordination and possibly harmonization for na-

NATO's annual ‘Cyber Coalition’ Exercise’ presents the op-

tional approaches which pave the way for an international

portunity for nations to have their infrastructure 'stress-

treaty on cyber-security.

tested' by creating cyber-scenarios that the participating na-

The invocation of Article 5 is a delicate subject concerning

tions must tackle. Sharing technology, methodology and

NATO’s cyber-defense capabilities. It is still unclear what size

knowledge contributes to a more robust cyber-defense capa-

of a threat would prompt NATO to invoke Article 5 accord-

bility for all actors involved.

ing to which an armed attack against one Ally is considered an

7

As Supreme Allied Commander Transformation Gen.

attack against all. It would not be wrong to say that there is

Stéphane Abrial states, “today, a critical element of any cyber-

no such thing as a concrete NATO-wide cyber-

defense strategy is the understanding that cyber-space is inter-

response model in case of a full scale cyber-attack on a mem-

national by nature. No one country can deal effectively with

ber state. Moreover, in theory, effective cyber-deterrence

cyber-threats on its own.” Hence, the fight against the cyber-

requires a wide-ranging scheme of defensive as well as offen-

threat requires cooperation with partner countries, the pri-

sive cyber-capabilities. Nevertheless, the Alliance does not

vate sector, international organizations and academia in order

have offensive cyber-capabilities. Although individual mem-

to ensure efficiency, complementarity and non-duplication.

ber states may have offensive cyber capabilities, they do not

As many EU member states are also members of NATO, it

prefer to share them even with close Allies because of the

would be easier to ensure a cooperation between NATO and

sensitivity and perishability of these capabilities.

8

the EU regarding cyber-security, especially in the areas of

Finally, cyber-space can be assumed in the context of

training and education, information-exchange, protecting

NATO’s ‘Smart Defense’ initiative which is a new way of

national communications and information systems, and har-

thinking about generating the Alliance’s modern defense ca-

monizing crisis management procedures.

pabilities, as reinforced by the 2012 Chicago Summit. For the

Considering the cyber-threat as a national security prob-

purposes of Smart Defense, the Alliance nations must give

lem instead of a technical issue for computer security profes-

priority to those capabilities which NATO needs most, spe-

sionals is essential for the effectiveness of NATO’s cyber-

cialize in what they do best, and look for multinational solu-

policy and its standardization. After the integration of cyber-

tions to shared problems. Within this context, the NATO

defense measures into Alliance structures and procedures, the

Cooperative Cyber Defense Center of Excellence constitutes

Atlantic Voices, Volume 2, Issue 5

9


an example for the implementation of multi-national solu-

natolive/news_85161.htm.

tions to international security threats.

5

NATO, “Getting serious about cyber security”, accessed

June 11, 2012,

Conclusion

http://www.defencemanagement.com/feature_story.asp?

Our interconnected societies depend on information and

id=18166.

communication technologies, and this makes them more vul-

6

nerable to cyber-threats that are becoming more sophisticated

berattacks,”

and complex. As enhancing cyber-security and protecting

www.spiegel.de/international/world/nato-concerned-about

critical infrastructures are essential to each nation's security

-increasing-numbers-of-cyberattacks-a-829908.html.

and economic well-being, the deterrence against cyber-crime

7

and cyber-attacks has to be an integral component of national

Journal 55, Winter 2011, p. 23.

and international security strategies.

8

Cyber-attacks may cause harm not only to a national gov-

Matthias Gebauer, “NATO Faced with Rising Flood of CyDer Spiegel,

April

26,

2012,

http://

Jamie Shea, “Shielding from Harm,” Defence Management Stéphane Abrial, “NATO Builds Its Cyberdefenses”, The New

York

T i me s ,

F e b r ua r y

2 7,

2 01 1 ,

h t t p: / /

ernment but also to international governmental and non-

w w w . ny t i me s . c o m/ 2 01 1 / 02/ 28 / o pi ni on/ 2 8i h t -

governmental organizations. In this context, the use of de-

edabrial28.html?_r=1.

structive cyber-tools that can threaten national and Euro-

9

Atlantic security and stability as well as NATO institutions

Review,

has prompted the Alliance to strengthen its cyber-capabilities.

node/14165.

“NATO Needs Uniform Cyber Security Standards”, Estonian April

12,

2012,

http://www.vm.ee/?q=en/

It is possible to say that many future conflicts will have a cyber-dimension, whether in stealing secrets and probing vulnerabilities to prepare for a military operation or in dis-

The views expressed in this article are entirely those of the author.

abling crucial information and command and control net-

They do not necessarily represent the views of the Atlantic Treaty

works of the adversary during the operation itself. Conse-

Association, its members, affiliates or staff.

quently, NATO’s future military effectiveness and capability will be closely linked to and dependent on its cyber-defense

About the author

capabilities.

Emine Akcadag Michael VATIS, “Cyber Attacks: Protecting America’s Secu-

Emine Akcadag is a research fellow on Security Studies

rity against Digital Threats”, ESDP Discussion Paper, Harvard

at the Wise Men Center for Strategic Studies in Turkey

University, June 2002, p.8.

and a PhD candidate at the Institut d’Etudes Politiques de

2

Strasbourg.

1

Office of Critical Infrastructure Protection and Emergency

Preparedness, “Threat Analysis- Al-Qaida Cyber Capability”, accessed June 22, 2012, http://www.epc-pcc.gc.ca/emergencies/other/TA01001_E.html. 3

“New Threats: The Cyber Dimension”, NATO Review, ac-

cessed

June

11,

2012,

http://www.nato.int/docu/

review/ 2011/11-september/ Cybe r-Threa ds/EN/ index.htm. 4

“NATO Rapid Reaction Team to fight cyber attack”, ac-

cessed June 11, 2012, http://www.nato.int/cps/en/SID-755CBE3F-6B0F8F50/ Atlantic Voices, Volume 2, Issue 5

10


Atlantic Voices, Volume 2, Issue 5

11


ATA Programs

Atlantic Voices is the monthly publication of the Atlantic Treaty Association. It aims to inform the debate on key issues that affect the North

From 18 to 21 May 2012, the ATA and YATA leadership were

Atlantic Treaty Organization, its goals and its future. The work pub-

present at the 2012 Young Atlanticist Summit in Chicago. This

lished in Atlantic Voices is written by young professionals and researchers.

event, which took place on the sidelines of NATO’s Chicago Summit, gathered around 50 international young professionals and high

The Atlantic Treaty Association (ATA) is an international non-

-level students to discuss pressing issues on the transatlantic agenda

governmental organization based in Brussels working to facilitate global

with political and military leaders of NATO and its member states.

networks and the sharing of knowledge on transatlantic cooperation and

ATA President Karl A. Lamers welcomed the participants and en-

security. By convening political, diplomatic and military leaders with

couraged them to transport the transatlantic spirit from the sum-

academics, media representatives and young professionals, the ATA

mit into their civil societies in the transatlantic sphere.

promotes the values set forth in the North Atlantic Treaty: Democracy, Freedom, Liberty, Peace, Security and Rule of Law. The ATA membership extends to 37 countries from North America to the Caucasus throughout Europe. In 1996, the Youth Atlantic Treaty Association (YATA) was created to specifially include the successor generation in our work. Since 1954, the ATA has advanced the public’s knowledge and understanding of the importance of joint efforts to transatlantic security, through its international programs, such as the Central and South Eastern European Security Forum, the Ukraine Dialogue and its Educational Platform.

Atlantic Voices is always seeking new material. If you are a young

In 2011, the ATA adopted a new set of strategic goals that reflects the

researcher, subject expert or professional and feel you have a valu-

constantly evolving dynamics of international cooperation. These goals

able contribution to make to the debate, then please get in touch.

include:

We are looking for papers, essays, and book reviews on issues

of importance to the NATO Alliance. For details of how to submit your work please see our website.

international security issues.

Further enquiries can also be directed to the ATA Secretariat at the address listed below.

the establishment of new and competitive programs on

the development of research initiatives and security-related events for its members.

the expansion of ATA’s international network of experts to countries in Northern Africa and Asia.

Editor: Florian Bauernfeind

The ATA is realizing these goals through new programs, more policy activism and greater emphasis on joint research initiatives.

All images published in this issue of Atlantic Voices are the property of NATO, reproduced with NATO’s permission, unless otherwise stated. Images should not be reproduced without permission from sources listed, and remain the sole property of those sources.

These programs will also aid in the establishment of a network of international policy experts and professionals engaged in a dialogue with NATO.

Atlantic Voices Vol.2 No.5  

Marie Harbo Dahle provides an overview of important definitions and clarifications in order to structure the general debate about cyber-secu...

Read more
Read more
Similar to
Popular now
Just for you