NITECH: NATO Innovation and Technology – Issue 2, Oct 2019

Page 1

































Ensuring Cyber Security, Worldwide

Leonardo ensures networks and data security for a wide range of international partners and is the Cyber Defence Mission Partner for NATO. Advanced security solutions and proactive intelligence provide customers with the highest level of protection from emerging cyber threats. Inspired by the vision, curiosity and creativity of the great master inventor Leonardo is designing the technology of tomorrow. Helicopters | Aeronautics | Electronics, Defence & Security Systems | Space

ADV Full Page_CYBER.indd 1

01/04/19 12:02

NITECH NATO Innovation and Technology


Editors Adelina Campos de Carvalho, Simon Michell Project Managers Michal Olejarnik, Raimonds Bricis, Andrew Howard Editorial Director Barry Davies Art direction and layout Robert Talenti, Dorena Timm, Andre van Herk, J-P Stanway Contributing Photographers Marcos Fernandez Marin, Conrad Dijkstra Cover Conrad Dijkstra

Printed by Pensord Press Limited Images: unless otherwise stated, all images have been sourced from Getty Images

Published by

On behalf of

Chantry House, Suite 10a High Street, Billericay, Essex CM12 9BQ United Kingdom Tel: +44 (0) 1277 655100

NATO Communications and Information (NCI) Agency Oude Waalsdorperweg 61, 2597 AK The Hague, Netherlands

Š 2019. The views and opinions, expressed by independent (non-NATO) authors, contributors and commentators in this publication, are provided in their personal capacities and are their sole responsibility. Publication thereof, does not imply that they represent the views or opinions of the NCI Agency, NATO or Global Media Partners (GMP) and must neither be regarded as constituting advice on any matter whatsoever, nor be interpreted as such. References in this publication to any company or organization, as well as their products and services, do not constitute or imply any direct or indirect endorsement, recommendation or preference by the NCI Agency, NATO or GMP. Furthermore, the reproduction of advertisements in this publication does not in any way imply endorsement by the NCI Agency, NATO or GMP of products or services referred to therein.



P. 22

Forewords 13

Kevin J. Scheid NCI Agency General Manager


Adelina Campos de Carvalho and Simon Michell Editors, NITECH – NATO Innovation and Technology

Interview 18

P. 46

Dr Velizar Shalamanov Chairman of the NCI Agency Supervisory Board

NIAS’19 and the Cyber Security Landscape



NIAS uncovered


Cyber security priorities


Embracing cyber security


Innovation and future training


Securing the Cloud


Cyber and Article 5


Accountability in cyberspace

Dr John Zangardi, Chief Information Officer for the United States Department of Homeland Security


P. 62

P. 71

P. 58

Supporting NATO and the Nations 52

Supporting NATO tech innovation


Space: a new dimension


Enhanced SATCOM


NCI Agency deployed: NATO Mission Iraq


Countering drones


Using Big Data in military decision-making


Bringing the innovation challenge to life


Neo – a new era for NCI Agency procurement

Dr Antonio Missiroli, Assistant Secretary General of NATO’s Emerging Security Challenges Division



P. 80

P. 89

P. 92

Developing a talented and diverse digital workforce



Attracting talent


The diversity imperative


Training cyber security experts


The cyber exercises keeping NATO forces alert


Avoiding bias in Artificial Intelligence technology


Involving the wider society

P. 96

Clare Hutchinson, NATO Secretary General’s Special Representative for Women, Peace and Security





Cybersecurity and data loss prevention solutions trusted by defence organizations across the globe. C







K United Kingdom | United States | Europe | Asia Pacific

Simplify the Secure Desktop

SECURE ( UNIVERSAL) KVM SWITCHING SOLUTIONS. Belkin Secure KVM solutions are designed to protect against vulnerabilities at the desktop and keep secure and non-secure networks isolated. Our secure switches are certified by NIAP to the latest Common Criteria Protection Profile PSS Ver 3.0 and are designed, built, and shipped in the US under the strictest security.

Belkin Secure Universal DP/HDMI to DP/HDMI KVM Switch, 4-Port


• • • •


Multiple Level Security consolidation at the desktop NIAP Protection Profile 3.0 certified True uni-directional data path isolation Used throughout NATO and by other security organisations




• • • •


End-to-end tamper-proof system Secure supply chain delivery TAA compliant, U.S.A. designed and manufactured Supports all Operating Systems - Windows, Linux, Mac OS


+44 (0)19 33 35 21 33


Kevin J. Scheid


NCI Agency General Manager

NIAS’19 – Digital Transformation: Smart Machines for Smarter Decisions I am delighted to welcome you to the second edition of the NATO Innovation and Technology (NITECH) magazine. To date, 2019 has been an exciting year, and we would like to update you on the NATO Communications and Information Agency’s (NCI Agency’s) latest activities. We hope you will find amongst these pages new opportunities to collaborate and innovate. This year, we launched the NATO Cyber Security Collaboration Hub. The new hub brings to life NATO Secretary General Jens Stoltenberg’s vision for NATO’s role in cyberspace, to “act as a hub for information sharing, training and expertise”. Later on, we also hosted the 10th edition of our successful annual flagship industry event, NITEC. At the conference, we celebrated the winners of our Defence Innovation Challenge, and we ambitiously tasked them with running a formal pilot to demonstrate their solution. The capability that they have developed fuses multiple sources of data with algorithmic processing to uncover suspicious activities at sea. When scaled up, it will enhance our situational awareness and operational analysis. In parallel, we enlisted a joint team comprised of representatives from NATO Nations to compete in the largest-ever international live-fire cyber defence exercise, Locked Shields, with the aim, this year, to improve dialogue between experts and decisionmakers. We also supported Formidable Shield, Steadfast Cobalt, the Coalition Warrior Interoperability Exercise (CWIX) and Noble Jump. These distinct events allow NATO and Allies to demonstrate their operational readiness, test their C4ISR interoperability and determine their level of cyber preparedness. Furthermore, we continue to collaborate with our customers, suppliers and partners to develop and deliver Information and Communications Technology (ICT) capabilities and services to NATO and the Nations.



We work to improve satellite communications, deployable CIS (Communications and Information Systems), Allied Ground Surveillance capabilities, and enhance the ballistic missile defence, and air and missile defence (AMD) programmes so that NATO and Allied leaders can work together and make the right decisions at the right time.

NATO’s political decision-makers and commands. They are on the frontline against cyber-attacks, diagnosing threats and working closely with governments and industry to prevent potential debilitating attacks. As such, they play a crucial role in supporting NATO’s mission and core tasks. They deliver on our promise to maintain NATO’s technological edge.

Our work is never done, which is why we are releasing the second issue of this magazine to coincide with the 15th edition of NATO’s largest cyber security conference, the NATO Information Assurance Symposium (NIAS). This year, the focus is on ‘Digital Transformation: Smart Machines for Smarter Decisions’.

Also, it is no secret that highly qualified technical talent is in high demand across the Alliance. NATO and every Ally must compete with global industry players, while offering staff an environment to advance their skills. Our NCI Academy in Oeiras, Portugal, opened this autumn to address this challenge.

Last year at NIAS, I told attendees that we need to harness data as a strategic asset. I also noted that we are not investing enough in Big Data, machine learning and artificial intelligence.

We have a long legacy in CIS and C4ISR education and training. The NATO Communications and Information Systems School (NCISS) in Latina, Italy, served the Alliance for 60 years. However, when a political decision resulted in the relocation of NCISS to Portugal, we took it as an opportunity to reimagine how we train.

As part of our innovation programme, in 2012, we began exploring data science as a capability, but poor data quality, undeveloped algorithms and powerless processing speeds limited our analysis. However, since then, the availability of quantum computers, the sophistication of algorithms and increased variety of data have created the perfect storm. Finally, data science can realize its potential and make valuable contributions to improving military operations, business processes and cyber security capabilities. At NIAS, we will consider how NATO can better exploit data to enable Allied leaders to make smarter decisions. I recommend that you read the articles in this issue focused on our Big Data science endeavours. Darren Saralis, for example, is working to improve our ability to analyse open-source information, and we have teamed up with NATO’s Centre for Maritime Research and Experimentation (CRME) to work on bringing the Innovation Challenge winner’s data-fusion capability to NATO. Overall, in 2019, we are continuing to progress in our mission to lead NATO’s digital transformation. We continue to: transform from an infrastructure-centric approach to ICT to an information-centric approach; adapt Agency operations through business change programmes; invest in the skills and capabilities of our highly committed and expert workforce.


Our workforce is at the core of acquiring, deploying and defending communications and information systems for

We streamlined our training facilities and merged four NCI Agency schools and training entities to form a single effective Education and Training Service Line. We also expanded our cyber curriculum and implemented new ways of learning, such as e- and micro-learning, virtual classrooms, augmented reality and the new NCI Agency Learning Management System. We will continue to educate and train the Alliance at our new NCI Academy. Students trained at our new Academy will go on to protect and defend the Alliance’s IT and communications systems within the air, land, maritime and cyber domains. We have set a challenge for ourselves to train 10,000 cyber defenders for the Alliance in only five years. It is an ambitious task, and one I know we can accomplish. Our task is to amplify NATO. The Alliance has a strong legacy as the greatest political and military alliance in history. The NCI Agency must ensure its technology and expertise reinforces and extends this legacy. This would not be possible without the help of our academic, industry, not-for-profit and government partners. We need your support to lead NATO’s digital endeavour. If you are reading this, please do not hesitate to contact us with your queries. We want to expand our ecosystem to deliver the best solutions to the Alliance. Also, if you missed NIAS and want to get to know us in person, join us in Austin, Texas, next year for our annual industry conference, NITEC. The May event is an ideal opportunity to get to know us and meet potential partners. I hope that we will see you there.






FLY leading

independent supplier of cutting edge defence and space technologies. We deliver strategic advantages in a rapidly changing environment – thanks to a network of connected smart assets. From military aircraft, satellites and unmanned systems to services such as cybersecurity, geointelligence and secure communications we’ve been serving governments across the globe for over fifty years. Security. We make it fly.

14043_AIR_D&S Generic_297x210_NITECConfProg_1.0.indd 1

23/04/2019 15:42

Cyber defence missions demand advanced threat protection. Security teams need capabilities that detect the threats before they attack the mission. BluVector’s AI is powering this next generation of cybersecurity to deliver high accuracy, high BluVector was originally built to answer an advanced government security need. Now it’s available to answer yours.

NIAS Booth NE10


Editor – NATO Communications and Information Agency

Adelina Campos de Carvalho Editor – Global Media Partners

Simon Michell Data, Digitization and Diversity Welcome to the second issue of NITECH – a new publication dedicated to NATO Innovation and Technology, produced by the NATO Communications and Information Agency (NCI Agency) in partnership with Global Media Partners (GMP). The first issue, launched at the Agency’s flagship industry conference, NITEC19 – NATO and the High North: Technology Ultramarathon, in Norway last May had an impressively broad focus. It examined not only the technology offerings upon which NATO relies, but also the industrial community with whom the NCI Agency collaborates in order to support the Alliance in its day-to-day activities and its operations. This second issue, which coincides with NIAS’19 – Digital Transformation: Smart Machines for Smarter Decisions, not surprisingly, has a sharp focus on the world of cyber security. The 15th edition of the NATO Information Assurance Symposium (NIAS) builds on previous successes and hones in on the critical topics surrounding the digital transformation.

The NCI Agency plays a vital role in leading NATO’s digital transformation, so we have cast a wide net over a broad spectrum of ideas and innovations to highlight how the Agency helps the Alliance integrate advanced technologies, particularly in the field of data science, into its daily activities. After all, it is not just a matter of information assurance, it is also about mission assurance. As smart machines proliferate, NATO must be prepared to tap into the potential of these technologies so that Allied leaders can make the right decisions at the right time to protect their infrastructures, forces and populations. And in a world where data is a strategic resource, we need connected cyber defenders, adaptive, resilient software and a secure Cloud to protect the Alliance. This publication, like NIAS, acts as a platform for experts from nations, industry, think tanks and academia to exchange best practices, as we believe that, together, we are stronger and safer.



Dr Velizar Shalamanov, Chairman of the NCI Agency Supervisory Board (ASB), talks about his return to the NATO Communication and Information Organisation (NCIO)


Why have you returned to the challenging environment of the NATO Communication and Information Organisation (NCIO)?


NATO is not just a means, but also an end to our drive for freedom and democracy, respect for human dignity and of the rule of law. Achieving this end required us to embrace the digital era and this was done by establishing NATO’s largest and most complex body – the NATO Communications and Information Agency (NCI Agency). I was privileged to serve for more than seven years in its predecessor organization, the NC3A (NATO Consultation, Command and Control Agency), as well as in the early days of the NCI Agency – so being able to contribute further to the improvement of the NCIO is a great honour.

Q. A.


What factors drive the success of an organization like the NCIO?

The success of the NCIO can only be achieved in close partnership with its customers. The relations between the NCIO and Allied Command Operations, Allied Command Transformation, NATO Headquarters (HQ) and the Investment Committee, in particular, are of critical importance. These organizations are key stakeholders and can help ensure that the Nations’ requirements are taken into consideration and acted upon. Consolidating the

concerns of Nations throughout various Policy and Resource committees is another key governance factor for the NCIO. This is why the CIO (Chief Information Officer) function, which is expected to improve the harmonization of the internal customer requirements, is so important. The Customer-Supplier Board serves a similar purpose, and the annual CIO Conference (CIOC) with Nations helps to facilitate the consolidation of requirements and introduces chartered initiatives for partnerships and multinational activities for external customers. I see these activities, combined with a strong Customer Satisfaction Programme, as key drivers for success. The people working in the NCI Agency are key to the Agency’s performance and the development of an adequate sourcing strategy, encompassing both civilian and military staff, offers exciting opportunities for innovation. Over the past two years, the Agency’s leadership has achieved tremendous progress in improving the morale and motivation of its staff, laying the foundations for attracting the best and brightest individuals. The NCI Agency is recognized as a hub of excellence for communications and information, interoperability and cost-effective capabilities. And the diversity of its workforce, which is partly made up of rotating national military personnel, contractors from industry and NATO civilians, is bringing real value to the Nations – particularly to their defence structures, industry and academia – by encouraging knowledge and the sharing of best practice.





Which areas could be further exploited in the communications and information domain?


The experience with the ANWI (Active Network Infrastructure) programme and the Digital Transformation Board for the new NATO Headquarters is an excellent example of improved governance and management for a successful digital endeavour. It is yet another step in the long journey towards the digitalization of NATO. This includes other success stories, such as the Afghan Mission Network, the Federated Mission Networking, NATO Force Integration Units and NATO Force Structure support, as these all help to define the model for the harmonization of requirements for the NATO Command Structure, NATO Force Structure and the Nations, with a greater focus on operations. Significantly, the aforementioned projects have proven the value of the NCI Agency at the highest decision-making bodies within NATO. In addition, the NCIO structure offers a range of possibilities over and above NATO common-funded projects and NATO Enterprise Service Level Agreements.

Artificial Intelligence, Big Data analytics, 5G networks and quantum technologies. I also think that the experience garnered over the years with NATO’s Trust Fund for Ukraine could be applied to other Partner Nations, with a resultant expansion of interoperability through the provision of multilateral support, instead of a series of bilateral initiatives. The Trust Fund instrument enables interested Nations to join in an effort, as well as contribute according to their national priorities. Simultaneously, this enables these beneficiary nations to engage more effectively in NATO’s processes, whilst committing their own funds and resources. In a similar vein, a NATO-European Union (EU) C4 Trust Fund construct could increase interoperability and readiness of key Partners that are of mutual interest to both NATO and the EU – especially to the East and South. Beyond that, it is also worth exploring the idea of a “NATO-EU digital harmonization programme” under NAC (North Atlantic Council) supervision, between NATO’s digital endeavour and the European defence community, particularly in relation to the new

“The success of the NCIO can only be achieved in close partnership with its customers” For instance, Communications & Information (C&I) partnerships and multinational projects, which comprise roughly 90% of NSPA (NATO Support and Procurement Agency) revenues, could be further exploited. NATO First Solution (N1S), which is a much larger concept than NATO Software Tools (NST), could contribute to cost-effective interoperability and higher force readiness by helping Nations implement NATOproven (and funded) solutions. Proposed by the Agency Federation Initiative, it is a very good step forward.


The NCI Academy business model, which supports Education and Training C&I Partnerships for addressing the most valuable resource of the digital effort – personnel competence – is delivering new opprtunities for the ASB’s valuable contribution to national efforts. Moreover, support for a strengthened Chief Technology Officer role, in close cooperation with NATO’s Science and Technology Organization and national research C&I organizations, could assist with the C&I Partnerships to address innovation challenges in the areas of

“Digital Europe” programme. The crucial point here, though, is that all of the above opportunities will require a stable governance framework to enable the NCI Agency to innovate.


How has the recognition of cyber as an operational domain changed the NCIO’s focus?


The cyber domain is definitely at the centre of the digital endeavour. It is expected to bring further opportunities for customers with the reduced risk of successful cyber-attacks. Resilience is a crucial criterion for decisions taken by the Agency Supervisory Board (ASB). I also see the cyber domain as an additional opportunity for NCI Academy engagement with the Nations and their industry, as well as NATO-EU collaboration, especially in technology development, training, certification and building trust. It could set the basis for more collaboration in the area of hybrid threats.



Space strategy is pointing at yet another domain with profound implications for the NCIO in terms of technology. The main space assets are currently owned by the Nations. However, they are essential for NATO’s C4ISR (command, control, communications, computers, intelligence, surveillance and reconnaissance) capabilities, therefore it will be important for us to identify opportunities to exploit national space-based services in the future with special attention paid to cyber resilience.

Q. A.

What else could be done to realize the full potential of the ASB?

First, we need to assess progress on the implementation of the 2016 Strategic Direction and Guidance and decide how it should be updated. An improved performance assessment framework with clear key performance indicators, not just for the NCI Agency, but also the ASB, C&I Partnerships and multinational programmes in the NCIO, will definitely

bring a clearer focus and a greater sense of purpose. Over the next couple of years, the ASB could further continue to drive through digital governance success factors. For instance, this could focus on the optimization of the NATO consultation and decisionmaking structures that deal with digital transformation, especially where the CIO function and the funding model play a pivotal role. The Functional Review of the NATO HQ and adaptation of NATO Command Structure are helping to introduce best practices for service lifecycle management, as well as clear accountability and the expansion of our enterprise-wide approach. In this context, we may also use this operating model to identify, prevent, detect and respond to cyber threats, and decide what role governance plays in this domain. That said, as ever, the full extent of what we will be able to achieve will depend on the commitment of the Nations and their readiness to share best practices and reach consensus for the success of NATO.





The Director of NIAS, Alex Vandurme, Head of the NCI Agency’s Cyber Security Capability Development Configuration and Validation Section, explains how the symposium supports cyber security innovation and mission assurance. He also describes the thinking behind the event’s theme and an expanded series of NIAS’19 workshops. Jenny Beechener reports


NATO Information Assurance Symposium (NIAS) 19 addresses the challenges facing NATO Member States as they transition to the digital environment. Behind the bold title – Digital Transformation: Smart Machines for Smarter Decisions – the agenda is set by NATO Communications and Information Agency (NCI Agency) cyber specialists, with contributions from industry experts and cyber defenders from NATO Member Nations and partner organizations with first-hand experience of

this process, ready to share their knowledge during three days of keynote presentations and themed workshops. Organized by the NCI Agency, the symposium considers the emergence of Artificial Intelligence (AI), Machine Learning (ML) and Big Data as a resource and a threat. It looks in particular at information assurance and cyber security as essential building blocks behind the secure exchange of data. Conference Director Alex Vandurme

says NIAS’19 provides an ideal opportunity for NATO organizations and national delegations to meet industry representatives from different sectors. “NIAS is different to the annual NITEC event, which is usually led predominantly by NATO representatives. NIAS is structured slightly differently to allow delegates to explore emerging technology relevant to the NCI



Agency activity. It is a combination of visionary, strategic and tactical content that goes down to the specialist level. It’s also about connecting with peers from the nations and sharing experience and lessons learned.” A key plenary topic is the role of the human in cyber defence. Cyber-attacks are increasingly promulgated by machines, so are they best countered by machine? NIAS’19 considers replacing the human-in-the-loop with the human-over-the-loop to deliver secure information assurance. While AI can lead to faster, more effective results, it is an immature technology with limited applications in the marketplace. NIAS’19 provides a platform for sharing experiences and exchanging views with other players on ways to make the best use of it.

CROSSING BOUNDARIES This year’s event features many speakers from outside the defence sector, continuing the ‘crossing boundaries’ theme introduced in 2018. “We are learning from fields unrelated to cyber security information assurance and finding out how they approach challenges similar to ours,” says Vandurme. This includes a session on retention and recruitment of tech-savvy staff.

At NIAS, cyber specialists and industry experts share their knowledge during three days of keynote presentations and themed workshops. (PHOTOS: NCI AGENCY)

Ensuring data remains a strategic resource is another central theme of 2019, as highlighted by NATO Secretary General Jens Stoltenberg. This relates not only to protecting data, but also to making sense of data with the help of AI and ML. It is not just about providing information assurance, but also mission assurance, meaning the capabilities used to deliver information also remain secure and available to the mission commander – something that is especially relevant to supply-chain security, which is an area of growing concern in many fields. It is not so much about the reliability of supply, but

the assurances concerning the origin of components within the supply chain that could be damaging. The topic is rising up the agenda as instances of malware increase globally.



A third major theme of NIAS’19 supports NATO’s move to the Cloud. Here, in particular, the symposium is tapping into knowledge available from the non-defence sector. “We don’t need to reinvent the wheel,” explains Vandurme. “We are learning, and we want to hear about others’ experiences.” In the near future, NATO plans to transition secure networks to the Cloud, and this topic is addressed by keynote presentations, as well as a


dedicated workshop stream, featuring senior speakers from companies such as Google Cloud, IBM and CISCO, among others. The popular workshops have been expanded in 2019 to accommodate more delegates and to encourage exchanges with industry specialists. Five streams set up by Agency Cyber Security Senior Scientist Sarah Brown are scheduled for each afternoon, made up of presentations lasting up to 45 minutes followed by question-andanswer sessions. These tackle the main themes of the symposium and provide delegates with the opportunity to share best practice, hear about case studies and expand their knowledge. The separate sessions focus on AI;

NIAS’19 provides a platform for sharing experiences and exchanging views supply-chain security; Information Assurance to Mission Assurance; data as a strategic resource; and the Cloud. Delegates can hear first-hand from senior executives at Amazon Web Service, Microsoft and Palo Alto, in addition to representatives from academia. “NIAS is an excellent opportunity for anybody from NATO entities,

delegations from nation states, government institutions and industry to network,” adds Vandurme. “There is a huge tactical element to the presentations and the expanded workshop sessions. As a result, delegates can learn about NATO’s future strategic vision and also share information about real-life experiences.”



INDUSTRY PERSPECTIVE existing system security information sources to create a centralized security capacity and expand its situational awareness.

Jennifer Artley Managing Director, Technology, Life Sciences & Business Services, BT Global

How can BT help organizations such as NATO use smart machines to make smarter decisions? The question that continues to drive the future of cyber defence is: how can we spot near-invisible anomalies amongst masses of ‘normal’ data, and mitigate against both the insider and outsider threats that might be manifested within them? We believe that Artificial Intelligence (AI) is the perfect answer for this. In particular, we are looking to what we call Intelligence Augmentation (IA), where we combine the power of AI systems with the power of humans. This involves the use of interactive visualization technologies that allow humans to assess, review and take the necessary action in a way that is innovative. To help organizations such as NATO, BT is developing an AI-driven tool called Nexus, which is powered by artificial neural networks, as one of the first warning signs for analysts facing a potential attack. We have also previously worked with the Ministry of Defence (MOD) in the UK, who wanted to integrate

We designed and deployed a fully accredited cyber-defence solution called eCND (enhanced computer network defence) to deliver aroundthe-clock support. This helped the MOD identify potential vulnerabilities more effectively, reducing the window of exploitation open to threat sources.

How is BT helping the NCI Agency to protect its networks? NATO uses BT’s Secured Internet Gateways from two of its major sites to monitor, track and protect its networks against suspicious traffic and distributed denial of service (DDOS) attacks from the internet. To meet NATO’s requirements, we created a textbook infrastructure-asa-service (IAAS) solution to host the extranet solutions of NATO HQ, the NCI Agency and other NATO facilities. We also created a best-in-class Public Internet Access and Public Access Network Service to support NATO as a global partner. In addition, we developed a set of blueprints for the technology and service options for the NATO businesses and established a common set of tools and processes to improve service quality through proactive diagnosis and improved supplier management. BT also provides the Alliance with management information to guarantee transparency on costs and measure performance against agreed service levels. Furthermore, we have made a commitment to innovate in order to ensure the relationship continues to add value throughout the life of the contract.

What role can AI play in cyber security? AI’s role in cyber security today goes well beyond simulation of human actions, where a machine is programmed to replicate and complete a specific task. In fact, the key feature of AI is that it learns incredibly quickly. It gathers insights and analyzes huge amounts of information, particularly unstructured data that would take a human an inordinate amount of time to process. Having processed the data, it can use reasoning to identify threats in a fraction of the time it would take a person. This frees up precious time for the human analyst to make those


critical decisions to counter the threats and deal with attacks. This leads to augmented intelligence, where technology is supporting and enhancing the human understanding. By combining ultra-fast analysis with evolving machine learning, it enables predictive analytics, where trends and anomalies can be quickly identified, leading to faster and more effective threat detection and mitigation.

How important is a diverse workforce in fostering innovation? Anyone who has led a team or worked

within one has experienced the value of enabling people with different perspectives to tackle the same problem. This always produces a better and more insightful result. And this is the core benefit of diversity. It brings the values, experience and insights of a wide spectrum of people from various ethnic backgrounds and gender identities. This heterogeneous approach is a key driver of innovation and product development. It also enables companies to understand their global customer base more intimately, reducing the risk of product and service failure.

Another massive benefit of embracing diversity in the workforce is that it helps to attract the most talented individuals to your company. Not only does this help to address the skills shortage, it also benefits the bottom line. As a champion for female equality in technology, I regularly participate in diversity and equality programs. I am a firm believer in and supporter of leaders who can empower and connect their organizations.



PRIORITIES Samantha Ehlinger asks Dr John Zangardi, the Chief Information Officer (CIO) for the United States Department of Homeland Security (DHS), how he is addressing his most significant cyber security challenges


What is the DHS doing to recruit and retain cyber talent?


If there’s a hot market for talent out there, it’s cyber. It’s not just the government and the military that are struggling in this area, it’s also industry. The big problem is how do you recruit people in that environment? Government does not pay the same as industry. That is a difficult hurdle for us, because we can’t create a salary package that would equal what top-notch CISO (Chief Information Security Officer) talent might get in the financial or healthcare industry. We can’t match that. One of the things that’s kept me in government all these years is the challenge, the mission. I enjoy supporting my country in solving these hard problems. The second part of this is, there is patriotism in the cyber security mission for DHS. A lot of people find those two things appealing – the mission and serving the country. What we have found is that, by providing just a little bit extra of money, you can really get people to go, ‘Well, hey, they really do appreciate me. I know the limitations of what government can pay, but they’re doing the best they can to compensate me better’.


The path we went down last year was cyber retention incentive pay. It’s not a lot of money. It doesn’t fully

equalize the equation between industry and government, but it makes a move in the right direction, and it creates a little bit more competition. What I’ve seen in the organization since doing it is that it means a lot to people, it means that we’re recognizing them, so I think it’s one of the better things we did. Our Chief Human Capital Officer, Angela Bailey, has been working on a cyber hiring system, the cyber talent management system. It will give us a lot more flexibility to offer recruitment packages to bring people in at the right level, with packages that are more commensurate with private-sector pay. The other thing I think it will do is allow people to come in for a while and, if they want to, go back out to industry for a time, and then return – it will allow that greater degree of flexibility. There is also one last tool that we’re playing with. We started putting in place a cyber internship programme, bringing interns from college to come into the organization and spend nine or 10 weeks with us, becoming more familiar with it. We brought around 10 interns this year, two of which are PhD candidates.





How does the DHS partner with industry?


We’re walking down the path of utilizing the GSA (General Services Administration) Enterprise Infrastructure Services (EIS) Contract. That vehicle offers us the potential, over its lifetime, to acquire the services and technologies we need to meet the mark in the future As you start looking out at the future, a couple of things pop out: 5G is coming; the internet of things (IoT) is coming. We’re moving to the Cloud, but we also have to make sure that we’re accounting for security, because when you look at 5G, IoT and the Cloud, you’re creating an inflection point with our network that leads us to start thinking of different ways of protecting the network. What I mean by that is we’re exploring zero-trust approaches for the network. In my vision, I would like to move DHS to become a wireless organization. In other words, to implement 5G with the appropriate security protocols in place, and reduce the number of devices each individual has, so they can take better advantage of workplace-as-aservice capabilities, where people can work wherever they want to. If you were to construct an office building that’s completely wireless, powered by 5G with appropriate security, people could be very flexible in how they move about the building and do things. When we talk about those cutting-edge technologies, that’s what I’m thinking EIS can help get us to. Now, when we implement that we have to look at things such as zero-trust, which is a change from how we do things right now with the perimeter defence. As you create more devices that need to access your network, the perimeter becomes very fragile. That is dependent upon how we do identity management, and softwaredefined networking. We’re going to work through those problems because it’s the right thing to do.


Can the DHS balance the need for speed with the mandate to ensure security?

A. 30

Security is at the top of my list. I spend more time thinking about security than just about anything else. So, it’s very important, but, I have to recognize that the authority to operate (ATO) process from a lot of different angles takes too long – whether you’re a vendor trying to sell us something, or whether you’re a user trying to get something on the network. I really think we have to move the overall philosophy

Making DHS a wireless organization would provide the flexibility to enable people to work wherever they want to

of ATO from one of compliance to one of risk management. Paul Beckman, who is the Chief Information Security Officer (CISO) for DHS, and his deputy, Luis Coronado, have made some really good moves in viewing how we put things on the network, or approve them to go on the network, to a riskmanagement framework. That’s key. The second thing recently was to reorganize where we put all of the security functions under the CISO. To some extent, it could make sense that you leave the work being done by some parts of your security team under the developers. I felt that it would be better to put that work under the CISO. I gave my CISO a couple of directions: we have to do better in terms of moving things quickly onto the network, but we have to do it in a way that is cognizant of risk. What came out of that task was something called authority to proceed – ATP as opposed to ATO. It utilizes the same pieces of ATO, but does it in a different way. Reciprocity is the key to this. If you did an ATO for a particular system, I should be able to leverage the controls that you put in place for that system and take them over and use them as a means of speeding up how I get something on the network. I think that example shows what we’re trying to do, which is manage risk in an informed way, take advantage of the good work of others and make something – an application or system – available even faster.

Partner for NATO. Service Provider for IT Modernization. Bechtle AG. A leading B2B IT provider, Bechtle has some 70 systems integrators in Germany, Austria and Switzerland, as well as e-commerce subsidiaries across Europe – a blend of IT sales and services that is truly unique at this scale. First established in 1983, Bechtle has been on an upwards trajectory ever since. Over 70,000 customers from diverse businesses within the industrial, service and public sectors rely on the expertise of Bechtle’s employees and the combined strength of the Bechtle Group. More than 10,000 people are committed to writing Bechtle’s success story every day. Bechtle has been listed on the stock exchange since 2000 and is listed on the MDAX and TecDAX indexes. In 2018, the group generated revenues of around 4.3 billion euros.

GBS TEMPEST & Service GmbH. Based in Diepholz, Lower Saxony, Germany, GBS owns and operates three in-house emanations test laboratories recognized by the German Federal Office for Information Security (BSI). GBS is authorized to perform certification measurements and short-measurement procedures according to the German zoning model (national) as well as to perform certification measurements and short-measurement procedures according to SDIP 27 Level A, B and C. Furthermore, GBS has a comprehensive competence team available which consists of highly skilled TEMPEST engineers and TEMPEST technicians with many years of experience. In addition, GBS is maintaining a certified Quality Management System according to ISO 9001:2015.

SYH047619_Anzeige NCI Agent NATO_210x297_RZ.indd 1

30.04.19 16:53



France’s new Cyber Commander, Général de Division Aérienne Didier Tisseyre, tells Christina Mackenzie about the robust stance that France intends to take to defend its national sovereignty against cyber threats

Charged since 1 September 2019 with developing this doctrine in close collaboration with the army, navy and air force chiefs of staff is three-star Général de Division Aérienne Didier Tisseyre, Commander of the French Cyber Defence Force. He describes his job as that of a “conductor” who must ensure that everyone is reading from the same sheet of music, whether it be within the Armed Forces Ministry, the National Cybersecurity Agency of France (ANSSI) with which he collaborates very closely, or inside the defence industry. A convention is about to be signed with the latter to ensure that all levels of industry are made aware of the dangers of a cyber-attack. The Armed Forces Ministry “knows how to defend itself and the attacker

advanced persistent threat (APT) is a very political and highly sensitive thing to do. You have to have proof, and the difficulty is that, in cyberspace, it’s very easy to pass oneself off as somebody else and to hide one’s tracks. It’s not the case that, just because an APT came from a server in a given country, that the initial order for the APT came from that country. It could very easily have come from somewhere else, so we have to be extremely careful about a hack-back before thorough due diligence has been undertaken.”

Some of the 1.6 billion EUR that France has attributed to cyber security in its 2019-2025 military programme law will be used to hire 1,000 cyber warriors between now and 2025. “We’re hiring imaginative youngsters who have highly specialized, social media technical expertise to help us understand the enemy,” he explains, particularly given the “technological know-how cyber-criminals have”. Other financial efforts are being made to

General Tisseyre says that France has made some slight modifications to the recommendations made in the Tallinn Manual. The research, led by the NATO Cooperative Cyber Defence Centre of Excellence and authored by an international group of some 20 experts, offers guidance on how international law applies to cyber operations and cyber warfare. Tisseyre explains that, in some areas, France has interpreted the recommendations in the Manual


In January 2019, France’s Armed Forces Minister, Florence Parly, announced that her country was to develop and deploy offensive cyber weapons, whilst improving protection of its own computer systems. “In case of a cyber-attack against our forces, we reserve the right to riposte, in a legal framework, with the means and at the moment of our choosing,” she announced. In addition, she said, France reserved “the right, whoever the attacker is, to neutralize the effects and the digital means employed”, as well as to employ “the cyber weapon on foreign operations for offensive purposes, on its own or to support our conventional means, or to multiply their effects.”

knows that,” Tisseyre explains. “So, he will try to trick us. He won’t attack us directly because he knows he would probably fail, but he’ll attack the weak link: the defence industry, notably the subcontractors that may only make a small component of a weapon or an IT system. He’ll put a virus or malware in that subcontractor’s system, and it will progressively make its way into the major contractor’s system and then into the weapon system, and as all these are interconnected, this is how we would be attacked.”

“We’re hiring imaginative youngsters who have... technical expertise” ensure that weapon systems are secured “by design”, rather than “security being a bit of an afterthought, as tended to be the case in the past,” in network intrusion detection systems; and in the characterization of the attack. When confronted with a cyberattack, “we have to systematically question whether a state is behind it,” Tisseyre says, stressing that, within a NATO context, France insists that all members agree before the finger is pointed at a particular country. “Attributing an

slightly differently from other countries “for a variety of reasons, but we explain why, notably on this due diligence issue and the principle of national sovereignty, where we consider that attacking information systems in France is an attack on our national sovereignty. That gives us the right to riposte, not necessarily in a cyber way, but it could be a diplomatic response or an economic one – it depends on the nature of the attack and its impact, and on the attacker himself, his motivations and in what framework the attack took place.”



Simon Michell asks Major General Göksel Sevindik, the NCI Agency’s Chief of Staff, to offer his perspective on innovation and building a world-class workforce for the Alliance

INNOVATION AND FUTURE TRAINING On 1 April 2019, Major General Göksel Sevindik took up position as the NCI Agency’s Chief of Staff. Having spent his entire army career in various Communications and Information Systems (CIS) roles at the highest levels of the Turkish military, he is an obvious choice for the job. Not only that, he also has a long-standing relationship with NATO: “I was the Turkish National Technical Expert (NATEX) for the NCI Agency’s predecessor, the NATO Consultation, Command and Control Agency (NC3A), from 2000 to 2003. Two years later, I was posted to the NATO Communications and Information Systems Services Agency (NCSA) in Mons from 2005 to 2007. Then, having served as Head of CIS in the Turkish General Staff, I came back to NATO once again, this time as Chief of Staff of the NCI Agency.”



Having served within a technical branch of the military, General Sevindik is well aware of the rapidly changing technological landscape and the role that innovation plays in defence. “The world is digitalizing.

More than half of the world’s population are online. As a result, NATO has to up its game.” The General’s view is clear in terms of innovation and what it must achieve: “The Agency vision is to build a fully digital NATO enterprise that ensures consultation and collective defence. We are working to lead NATO’s digital endeavour. Innovation means using new technology and new ideas to bring about substantial changes within an organization, including the Alliance.” He echoes the NATO Secretary General’s own words that, in order to maintain NATO’s technological edge, it must innovate and capitalize on the ingenuity of the Alliance’s industrial partners. The NCI Agency takes an active role in building partnerships that foster innovation. “For example, we collaborate with the private sector to advance design thinking in our business,” says General Sevindik. “But also, we are discussing with other NATO bodies how to enhance our collaboration on innovation to rapidly propose,




develop and test critical tech solutions for the Alliance.” He is confident that new partnership initiatives will enjoy the same success as the NATO Industry Cyber Partnership (NICP) that was launched five years ago.

The NCI Agency’s flagship events – NIAS and NITEC – enable participants to share their experience and knowledge (PHOTO: NCI AGENCY)

Another way in which the NCI Agency promotes innovation is with its conference programme, especially its two flagship events – NIAS and NITEC. General Sevindik attended NITEC19 after about six weeks in his new post and was very impressed. “This was the first time I had attended NITEC and I felt a real energy and enthusiasm amongst the participants. There was a real buzz,” he says. “One of the most important things that an event such as NITEC does is to bring great minds together and enable the participants to share their experience and knowledge. This can spark important ad hoc groupings and lead to opportunities to collaborate on innovation.”

extract the maximum benefit, and the General is well aware of this. Hiring and cultivating a world-class workforce is at the top of the NCI Agency’s Strategic Plan. This focus is equally relevant for the mission of the new NCI Academy. “There is a high demand for

“There is a high demand for technically skilled talent across the Alliance” General Sevindik also emphasized the role of NIAS’19. “It’s one of the most important events of the year for the Alliance’s cyber security community,” he says. “In one place, NATO, national and industry experts discuss interconnected solutions to address the growing cyber threat.”


Any organization that embraces innovation must also make sure that it has the requisite understanding and skills within its workforce to

technically skilled talent across the Alliance – not just within NATO itself, but also in the Member States,” he says. “This is a significant challenge, as one of our strategic goals is to develop and deliver world-class C4ISR education and training services, including cyber, across the NATO enterprise. “It is with great pride, therefore, that I can confirm we are now in the initial operating phase of the new

NCI Academy that we recently finished building in Oeiras, Portugal. This was a great moment for the NCI Agency and NATO. I was there, and I was really impressed. Students have already arrived, and the first courses have begun.” Like the new Headquarters in Brussels, the recently completed training facility in Oeiras is very impressive. “It is a state-of-the-art building, housing state-of-the-art technology. It is a fantastic NATO asset,” General Sevindik points out, enthusiastically. One of its key priorities will be to train significantly more people in cyber skills. “We have a goal to train 10,000 cyber personnel for NATO. To do this we will innovate in the way we deliver the training. We will use virtual-reality training systems, micro-learning (short five-minute training modules), online training and, of course, mobile learning. We will also introduce a very high level of coordination with academia through NATO Member State universities and educational institutions to keep pace with changing technology, as well as evolving teaching methodologies.”


INDUSTRY PERSPECTIVE for actual loss of life, the risk of data loss for defence organizations is a far greater concern. Attacks on CNI targets, such as power plants and water treatment facilities, are no longer a theoretical threat – they are happening now. While data loss is an issue, advanced threats, such as ransomware, have become the scourge of organizations of all sizes, in all sectors.

Dr Guy Bunker Chief Technology Officer, Clearswift

What is Clearswift’s relationship with NATO and the security sector? Clearswift has over 20 years’ experience working with defence organizations all over the world, including NATO. With over 70% of our customer base being defence and Critical National Infrastructure (CNI) organizations, our cyber security solutions have proven capabilities to meet the specific demands of this critically important community. By working closely with NATO and various countries and agencies, Clearswift looks to address the latest cyber security threats being faced in a timely manner. Government and defence organizations, in particular, are forward indicators of the next generation of threats that will be faced more widely in 12-24 months’ time.

Why is cyber security and data loss a major challenge to organizations? For commercial organizations, the issue around data loss is now about ‘when’ rather than ‘if’, with the risks associated with non-compliance being large fines, as well as reputational damage. However, with the potential

Furthermore, the way organizations operate has changed; with digital collaboration now the norm, information needs to be shared and exchanged at the same speed at which it is created. This is not just occurring in commercial organizations, but also within NATO and the ‘Five Eyes’ community, with cross-domain systems transferring vast quantities of information and intelligence, 24/7. Compromise is not an option.

How can Clearswift help organizations address these challenges? Clearswift has cyber security products that have been trusted by governments and defence organizations for more than two decades. The product line is concentrated around email and web gateways, with Adaptive Data Loss Prevention (A-DLP) capabilities built in. Deep Content Inspection is the key to the products’ success; the ability to recursively decompose a mass of data into its constituent parts, assess the risks and remove them, based on policy. For example, there could be an email with an attached document, which contains an embedded spreadsheet with critical information in an image. Or it could be a document that has been hijacked and weaponized and delivered with the help of social engineering. Clearswift can discover and mitigate informationborne risks without interrupting the flow of information between collaborating partners.

More recently, Clearswift has introduced new features to its A-DLP solutions to address the growing issues around digital images. Whether it is optical character recognition (OCR) to deal with multifunction printers that scan to an image PDF, including the ability to redact text from an image, or anti-steganography functionality to address both the exfiltration of data by a malicious insider or infiltration of malware payloads, Clearswift continues to work with its government and defence customers to build innovative solutions that address the next generation of threats and operational risks that they face.

What web/Cloud specific security does Clearswift offer? Clearswift offers security solutions for the web and the Cloud. For secure collaboration via the web, Clearswift has a web security gateway with multiple antivirus, URL filtering and A-DLP features, as well as an ICAPcompatible version that can be used with other third-party web proxies in both forward and reverse configurations. Policies are direction agnostic, so can be applied to both inbound and outbound traffic. These days, receiving unauthorised information can be just as problematic as data loss. Similarly, while active content might be stripped from inbound documents in order to thwart ransomware, organizations also use this to remove macros, particularly from spreadsheets that are considered as Intellectual Property. Clearswift also works with Office 365, augmenting the security features provided by Microsoft with its unique A-DLP technology.



The scale of cyberattacks on NATO is astonishing. Attempted breaches, of one sort or another, “are a daily occurrence”, says Ian West, the NATO Communications and Information Agency’s Chief of Cyber Security, confirming that the organization’s sensors pick up millions of suspicious events every day. “Many attacks are automated. We have the technology and the people to assess and decide where we need some human intervention.” The technology sorts the wheat from the chaff, but, nevertheless, there are “several hundred occasions each month where we have to intervene manually, to take some sort of action,” he says. So, how does Ian West’s team look after important data residing in the vast, amorphous Cloud? “The benefits of so-called Cloud computing are real,” he says, being both more economical and efficient “as there is less onus on organizations to own and operate


Storage of electronic information in the Cloud offers considerable cost savings and increased efficiency, compared to traditional in-house facilities. But how does an organization such as NATO take advantage of reducing the strain on its budget, without reducing the levels of security around its data? Alan Dron asks Ian West, the NCI Agency’s Chief of Cyber Security

their own infrastructure. NATO is looking to make the most of that technology, but, clearly, we need to make sure that our operational systems are very secure. At the moment we have a traditional network, a Wide Area Network with lots of Local Area Networks plugged into it, but we’re moving to a new architecture that brings in data centres that offer much more resilience. The ‘public’ Cloud, by its nature, is global and, quite often, you don’t even know where your data is. From a cyber security perspective, that brings us new challenges.” For obvious reasons, classified material is not stored in this way – “There’s certainly no full-scale migration to the public Cloud” – but the Alliance is moving some of its less-sensitive applications there. Information at up to secret level will be stored on a NATO private Cloud, which uses similar technology to that of the public Cloud, but is completely under the control of NATO. This move will improve



NATO’s sensors pick up millions of suspicious cyber events every day, with many attacks on the organization being automated (PHOTOS: NCI AGENCY)

mobility and business continuity, as well as increase resilience and allow a centralized support team to intervene when necessary. Unclassified material will be available on the public Cloud. West explains that the challenge in moving to the Cloud is one of “trust” – while there are strict protocols to ensure that the migration is done responsibly, users need to trust this new infrastructure and use it for its full benefits to be realized.


In order to maintain that trust, the Agency’s cyber security team must continually use both proactive and reactive methods to keep NATO’s information secure. Hackers naturally seek to penetrate Cloud storage centres, and the very nature of the Cloud means that

there are holes in its infrastructure that can potentially be exploited. There is, West cautions, “no silver bullet in this game. There are so many types of attacks and so many different ways to compromise a computer system; you have to have defence in depth.”

Proactively speaking, West says, “We have to plug up all the holes and the attacker only has to find one. We proactively go out onto our network and ‘look for evil’, as some of the hackers call it – people misbehaving or things going strangely.”

West explains, “From a reactive perspective, we’ve deployed hundreds of sensors, firewalls, and intrusion-detection systems across the enterprise. These report back to our centralized facility and we can see when someone is trying to intrude. We also have a human reactive capability. We have rapid reaction teams of specialists, who can either help from the centre or who can pack their bags and deploy a lot of the capabilities that we have from the centres to the sites.”

NCI AGENCY CYBER SECURITY FOOTPRINT Ian West’s cyber security group has around 200 personnel, the majority based in Mons, Belgium, co-located with NATO’s Allied Command Operations, where they have the hands-on task of defending the organization’s network. They are also responsible for ‘cyber hygiene’, ensuring that the network has as few vulnerabilities as possible. There is also a group of around 30 staff in The Hague, Netherlands,


who are responsible for capability development and innovation. And there are personnel at every NATO site throughout Europe, looking after local systems. “NATO’s cyber security organization is resolutely defensive,” West emphasizes. This means that it is, perhaps inevitably, on the back foot for much of the time when dealing with hostile forces, “but we have no authority to go out beyond our boundaries. We can’t go out and attack the machine that’s attacking us. Everything we do is in accordance with International laws.” With any organization, there is a risk of withdrawing into its silo and focusing too closely on its own work. For this reason, the cyber

security teams work very closely under the NATO Industry Cyber Partnership (NICP), which allows them to share best practices and to receive a broader view of current threats.

sensitive subject,” says West. The evidence of tracing an attack back to its source “tends to be mostly circumstantial… but we have a pretty good understanding most of the time about the origin of attacks.”

“One thing is for sure... our capabilities will be needed for a long time to come” One trait of attackers is camouflaging their origin by routing attacks through circuitous approaches to their targets. Attribution is a “very complex and

“One thing is for sure,” says West in conculsion. “Our daily mission is real, it is of critical importance and our capabilities will be needed for a long time to come.”




Stefaan Wuytack Senior Strategy Manager – Cyber Security, Telenet Group

How has the cyber security landscape changed? Almost half of all cyber-attacks are now aimed at the financial and health services sectors, and whilst the overall number of significant attacks may have dropped, the attackers have changed their tactics and focus. They are able to remain undetected for a very long time (on average, 474 days – equivalent to a year and a half) resulting in the extraction of valuable data over an extended period. Nowadays, successful cyber-attacks are very cunning and often based on painstaking preparation, whereby the attackers investigate their target to look for specific people they feel may be of most use to their impending attack. Once they have found who they are looking for, they can engage in a social-engineering campaign to entice them into the trap. For example, they might create fake Facebook or other social media accounts to get to know their potential victims better, before duping them with a spearfish attack. Then, once they have gained entry to the user’s system, they hunt for so-called PII (personally identifiable information),

combined with security credentials, to gain access to the entire network. As these threats increase, CISOs (Chief Information Security Officers) are gaining ever more importance within organizations. However, they need to focus not just on the technology, but equally on the business, people and processes. They have to be ‘evangelists’ for cyber security and engage with the rest of the senior management and the Board of Directors to explain why it is so important, what the

business value is and how the company must change to prevent successful breaches of its IT systems. On the non-technical side, this can be as simple as allocating car-parking badges and security passes to staff in order for them to gain access to company property. They need to help the people to become cyber aware and keep up with the technology. They should also remember that technology works both ways. Attackers are also integrating Machine Learning (ML) and automation into their activities.


off the Land’ (LotL), leveraging the company’s own software tools to undertake their attack. Using ML, UEBA can also detect when what appears to be normal behaviour is, in fact, an attack.

What is Telenet’s approach to Managed Detection and Response? At Telenet we believe in offering a complete solution, not just a product. We use a UEBA-based system that employs Exabeam to bypass humans manually keying in the ‘data correlation’ rules that govern people’s access to the IT infrastructure. The Telenet solution covers the delivery of services, management reporting, incident detection and response, as well as technology. However, we do not replace a customer’s existing technology, rather we support it and develop what we need to co-exist with it.

What role does Managed Detection and Response play in securing organizations? Managed Detection and Response (MDR) has become as vital as prevention. It is now the case that prevention in itself is no longer sufficient to deal with the complexity and cleverness of today’s cyberattack methodologies. Technology is progressing rapidly, and whilst organizations can procure and install new solutions, this technology is becoming increasingly complex to operate.

MDR helps protect productivity by keeping pace with the changing threat environment. More specifically, MDR, based on UEBA (user and entity behaviour analytics), assumes that you may have already been breached and therefore focuses on data that is being accessed in abnormal situations. And, because UEBA operates on the premises and in the Cloud, it adds an additional layer of visibility to the organization’s Cloud-based data, unlike more traditional systems. Crucially, it can also detect hackers who are ‘Living

One of our key differentiators is that we have a very transparent pricing model based on user numbers, not the volume of activity. Unlike traditional MDR offerings, we decided to encourage full visibility by not pricing the number of log sources, but focusing on the users. This means costs are predictable and containable because we are not basing our pricing on the volume of activity indicated by the number of log-source events; instead, we prefer to focus on the number of people who are given access to the network.


CYBER AND ARTICLE 5 Simon Michell asks Chelsey Slack, Deputy Head of the Cyber Defence Section of NATO’s Emerging Security Challenges Division, what kind of cyber-attack on a NATO Member State would be serious enough to invoke a NATO Article 5 response

NATO’s approach to cyber defence has evolved in response to the geopolitical landscape. This includes, for example, the cyberattacks in Estonia in 2007 and the events in Ukraine in 2014. NATO Allies have recognized that cyber threats to the security of the Alliance are becoming more frequent, complex, destructive and coercive. As a result, the Alliance continues to adapt to the threats it faces in cyberspace, which may emanate from a range of actors – both state and non-state – and from a variety of motivations.


In 2010, Allies recognized that cyber threats could damage the security, stability and prosperity of the Euro-Atlantic area. This was followed by a critical decision in 2014, when Allies agreed that cyber defence is part of NATO’s core task of collective defence. Equally, Allies recognized that international law applies in cyberspace. In other

words, there are rules that govern this space. This is important to highlight because as Chelsey Slack, Deputy Head of Cyber Defence at NATO, says, “Whatever NATO’s response might be to a potential cyber-attack, such a response would always be in accordance with international law.” When it comes to the type of cyber-attack that might be grounds to invoke Article 5 of NATO’s Washington Treaty, the Allies have made it clear that any such decision would be taken on a case-by-case basis. “NATO does not set out the type of cyber-attack or the associated impact that could result in the invocation of Article 5. This is not specified in the other more conventional domains – for example, air, land or sea – and so the approach for cyberspace is no different,” explains Slack. However, she adds, “Some ambiguity is maintained with respect to potential responses, because any situation would be context dependent. Ultimately,

it would be a political decision taken by the 29 Allies at the North Atlantic Council.”

THE RESPONSE As with the type of cyber-attack that might trigger Article 5, the nature of the response would also depend on the specific situation, as Slack reveals, “Put simply, there is no automaticity in setting out NATO’s response to a cyber-attack. However, there are some key principles that would underpin any response. First, NATO would always act in line with its defensive mandate and in accordance with international law. Second, a response to a cyber-attack would not necessarily be through cyber means.” NATO’s Secretary General, Jens Stoltenberg, has underlined that NATO needs a full spectrum response. Practically, this means that NATO and its Allies would consider all the tools at their disposal – political, diplomatic and military – and tailor them accordingly.


While it is important to be prepared to respond to potential cyberattacks, NATO and its Allies are also focused on preventing them from occurring in the first place. In recent years, a priority has been placed on enhancing resilience across the Alliance – for NATO as an organization, as well as for each of its 29 Allies – recognizing that the Alliance is only as strong as its weakest link. Initiatives such as the Cyber Defence Pledge, a commitment taken by the leaders of the 29 NATO Allies at their Summit in Warsaw in 2016, have played a crucial role in this regard. Not surprisingly, boosting information sharing has been an important strategy to allow for the most up-to-date picture of the cyber threats that NATO faces on a daily basis. “Exercising policies and procedures to ensure they are fit for purpose and deliver effective responses also continues to be critical. The Alliance also supports work to promote stability and reduce the risk of conflict,

recognizing that the international community stands to benefit from a norms-based, predictable, and secure cyberspace,” explains Slack.


operational activity in cyberspace. To that end, the CyOC has an important role to play, specifically from an operations and missions perspective. In short, it focuses on the operational dimension and contributes to NATO’s cyber defence and overall deterrence and defence.

When NATO Allies recognized cyberspace as a domain of operations in 2016, this was to ensure that NATO can be just as effective in cyberspace as it is in the other domains. In view of the cyber threat landscape, this entailed a change in mindset, given the fact that armed forces may need to operate in a contested or degraded cyber environment. Over the past years, cyber aspects have been integrated in the planning of NATO operations and missions. Most recently in 2018, Allies decided to stand up the Cyberspace Operations Centre (CyOC) in Mons, Belgium. As a major new component of the adapted NATO Command Structure, the CyOC supports commanders by providing a hub for situational awareness and coordinating NATO’s

As with any other potential response, Allies would decide based on the specific situation and by consensus at the North Atlantic Council. Allies agreed to integrate their sovereign cyber effects on a voluntary basis in the context of Alliance operations and missions. Should sovereign cyber effects be requested by a commander, it would be for Allies to determine how best to support this effort once a political decision had been taken. If offered to NATO, Allies would keep full ownership of their capabilities – just as Allies own the tanks, ships and aircraft on NATO missions. Slack concludes by affirming that, “As in all other domains, NATO would act in line with its defensive mandate and international law”.



Alan Dron asks the RAND Corporation’s Dr Jonathan Welburn, how an independent and non-partisan Global Cyber Attribution Consortium (GCAC) might be able to expose the invisible perpetrators behind some of the world’s most devastating cyber-attacks

One of the biggest problems facing nations or organizations hit by cyber-attacks is the difficulty of pinning down the identity of the attacker. Smoking guns are hard to come by in cyberspace. Aggressors have the advantage of being able to take the time to plan attacks through the most convoluted routes, making it difficult, if not impossible, for the country or company that has been attacked to definitively point a finger at the perpetrator. And even when a country does clearly state an attacker’s identity, as the US has done on several occasions, a blank denial by the


attacker is difficult to overcome. All too often, an accused nation can reject such accusations. However, a move is now afoot to try to make it more difficult for nations to simply wave away allegations of this kind. The US RAND Corporation think tank is proposing the creation of an impartial, expert, stateless and non-partisan Global Cyber Attribution Consortium (GCAC) that would convene to definitively pin down the source of cyberattacks. Still at the proposal stage, the GCAC would be drawn from a combination of experts from academic, industrial and technical specialist backgrounds, says RAND Corporation associate operations researcher Dr Jonathan Welburn. “There have been a





Hollywood personalities became the victims of a cyber-attack in 2014, when Sony Pictures’ systems were breached and a cache of private emails was made public

few meetings around the idea,” reveals Dr Welburn. At present, the GCAC is envisaged as “a non-governmental organization that would need industry buy-in, both in terms of technical support and funding”.


Dr Welburn believes that, initially, the GCAC could be set up by an organization such as RAND, but would then transition to become an independent entity. It would probably have a fixed location, but would draw on personnel from the academic and industry sectors, who would be seconded or loaned to the organization for a limited period. There would be a steady turnover of staff, suggests Dr Welburn.

it is hoped that working for GCAC would become a position of prestige, as it takes on issues of the day. This could mean it might only be stood up periodically, to tackle

several countries”. This would probably mean making use of individuals from those nations that are frequently accused of cyberattacks, so those nations could not

“An organization such as the GCAC is in the best interests of all parties” cyber issues as and when they arise. To help it achieve its position of non-partisanship, says Dr Welburn, “it would definitely need some sort of global participation from

then characterise the GCAC as a body that is hostile to them. Attributing a cyber-attack would depend on electronic evidence,

with the GCAC tracing an attack back to its source through technical indicators. For this to be achieved, explains Dr Welburn, “there needs to be some buy-in on the part of a victim, in handing over data and access to some of their systems”. He accepts that, no matter how high a level of unimpeachability that might be achieved by the consortium, there would be those who would, nevertheless, make accusations of bias. “I think that’s an inherent problem of the cyber domain. The idea of an organization like this is to ameliorate this problem as much as possible.” The best way to defeat such denials, reckons Dr Welburn, would

be to make the consortium’s investigations as open as possible: “If you add transparency to the analysis, it takes away the credibility of a country that tries to deny their association with an attacker.” There are good examples of reports into attacks that have achieved this, he says, such as the 2014 attack on Sony Pictures in the US that saw the release of a cache of embarrassing emails relating to Hollywood personalities. A temporary, consortium-type group was set up to investigate the attack, which eventually reported convincing evidence that it had allegedly come from North Korean state-sponsored hackers.


Attributing a cyber-attack depends on analysis of electronic evidence, tracing an attack back to its source through various technical indicators

Pyongyang denied any involvement. However, according to Dr Welburn, the thoroughness of the investigation inspired a high degree of confidence that the attackers had been pinned down accurately. A technical analysis of the attack established that it used similar malicious hacking tools and techniques that were previously identified by the FBI as being employed by North Korean hackers. In order to expose attacks of this nature and, in doing so, attempt to deter them in the future, Dr Welburn suggests that “an organization such as the GCAC is in the best interests of all parties”.



INDUSTRY PERSPECTIVE present and trusted partner that can help achieve the required set of security goals.

How does HAVELSAN support NATO’s digital enterprise?

Mr Ahmet Hamdi Atalay CEO, HAVELSAN

What are HAVELSAN’s cyber security and secure communications capabilities? HAVELSAN is the biggest software technology company in Turkey and the region. Our headcount is 1,850, our subsidiaries employ around 400 people, and we have more than 400 subcontractors in our ecosystem with around 2,500 employees. Tallying all those numbers together, it comes to about 5,000 people, around 50% of whom are computer and software engineers. In today’s complex and integrated information technology working environment, a strong cyber defence can only be achieved with a robust security architecture. To achieve this, however, it is crucial to undertake a requirement analysis and establish a roadmap based on the subsequent relevant targets. HAVELSAN offers a cyber security capacity-building programme that can provide the required security level for any infrastructure, utilising our analysis and test services and our inhouse-developed cyber security products. Thanks to the strength in depth of our cyber security experts and ecosystem, we are an ever-

HAVELSAN contributes actively to NATO cyber exercises, such as Locked Shields and Cyber Coalition. HAVELSAN engineers participate in CCDCOE training in order to study new topics and share experience. Last, but not least, HAVELSAN uses NATO Malware Information Sharing Platform (MISP) actively in the SOC activities.

What is the HAVELSAN Cyber Defence Technology Centre? The HAVELSAN Cyber Defence Technology Centre was established in order to provide five main functionalities:

cyber-attack response, CIRT support services, vulnerability assessment and penetration testing services alongside cyber security architecture and design consulting, cyber security hardening and red teaming. And, in order to provide our Advanced Cyber Security Training and Simulation Services, the HAVELSAN Cyber Defence Technology Centre has a training room in which cyber-attack and defence scenarios can be realized.

To which sectors does HAVELSAN offer cyber security and secure communications technology? HAVELSAN offers cyber security capabilities to the Turkish Armed Forces, Turkish Government institutions and critical infrastructure enterprises. HAVELSAN’s cyber

“In terms of cyber security, if you do not have control of the development of your services, you are not safe” • • • • •

Cyber Security Operations Centre Services; Public and Private Sector Enterprise Support Services; The Cyber Security Academy; Cyber Security Consultancy Services Cyber Security Software Development.

security customers are not limited to the local region, and our strategy in the technology transfer area covers countries with strong diplomatic ties to Turkey and, of course, NATO Partners. As you know, in terms of cyber security, if you do not have control of the development of your services, you are not safe.

The Cyber Defence Technology Centre provides 24/7 services including, proactive and real-time cyber incident monitoring and alerting, cyber threat analysis, cyber incident management, cyber incident reporting and cyber threat intelligence. Our Enterprise Support services span remote/on-site


as risk, vulnerability and capacity analyses. It also provides procedures for the task management of CBRN units and route planning to the relevant hazard area.

As a leading technology company in command, control and information systems (C2IS), HAVELSAN participates in the main C2IS events and forums, employing its own proprietary products and solutions. These high-profile activities include the Multilateral Interoperability Programme (MIP) and Coalition Warrior Interoperability eXercise (CWIX), as well as Combined Endeavor and numerous national interoperability exercises. DOOB is a Joint, MIP- and NATO-compatible, innovative C4I (command, control, communications, computer and intelligence) system. The main purpose of the DOOB product family (DOOB-HQ, DOOB-Tactical and DOOBMobile) is to increase situational awareness in the strategic, operational and tactical levels of command. Designed as an integrated defence solution, DOOB is well suited to joint operations and supports seamless information sharing between command posts, and can even be extended to include civilian assets. DOOB is highly customizable for any military organization at all levels. Our product line approach means that it can be quickly adapted/ customized to meet different requirements. CBRN-MENTOR supports all processes before, during and after CBRN (chemical, biological, radioactive and nuclear) incidents. The system enables resource planning, as well

CBRN-NEWS, a member of the CBRN-MENTOR family, identifies hazard and contaminated areas and units at risk by using geographical, meteorological and sensor data. The system automatically generates CBRN warnings and reports according to NATO standards. Sensor integration is provided by our CBRN-BRIDGE component. People, procedures and technology are the main components used to secure an infrastructure. But, with increased complexity and higher user numbers, ensuring the security of IT infrastructures is becoming harder. In terms of cyber security, there are several strands in which HAVELSAN can be your trusted partner. These include not only establishing a CSOC (cyber security operations centre), but also the delivery of analysis and test services, cyber security products and training. The Cyber Security Event Management and Analytics Platform provides central collection, correlation, inquiry and alarm generation of records created by an organization’s IT infrastructure components. In addition, the Load Balancer/Web Application Firewall provides detection and prevention of attacks targeting web applications, and load balancing for high amounts of network traffic. Also, the HAVELSAN Data Leakage Prevention System prevents leakage of critical information, and the HAVELSAN DLP ensures that sensitive or critical information is not accessed and sent outside the corporate IT infrastructure by unauthorized users.


Simon Michell asks Dr Antonio Missiroli, Assistant Secretary General of NATO’s Emerging Security Challenges Division, about the vital role that technology innovation is playing as the Alliance addresses a raft of advanced social and hybrid pressures


What are the key emerging challenges facing NATO?


Our Emerging Security Challenges (ESC) Division was established in 2010 to deal with the widening spectrum of unconventional risks and security threats facing the Alliance. While the understanding of ‘emerging’ versus ‘already emerged’ challenges may vary over time, we currently deal with policy issues pertaining to cyber defence, hybrid threats, energy security and counter-terrorism, as well as new and disruptive technologies.


This list is, of course, not exhaustive, and we continue to adapt as necessary, especially in light of ongoing technological developments. Autonomous systems, Artificial Intelligence (AI), Big Data and quantum computing are just a few areas that have completely transformed the context in which we discuss security and defence in the 21st century.

That said, the ‘emerging security challenges’ are most commonly understood as hostile activities falling below the traditional threshold of an armed conflict or attack. As an Alliance, we have to continuously adapt to the ever-changing security environment and threat landscape. Looking ahead, it is clear that the digital transformation of our societies is already having a significant impact on the future of conflict and warfare.

Q. A.

How is the Alliance addressing these new threats?

This is clearly an ongoing collective endeavour. The aim is to ensure the Alliance’s own resilience against new challenges, on the one hand, and to support the Allies in their national efforts, on the other. Our activities include coordinating and overseeing policies that enable NATO to formulate





and implement a coherent approach. The first step is raising awareness and adapting our mindsets. We also encourage the sharing of best practices and provide a platform for discussions among Allies. NATO already has important policies in place – such as the Cyber Defence Pledge and the CounterTerrorism Action Plan – that are helping us to increase our collective security. We have also established Counter Hybrid Support Teams, a concept that is now being put into practice. Allies have also turned their focus on emerging and disruptive technologies and will discuss in more depth how NATO could benefit from the opportunities, while addressing the threats arising from them. Last June, the Defence Ministers had an extensive discussion on this topic, highlighting a clear interest in stepping up our efforts in this field. In addition, we have increased our cooperation with the private sector and industry, as well as academia, who we see as key partners in raising our collective security. Cooperation with partner countries and international organizations is also essential. For example, the 60-year-old NATO Science for Peace and Security (SPS) Programme supports a sizeable network of scientists around the world and fosters security through joint practical cooperation between Allies and Partners.


We are also engaging with organizations such as the European Union, the United Nations and the

Organization for Security and Co-operation in Europe in order to support their international efforts to promote stability and reduce the risk of conflict in cyberspace. We firmly believe that we all stand to benefit from a norms-based, predictable and secure cyberspace. It is crucial that the Alliance continues to monitor the developments and adapts accordingly.


What role does technology play in today’s security environment?


It is difficult to overestimate the role of technology in any domain of today’s security and defence. Just as we consider technology as an enabler for many of our ambitions in the defence sector, and even more in the civilian sector, it also affects how our adversaries seek to undermine our security and challenge our way of life in new and unprecedented ways.



How can smart machines help NATO make smarter decisions?


The use of smart computer algorithms will impact every sector of societal development, including security and defence. AI will drive step changes in fields such as data analysis, autonomous systems and robotics. This will enable us to explore new interactions between humans and machines, and affect the future development of military capabilities. It is difficult to predict at this stage how quickly AI-related applications may advance, yet it is clear that many nations are setting out ambitious and competitive national strategies.

Technology already plays a major role in spotting those malicious activities and tracking down hostile actors, and we can only imagine how it will enhance our future capabilities. At the same time, however, the increased use of technology in all areas also multiplies the possibilities for our adversaries to compromise our security. Examples include cyber-attacks and malicious cyber activities to affect our critical national infrastructure (CNI), data manipulation, disinformation campaigns and the spreading of subversive content online. NATO’s Strategic Communications Centre of Excellence (StratCom) has recently demonstrated how open-source data and social media platforms can be used to manipulate human behaviour and, thus, potentially threaten our security. We must, indeed, keep in mind the role that individuals play in those interactions and provide the necessary education and training to enhance their skillset and raise their awareness of such risks.

With the development of military AI accelerating around the world, we cannot fall behind the curve. Emerging and disruptive technologies will alter the way in which we approach deterrence and defence, challenge interoperability, affect critical national infrastructure and require new approaches to arms control. We will also need to consider ethical standards in order to ensure safety, trust and fairness of our technological advancements. NATO’s technological edge has always been an essential enabler of our military posture. Our future security will be determined by our ability to understand, adopt and implement new technologies, including AI. While developments in emerging and disruptive technologies are primarily driven by national governments and, increasingly, by the private sector, we believe that only in collective effort can we use the opportunities to maximum effect. Defence innovation is vital, in order to maintain NATO’s technological edge and improve our collective security.





SECURE YOUR SMARTPHONE VOICE CALLS & MESSAGES Dencrypt Communication Solution protects your smartphone voice and message communication from eavesdropping. The Dencrypt Talk and Message apps combine state-of-the-art Dynamic Encryption with ease of use, making secure communication on standard smartphones straightforward.

Dencrypt Communication Solution is a rapidly deployable, scalable and secure communication platform, featuring » » » » » » »

End-to-end encryption High audio quality Group calls and messages Secure phone book and user activation Connectivity on all cellular and wireless networks Available as cloud service or enterprise solution Runs on standard iOS and Android smartphones

Distribution via MDM

Dencrypt is a leading provider of secure encrypted communication. Our solutions are based on Dynamic Encryption, a patented encryption technology developed for ultra-high protection. Dencrypt is a supplier to NATO.



approach to encryption would create a ‘moving target’, meaning that any attacker would only have small pieces of uniquely encrypted data to work with, making it impossible to fathom out the code and break the encryption system.

Hans Hasselby-Andersen CEO, Dencrypt

What is Dynamic Encryption? Dynamic Encryption is a movingtarget defence strategy applied to cryptography. It ensures that any potential breach can only ever reveal the contents of a single data transmission, as subsequent transmissions will be encrypted differently. It works by adding an encryption layer on top of an existing fixed encryption algorithm to provide extra protection. As you know, cryptanalysis – code breaking – normally requires large amounts of data encrypted by the same method. As Dynamic Encryption is constantly mutating, cryptanalysis is rendered nigh-on impossible. An added benefit of the Dynamic Encryption principle is that it extends the lifetime of any cryptosystem, as the outer layer shields the inner algorithm from attacks.

Professor Knudsen did not want the system to replace existing well-known encryption systems. Instead, he wanted it to function as an additional layer of security and, in doing so, offer a much higher security level.

How can Dynamic Encryption help organizations such as NATO? At Dencrypt, we have chosen to integrate Dynamic Encryption into our smartphone apps for voice and messaging. This is based on the simple fact that smartphones are already the primary communication tool for both professional and private users. Adding encrypted communication apps to your smartphone, therefore, combines convenience with security.

What is the history behind Dynamic Encryption?

People are much more likely to use a tool or system if it is convenient. In fact, in many cases we choose convenience over security. That’s why passwords like ‘123456’ are common. This highlights why the human factor should always be the primary consideration for any organization, including one such as NATO, as it seeks to improve its data security.

The Dynamic Encryption principle was developed at the Technical University of Denmark by Dencrypt’s Chief Cryptologist, Professor Lars Ramkilde Knudsen. His goal was to create a cryptosystem that would be much harder to analyze (break). He concluded that a time-varying

While some parts of the NATO organization use special devices or channels for secure communication when high levels of confidentiality are required, this is not necessarily a practical solution for all forms of day-to-day communication. Everyone

knows that the smartphone is, by far, the most efficient platform, simply because of its widespread use. Dynamic Encryption makes it possible to use insecure communication channels – such as mobile phone networks – because the encrypted data is practically useless to an attacker.

What other types of communications can Dencrypt protect? Our encryption can be used to protect a wide range of communication channels and applications. For example, it requires only a small computational overhead and a minimum introduction of delay, meaning it can be used in applications where bandwidth is ‘expensive’, such as satellite links, as well as in timecritical applications. In addition, as the 5G roll-out begins, we will see a vast increase in IoT devices. Many of them will be transmitting sensitive data, and so protecting that data is an obvious application for encryption. We are also continuously enhancing our existing smartphone solution, and in the future we will make it available on platforms beyond iOS and Android. Interoperability with other communication systems will be another focus area that will enable communication systems with both fixed-line and mobile devices in one coherent and secure network. On top of this, it is given that quantum computers at some point will pose a threat to conventional encryption systems. Dencrypt will have solutions ready when that time comes.




Space has always been regarded as essential by NATO, explains Laryssa Patten, JISR – Space Portfolio Manager at the NCI Agency. The Alliance has considered space vital to the success of all its operations; thus, for example, NATO has used Satellite Communications (SATCOM) for decades, either maintaining its own satellites for that purpose or – as is the case now – had servicelevel agreements (SLAs) with Member States to provide the necessary capability. Why NATO might take the decision now to declare space a formal domain would be


Recognizing the growing importance of Space in its planning and operations, NATO approved its first space policy this year and may soon recognize space as an operational domain. Mike Bryant talks to NCI Agency space experts Laryssa Patten and Flavio Giudice to find out how the Agency is supporting this eventuality

based on the fact that space is becoming “more congested, contested and competitive”, Patten notes. As a result, NATO has to secure its preparedness for any eventuality. Moreover, many of the Alliance’s Member States have already taken the step of declaring space a separate domain. The NCI Agency plays a vital role in NATO’s current space capability, providing related capabilities supporting SATCOM, space imagery, Joint ISR (Intelligence, Surveillance and Reconnaissance), Navigation Warfare (NAVWAR), Command and Control, and Ballistic Missile Defence (BMD). It has also been a key player in the NATO Bi-Strategic Commands’ Space Working Group (NBiSCSWG), which the Alliance stood up in September 2012. Should NATO declare space an operational domain, then the work of the Space Working Group will have been key in preparing the way. The Group, co-chaired by Allied Command Operations (ACO) and Allied Command Transformation (ACT), consists of national representatives and personnel permanently assigned to space within the NATO Command structure (many of them doublehatted). It played a leading role in the development of the overarching NATO space policy that was 59


approved by NATO’s North Atlantic Council (NAC) in June 2019: an important step perhaps towards NATO declaring space a domain of operations. Part of the Space Working Group – in fact, its current Secretary – is Flavio Giudice, the Space Subject Matter Expert at the NCI Agency. In addition to delivering systems that use and ensure delivery of space capabilities that are essential to current operations, Giudice and the NCI Agency offer NATO assistance with regard to space in terms of policy creation, undertake space-related studies and provide specialized technical knowledge to the Group. Another important aspect of Giudice’s and his colleagues’ mission is to provide support to NATO exercises and, as part of this latter remit, they have contributed significantly to NATO’s annual Trident series of exercises. The exercises of the Trident series were identified as the best way to ensure that NATO Commanders and personnel are aware of the important support that Space


NCI Agency SATCOM Technical Lead Huub Simons presents the NATO IV SATCOM programme details to General Manager Kevin J. Scheid (PHOTO: NCI AGENCY)

capabilities provide to NATO. Additionally, the exercises are also a great opportunity to validate processes and procedures, as well as coordinate space data, products and services with Space-capable nations and with the numerous operational communities that participate in the exercise. Hence space’s pivotal role in Trident Juncture 2018; it will also play an important part in the next Trident Jupiter, the first phase of which

NCI Agency leadership and experts met this year to discuss space support to Allied operations and to celebrate the approval of the space policy (PHOTO: NCI AGENCY)

takes place in November 2019, with the second being held at the end of March 2020.

PRIMARY AIMS Giudice talks of two primary aims for Trident Jupiter in respect of introducing a space dimension to the exercise’s scenarios. The first is to train NATO space personnel, both NATO’s small core team of less than a dozen personnel focused on the space environment and those temporarily assigned to address the requirements of space-related issues. Part of that focus is to train these individuals in space-related procedures, tools and mechanisms, including the crossover with related areas of NATO operations, such as cyber warfare and electronic warfare. The second priority is to demonstrate to all involved the importance of space to NATO operations, and to make clear the reliance on space for the success of all operations. Hence, the injection (known literally as ‘injects’) of space-related developments into exercise scenarios, such as GPS jamming or the use of space-based


imagery. In fact, six space ‘functional areas’ have been identified and are addressed when possible in NATO’s Trident exercises. These are: SATCOM; ISR; Positioning, Navigation and Timing (PNT); Shared Early Warning; Space Situational Awareness (SSA); and Space Weather. In Trident Juncture 2018, PNT and GPS jamming were a particular focus, confirms Giudice, while in Trident Junction 2017, the focus had been to highlight the dangers posed by adverse space weather, such as solar activity. An additional, non-specified functional area relates to counterspace technology, such as directed energy weapons that can also be

NATO requests space support from Member Countries as and when necessary injected into exercise scenarios if and when deemed appropriate to do so. Another, but more subsidiary, aim for the Space Working Group is to make those involved in NATO exercises understand that space support for operations on the ground, at sea or in the air (or, indeed, cyber warfare) is not always guaranteed. Outside

of formal agreements, NATO requests space support from Member Countries as and when necessary, but the assistance is not always supplied in full. Adapting to varying levels of provision of space support is another important factor that can be addressed in realistic NATO exercise training.






forces). Each site has space for at least one additional antenna, which, Griffiths observes, could operate in the Ka band, if required, as this frequency provides higher bandwidth with less congestion.

NATO is reaching the final stages of a long-running programme to improve its satellite communications (SATCOM) capability with the redevelopment and upgrade of its static satellite ground station network. In 2004, as part of the NATO SATCOM Post-2000 (NSP2K) programme, NATO decided against operating its own satellites in favour of purchasing Ultra High Frequency (UHF) and Super High Frequency (SHF) bandwidth capacity from the military segments of the national satellite systems of France (Syracuse), Italy (SICRAL) and the UK (Skynet). The arrangement was to last for 15 years, from January 2005 to the end of 2019, and was part of Capability Package 30 (CP30). Part of the programme included the redefinition of the Alliance’s ground segment requirement, with the decision to concentrate this into four multi-capable satellite ground stations (SGS). Richard Griffiths, SATCOM Operations Manager at the NCI Agency, explains that, in 2005, there were 20 NATO satellite ground terminals (SGT) which have now been reduced to four upgraded satellite ground stations. Apart from modernizing the technology,

the upgrade programme has produced greater efficiencies, with an approximate reduction in personnel of 75%. By next year, the ground segment will consist of two large, fourantenna stations (in Lughezzano near Verona, Italy, and Kester, Belgium) and two small singleantenna stations (in Izmir, Turkey, and Atalanti, Greece), which will provide access to satellites over the Indian Ocean. In Kester, the entire site has been replaced, while in Lughezzano three new antennas have been added to the single legacy antenna. Griffiths says that work on the project, which has cost 68 million EUR and has Leonardo UK as the prime contractor, started in 2013. Kester and Lughezzano should be operational by the end of 2019, with Izmir and Atalanti following in early 2020. The upgraded stations will act as teleports, providing the anchor stations giving access into the NATO general communications system (NGCS) for deployed NATO forces (all NATO stations currently operate in the X-band, which is the radio frequency primarily used by military


Giles Ebbutt talks to Richard Griffiths, the NCI Agency’s SATCOM Operations Manager, and Giovanni Durando, the Agency’s SATCOM service area owner, to find out how the Alliance is enhancing its satellite communications

Other improvements, apart from the new antennas, include the Advanced SATCOM Network Monitoring Capability (ASNMC), which provides both local and remote capabilities. This will enable the NATO Network Control Centres in Mons, Belgium, and Brunssum, Netherlands, to control the network and have a much-improved view of network performance than the legacy system.


Lughezzano ITALY


Atalanti GREECE

The new Electronic Protective Measures Modem System (EMS) provides frequency-hopping modems that will increase the resilience of the system against electronic attack. Multiple antenna heads enable the antennas to point at more than one satellite, increasing flexibility. There will also be increased data capacity.



Maritime navigation signals

Navigation aids (eg loran-C)

AM maritime radio

Shortwave radio, radiotelephony

VHF TV FM radio, navigation aids

UHF TV cell phones, GPS







100 km


3 kHz


10 km

1 km

100 m

10 m


10 cm

1 cm

30 kHz

300 kHz

3 MHz

30 MHz

300 MHz

3 GHz

30 GHz

Increasing wavelength

1 mm

Increasing frequency 300 GHz

1-40 GHz Satellite frequency 1 2 L

4 S

8 C

12 X

CP130 BEGINS IN 2020 As NSP2K ends, it will be replaced by the 15-year 1.5 billion EUR CP130, which is due to commence in January 2020, having received funding approval in March 2016, with the authorization to commit NATO funds granted in May 2019. The bulk of activity will be devoted to upgrading the space segment, with the current consortium of nations expanded to include the United States, the addition of which adds access to the Extremely High Frequency (EHF) Wideband Global SATCOM (WGS) system. Giovanni Durando, SATCOM Service Area Owner at the NCI Agency, says that, overall, the new arrangements will provide much greater traffic capacity and an increased area of operations.


Radio astronomy Satellite/ radar landing microwave systems telecommunications

The NSP2K programme included the redefinition of NATO’s ground segment requirement (PHOTO: NCI AGENCY)

18 Ku

26 K

The space segment programme also includes the development of contingency arrangements with commercial providers in order to meet urgent requirements. These will be activated when required, according to the needs of the Alliance’s strategic commanders. They will probably be Ka band, but could also be UHF or SHF. An additional 5 million EUR has been allocated for access to Inmarsat and Iridium low-frequency L-band satellite constellations to provide mobile communications at sea, on land and in the air, in support of NATO Operational Liaison and Reconnaissance Teams (OLRTs). At a cost of nearly 0.5 billion EUR, CP130 delivers improvements to the ground segment, which are expected to be completed by the end of 2021. The current UHF capability is being upgraded from Demand Assigned Multiple Access (DAMA) to Integrated Waveform (IW), which will support faster communications, offer better reliability and deliver improved functionality. This has already been achieved in Kosovo for the NATOled international peacekeeping force there (KFOR), and in Bosnia and Herzegovina for the European Union’s peacekeeping and training mission (Operation Althea). It will be




completed for Operation Resolute Support in Afghanistan in late 2019. As part of this overall transformation, the current third-generation transportable satellite ground terminals (TSGT) will be upgraded, and new fourthgeneration terminals purchased. New deployable and portable manpack terminals will also be procured – the latter providing both X-band and Ka-band capability. New UHF IW-compatible tactical satellite radios will be acquired to replace the current Harris 117 series, for which a Foreign Military Sales (FMS) case is currently being prepared. Finally, other ground segment projects include: upgrading the baseband; improving the anti-jam capabilities for modems (either by upgrading the EMS or by investing in new technology); and upgrading the management and control system installed in the terminals. Thanks to these improvements, the Alliance will be able to react more quickly to events, and NATO Commanders will be able to direct forces from any location. This will increase force readiness and the speed at which troops can deploy, to better protect NATO Member States and their populations.

NATO MISSION IRAQ The NCI Agency supports NATO Mission Iraq (NMI) remotely from home bases, as well as with deployed experts. Alan Dron asks Marek Flis, the NCI Agency’s Staff Officer Projects in Iraq, what this entails

Baghdad is not normally the type of city you would volunteer to visit. Certainly, the security situation has gradually improved since the defeat of the Islamic State, and the city’s citizens now enjoy something more approaching normality, but nevertheless it is still not without risk. That said, the highly protected 10 km² Green Zone of central Baghdad that surrounds government offices, embassies and expatriates’ residences is probably the most secure district in the entire country, and it is possible to walk or cycle around in it in relative safety.

But bombings still occur, and many foreign governments still caution against visiting Baghdad, specifically, and Iraq as a whole. It is those surroundings, however, that are currently ‘home’ to NCI Agency Head Project Management Officer Marek Flis, as he undertakes a fourmonth tour of duty in the country.

SIGNAL SUPPORT GROUP In Baghdad, the NCI Agency has combined with the NATO Communications and Information Systems Group (NCISG) to form a

Signal Support Group that operates all CIS (Communications and Information Systems) assets for NMI. Flis, who has been with NCI Agency for almost a decade after a 16-year career in the Polish Army, says that the scope of his role there “is an evolving mission”. In general, however, his role is “to analyse the situation on the ground, see what’s there, try to collect requirements for information and close the gap between what’s on the ground and the actual requirement”.





Each year, highly skilled staff from NATO’s technical agency deploy to support the Alliance’s operations and missions. Experts from the NCI Agency support the Alliance every day remotely, but staff also deploy to areas where NATO missions are conducted, to provide their expertise in person. Accordingly, the Agency is constantly deploying

Flis’s stay in Baghdad will not be his first mission for the Agency in difficult conditions; he deployed to Afghanistan for six months in 2012 in a similar role. He regards working in such environments as a normal aspect of working for the NCI Agency: “It’s part of the job description.” He accepts the Agency’s work in Iraq as a natural part of its mission and, for that reason, “It was very natural to volunteer, to extend that mission”. His career outside of Iraq has seen him operate in a variety of roles, including national acquisition projects and the Alliance Ground Surveillance programme, which operates five Global Hawk aircraft and the associated command and control base stations on behalf of all 29 Allies. At present, Flis works in the Independent Verification and Validation Service Line.


its personnel to NATO mission areas such as Iraq, Afghanistan and Kosovo. Some employees deploy for short trips, while others fill crisis establishment posts for three- to six-month rotations. The NCI Agency fills 12 such posts for the Resolute Support mission in Afghanistan, and two for NATO Mission Iraq (NMI).

The NMI was stood up around a year ago and initial tranches of equipment were swiftly sent to Iraq. However, as the mission took shape and situational awareness grew, NMI staff gained a better idea of their requirements and requested some improvements and changes to the set-up. “Many of them were

When fulfilled, those requests should bring the CIS assets of the mission closer to the desired state. “As the users draft the requirement for CIS and coordinate them among various stakeholders, the execution has to be assigned to one entity responsible for implementation – in NATO language, the Host Nation.

The Agency is constantly deploying its personnel to NATO mission areas addressed on the ground using the available stock,” says Flis. “Others, though, required more significant investments and were captured as Crisis Response Urgent Operational Requirements.”

Residents of Baghdad and the city’s visitors can now enjoy something approaching normality in their daily lives as the security situation has improved (PHOTO: NCI AGENCY)

The role of the Host Nation is being fulfilled by the NCI Agency,” says Flis. “If a user is experiencing CIS shortfalls affecting the mission, then our role as a team, and mine as project officer, is to help address them. It may mean capturing the requirements, clarifying them by providing context, preparing and facilitating site surveys and assisting in implementation. “Every mission opens our eyes to so many things, especially when it involves mainly deployable assets, like this one. Without doubt, NATO will certainly rethink some principles and concepts of operation (CONOPS) based on lessons learned from this mission. NMI poses some challenges that will have to be accounted for in the future design of systems and the ways they are operated and maintained,” Flis concludes.


In Baghdad, the NCI Agency has combined with the NATO Communications and Information Systems Group (NCISG) to form a Signal Support Group that operates all Communications and Information Systems) assets (PHOTOS: NCI AGENCY)






Dealing with the potential threat posed by unmanned aerial vehicles (‘drones’) has assumed far greater importance during the past few years. Such devices may be employed to disrupt routine activities, like that which occurred at London’s Gatwick Airport in December 2018, or for more damaging effects, such as attacks with weaponry or the use of electronic equipment to impair or destroy communications networks.

Team – this will be NATO’s centre of excellence for counter-drone technology and operations, and it is being created within the Agency’s Joint Intelligence Surveillance and Reconnaissance service line in The Hague, Netherlands. Its permanent core will comprise a small team of personnel seconded from the NCI Agency, with these being augmented by specialists in the field that will be provided on a voluntary basis by the various NATO Member States.


René Thaens, Head of the NCI Agency’s Electronic Warfare and Sensors Branch, tells Lindsay Peacock how the Agency’s C-DART counter-drone project will protect NATO troops deployed on operations

PROVEN RECORD Developing effective countermeasures to nullify the threat is clearly a national concern for most, perhaps all, NATO Member States, but the effort certainly doesn’t end there, with the NCI Agency having moved to establish a counter-drone project of its own. Known as C-DART – CounterDrone Alliance RDO (Research via Development to Operations)

The NCI Agency was selected to create C-DART because of its proven record in activity related to counter-drone operations, including more than a decade of providing support to NATO’s Defence Against Terrorism (DAT) efforts, especially in the field of neutralizing IEDs (Improvised Explosive Devices). The Agency’s ISR (Intelligence, Surveillance and Reconnaissance)

As well as being used by defence forces, drones are also increasing deployed by rogue actors (PHOTO: NCI AGENCY)



expertise was also influential through activities such as remote sensing using radar and/or radiofrequency sensors, as well as EO/IR (electro optical/infrared) cameras. Furthermore, Agency personnel have been repeatedly involved in NATO working groups and other bodies engaged in tackling Counter-Unmanned Aerial Systems problems for the past two years. When it comes to countering the drone threat, C-DART will actively support NATO command organizations and Member States. This will be accomplished by seeking to improve technical and operational interoperability through standardization, as well as aiding in the development of NATO standards where and when required. Its brief will extend to providing assistance to the organization and hosting exercises and conferences.

C-DART PRIORITIES According to René Thaens, Head of the NCI Agency’s Electronic Warfare and Sensors Branch, key priorities to be addressed by the C-DART Centre include “implementation of the NATO C-UAS Program of Work; developing a NATO C-UAS Handbook and lexicon; and identifying interoperability gaps”. Looking to the future, he reveals that “C-DART will continue to refine terms of reference and mature as a centre of expertise”.


London’s Gatwick Airport experienced serious disruption in December 2018 as a result of numerous drone sightings

At the same time, C-DART will seek cooperation with industry, academia and R&D establishments in order to ensure that it remains abreast of developing technologies, with specific applications in the counter-drone field. This work will include some research and experimental activity, primarily involving practical and live demonstrations, in order to rapidly assess the potential of new ideas.

INITIAL CAPABILITY This is perhaps best exemplified by the release in May 2019 of an invitation for bid (IFB) document that will eventually result in the procurement of NATO’s first counter-drone capability. This is expected to lead to the acquisition of an array of sensors and systems

“C-DART will continue to refine terms of reference and mature as a centre of expertise”

that are able to first detect and then locate precisely the position of what are perceived to be hostile drones, before active measures are taken to deal with the threat or threats. In his capacity as Project Manager for this evolving C-UAS system, Thaens states: “The release of this IFB is a major milestone, not only for the project, but also for NATO.” Responsibility for delivering a C-UAS capability that can be deployed in the first half of 2020 to protect those personnel assigned to NATO’s Resolute Support Mission (RSM) in Afghanistan is vested in the NCI Agency. Although there is no direct link between the two, C-DART expertise is expected to be closely associated with the programme. During the early period of C-DART’s existence, funding is mostly being provided by NATO’s Defence Against Terrorism Programme of Work (DATPOW). However, looking to the future, it is anticipated that some funding will flow from NATO commands and Member States in payment for requested support that is furnished directly. This source of income is expected to grow as the organization reaches maturity.

Chris Aaron speaks to Darren Saralis – Senior Scientist, Joint Intelligence, Surveillance and Reconnaissance at the NCI Agency – about NATO’s challenge to use Big Data in aid of military decision-making

When United States strategist and fast-jet pilot John Boyd developed his theories of Energy-Manoeuvre and the OODA Loop (Observe-OrientateDecide-Act) in the 1970s, he is rumoured to have borrowed the mainframe computer time needed to prove his theories




from other projects. Today, his laptop – perhaps even his smartphone – could process the data and calculations involved in a fraction of the time. The quantity of relevant and near-real-time data available to aid military decision-making has exploded in the past 10 years. This volume arguably makes the



‘Observe’ part of the OODA loop easier, but it presents a different challenge in finding the most pertinent data to aid the ‘Orientate’ and ‘Decide’ stages. As Darren Saralis – Senior Scientist, Joint Intelligence, Surveillance and Reconnaissance at the NCI Agency – explains, NATO militaries are just leaving the starting blocks in terms of developing the skills, technologies, policies and procedures that will be needed to optimize the opportunity that Big Data offers in the battlespace.

need for relevant data widens considerably. The velocity of data is all about how quickly it changes, and how quickly it can be harvested and processed. In the end, the OODA loop was all about time, and time remains a focus in the Big Data age.

VARIETY OF DATA The variety of data available for ingestion by the decision-making system ranges from closed-source military databases, open-source publications, dark and deep web communications, to social media






way the intelligence community digests incoming intel traffic: they still try to read it, but that now is physically impossible. “There is a need to observe and monitor an adversary’s capabilities; understand the environment and terrain you are operating in; and, how other actors, such as hostnation military and law enforcement, and the general population with their loyalties, will influence your actions,” says Saralis. “You’re trying to achieve some degree of situational awareness, either through various collection platforms that the military might own and task, or now through the available open-source information that you can suck in. You may not be able to control the tasking of this, but you can ingest it.” This process is known as ‘sensemaking’. United Kingdom doctrine has developed a statement in this regard, explaining that Situational Awareness plus Analysis provides Comprehension, and Comprehension overlaid with Military Judgement offers Understanding. That Understanding allows a degree of foresight, and the ability to get inside the adversary’s OODA Loop.

NEED FOR INNOVATION Saralis notes that analysts talk about the ‘4Vs’ of Big Data – Volume, Velocity, Variety and Veracity. The volume of data as an issue is easy to understand when one considers the proliferation of military sensors, from satellites to micro-drones, and also the billions of items of data created and communicated daily from smartphones and laptops across a global landscape.


In a congested environment, where military decision-making needs to factor local cultural and social issues when targeting an adversary, the

feeds. The data might be structured, as in a database, or unstructured as in a Facebook post. The data collection may have been ‘tasked’ for a particular purpose, or simply ‘absorbed’ from the datasphere. Finally, the veracity of the data has somehow to be managed – deception, misinformation and fake news will mislead and, thus, all data must somehow be tested for credibility and reliability. Saralis points to a recent NATO Big Data workshop, which observed that what has not changed is the

These are some of the challenges that will require technical and procedural innovations to be developed, and skilled personnel to be trained, so that data can be collected and processed in a consistent, repeatable manner. But, as Saralis observes, even as NATO advances on the foothills of the information age, the landscape is rapidly changing, so any development will need to display an agility uncommon in the domain of military procurement. Learning to fail, and learning fast from failures, will be a necessary mode of operation.


Although the General in his operational HQ and a soldier in his foxhole need different sorts of information, both might require the same volumes of data (PHOTOS: ABOVE – WO FRAN C.VALVERDE/NATO; BELOW – MASS COMMUNICATION SPECIALIST 1ST CLASS ABRAHAM ESSENMACHER/NATO)

Determining users’ information requirements is a crucial aspect of the information superiority war. ‘User Stories’ are a commonplace aspect of business analysis in the commercial world, but ‘User Stories’ relating to a General in a Headquarters, or to a soldier in a foxhole, somehow seem not quite so appropriate. However, the approach is entirely pertinent. In an environment where the available data has ballooned, the question becomes: ‘What information is relevant to whom?’ Beyond collecting the data, it is essential to capture the user’s information needs. The Commander might be thought to need more information than the soldier on the ground, but in terms of data quantity it may not be so different – it may just differ in kind. How do the data needs of users change over time, from mission planning to the conduct of operations, for example? How can systems recognize such shifts and deliver on the varying need?

How, also, should data be presented to optimize decision-making? Data Fusion and Visualization are two of the great challenges ahead. You can gather information, label, tag and store it appropriately, but that data is useless unless we can extract it, present it and understand it. How do we visualise the data: with heat maps, topic clustering, or perhaps in relationship view? These visualizations need to be overlaid and fused with our own classified

intelligence to improve our situational awareness and, ultimately, our understanding. Identifying and managing dynamic user information needs; collecting, storing, extracting and fusing information; and then presenting the appropriate information to the user (whether the Commander or a foot soldier) so as to maximise Understanding, these are the Big Data challenges that lie ahead.





The winner of this year’s NITEC19 Innovation Challenge was a collaboration between the US Naval Postgraduate School (NPS) and the Norwegian Defence Research Establishment (FFI). Their successful proposal, entitled ‘Dual-use of AIS-data; combining historical and live AIS track with social network analysis for increased maritime network awareness’ is a tool that can be applied to the data collected from vessels’ automatic identification system (AIS). By merging AIS data with information from other sources, such as vessel ownership records, and then passing it through an algorithm developed by the NPS/FFI team, it is possible to create a far richer picture of vessel movements, which should help to identify unusual behaviour, and perhaps uncover illegal activities involving maritime vessels, such as piracy, smuggling, illegal migration or terrorism. Various NATO bodies have been undertaking related forms of analysis, inspired by other realworld networks. One such body is the Centre for Maritime Research and Experimentation (CMRE), an


Mike Bryant talks to Michael Street, the NCI Agency’s Head of Innovation and Data Science, and Dr Catherine Warner, Director of NATO’s Centre for Maritime Research and Experimentation, to find out how the winning team from the NITEC’19 Innovation Challenge is helping NATO make smarter decisions

executive body of NATO’s Science and Technology Organization (STO), headed by Dr Catherine Warner. The CMRE has been at the forefront of research into the potential value of Big Data and has also delved into ways in which unclassified data, such as AIS, can be used to make the world’s seas a safer place. The Centre has developed a methodology of analyzing AIS data, inspired by the motion of subatomic particles and stock option fluctuations, to develop mathematical models expressed in terms of a Maritime Traffic Graph (also sometimes referred to as a Maritime Traffic Network, or MTN). Vessel routes and the related kinematics are abstracted within the CMRE model to allow for ships’ likely future locations to be plotted and, therefore, to detect unusual deviations in movement. It should be noted that AIS data can be turned off, masked or spoofed, and so both the CMRE and the NPS/ FFI models can therefore be used to flag-up potentially alarming deviations in ships’ activity in the absence of any AIS data. Collaboration between the CMRE and new ideas, such as that of the NITEC’19 Innovation Challenge winner, could be extremely beneficial, says Warner. Indeed, 75


she suggests, “It would be really interesting to combine the social network concept with the MTN, highlighting the potentialities of both approaches. “Many of the other Innovation Challenge entrants presented various types of maritime situational awareness tools using AIS data fused with different types of information (social networks, coastal radars, satellite imagery, and so on). It is of interest to NATO, the NCI Agency and the CMRE to gather all of these ideas to create new tools for maritime operators.”

FOCUS ON BIG DATA Big Data analytics is very much a focus of the NCI Agency’s current work. This accounts for Michael Street’s enthusiasm. The head of the Agency’s innovation and data science explains, “We’re really excited about the winning concept. It’s a great example of data science being applied to help military commanders make better decisions, faster. We are already putting in place arrangements to take the concept into an exercise or other suitable environment in which it can be used alongside live data – putting it in front of the NATO operational community.”


The NITEC19 Innovation Challenge winners from the NPS and FFI developed an artificial intelligence-based system that uses AIS data and other feeds to uncover suspicious vessel behaviour (PHOTO: NCI AGENCY)

The NPS/FFI concept is built around data fusion, data analytics, machine learning and – in the round – ‘smarter machines’, Street points out. As well as the CMRE and its work around AIS data, the NCI Agency is also conducting a good deal of research and evaluation involving Big Data analytics. One focus is on natural language processing – using computers to work through large numbers of, possibly, very large documents in order to flag-up areas of concern. Not only can such natural language processing alert humans to aspects of documents that they should take

Innovative Big Data analytical tools are helping derive new lessons from postexercise analysis, such as Trident Juncture 2018 (PHOTO: WO FRAN C VALVERDE/NATO)

a look at, the smart machines of today can also provide an overview of general trends and topics across large numbers of documents and, of course, do it much more quickly than any team of humans could. Another NCI Agency focus is applying machine learning and data analytics to identify cyber security threats. Related to this, the NCI Agency is evaluating how data analytics can be used to drill down on any unusual relationships or correlations in regard to IT system issues or similar incidents in those cases where the systems have not performed as might have been expected. Big Data analysis is also being undertaken now in the follow-up to NATO exercises to offer a very different perspective on what can be learnt. “Studying the huge amount of data that is produced during, for example, 2018’s Trident Juncture exercise – NATO’s biggest for many years – offers insights of a very different nature to the traditional methods of assessing exercises: this is another example of Big Data and data science supplementing traditional military activities,” Street concludes.

Chris Aaron talks to the NCI Agency’s Dr Franco Fiore and David Sampietro about transforming Agency procurement by implementing a single external-facing system for all suppliers – Neo

Since the NCI Agency was established in 2012, work has been under way to rationalize legacy administrative systems, including two Enterprise Resource Planning (ERP) systems, as well as the disjointed business process. The outcome is the introduction of a single transactional system that simplifies bureaucracy, supports paperless procedures, and empowers automation and self-service tools, eventually





Neo will transform the way in which the NCI Agency collaborates with potential industry partners (PHOTO: NCI AGENCY)

enabling one operating model to run all of the Agency’s day-today activities. This system has not only changed the way in which the organization works, it will also overhaul the way it collaborates with potential industry partners, thanks to its new, single eProcurement platform, Neo, which is being implemented by the Agency’s Enterprise Business Applications (EBA) programme.


So far, EBA has been rolled out in a phased manner following an ‘agile’ philosophy, and its introduction has been overseen by Dr Franco Fiore, Programme Manager, and David Sampietro, Project Manager for EBA Release 1 and 2. While EBA Release 1,

which went live in March 2018, saw the implementation of a single platform for all of the Agency’s internal transactions, EBA Release 2, which will introduce Neo, focuses on external, existing and prospective suppliers. The advantages should manifest as increased standardization and transparency, fewer people-hours spent on processing paperwork, and faster decision-making, the latter enabled by an electronic approval workflows.

INTRODUCING NEO The phased roll-out of Neo is scheduled for early 2020, and will deliver advanced eProcurement

functions. It is split into three modules, two of which are also internet-facing: the iSupplier Portal, which will manage all supplier data and contract administration (such as purchase orders and invoices), and the Sourcing Portal, which will enable more automated and efficient online bidding. The Contract Management module is exclusively for internal use by the Acquisition personnel, who will be empowered with a multitude of advanced features, mainly facilitating the development of a contract, as well as the execution of the Procure to Pay process. “We want to enrich our dialogue with industry by implementing Neo, which will significantly improve user experience from the solicitation

process to contract administration,” explains Dr Fiore. A particular challenge with the Neo rollout is the amount of change management involved. Dr Fiore notes that an extensive communications and training programme is being put in place to introduce new business processes and operating procedures, and that this will involve both internal personnel and external suppliers, who will be interacting with the Agency through Neo. External users will be kept up to date with the progress of the new system through an outreach campaign developed by Karolina Sober, EBA Communications and Change Management lead.


An extensive communications and training programme is being put in place to introduce new business processes and operating procedures (PHOTO:NCI AGENCY)

“We want to enrich our dialogue with industry by implementing Neo” The security aspects of the externalfacing portals are, obviously, a key concern and Jonathan Falconer, the EBA Technical Lead, is working closely with the Agency’s cyber security team to build a strong security layer around Neo. Further releases of EBA will bring about advanced HR tools and will substitute the current project management system of the Agency. This will further reduce bureaucracy,

creating greater coherence and efficiency throughout all of the Agency’s internal and external business transactions. “It is our goal to empower industry to deliver the best capability and service to the Alliance. Implementing technology such as Neo is in line with the digital transformation of NATO,” concludes David Sampietro.





“NATO had a higher profile during recent operations, but we’ve seen a reversal of candidate behaviour – as market demands have risen, applicants have declined,” says NCI Agency Talent Attraction Team Leader Lindsey Stone. “We need to reach out to find talent, rather than just letting candidates find us.” This has led to a rethink of how to leverage the NATO brand in a quest to find people who are less interested in commercial products and the bottom line, but more in how they can contribute to NATO’s mission to protect one billion people. “Young people need to know why we are here and how we are different – we’re an international organization supporting 29 Member States through NATO projects. Candidates need to know we’re not just looking for experience within a military background. We need tech talent to deliver NATO’s digital endeavour,” explains Stone. “Here, you are contributing to something that will really set you apart – working (PHOTO: NCI AGENCY)

together to protect people in real ways, through contributing to NATO operations and exercises.” In a constantly evolving threat environment, the NCI Agency is looking to fill a variety of cyber, data analytics and IT roles. NCI Agency recruiter Gabriela Rebrean, who specializes in cyber, says her current search is for people that are able to design cyber security solutions. “In past years, the IT domain, including cyber security, evolved exponentially, requiring a more agile and dedicated workforce. To succeed in this area, you really need to like technology, mathematics, and engineering,” she explains.


In the face of fierce market competition for scarce tech talent, the NCI Agency launches a new programme for graduates that has been designed to develop a bespoke workforce to support NATO’s Digital Endeavour. Ann Rogers speaks to NCI Agency recruiters Lindsey Stone and Gabriela Rebrean about the challenges

“The current demand is for people with skills in cryptography. We have an immediate skills gap in security accreditation. We need people to conduct risk assessments and validate systems from a security point of view, and this is a need across all ministries of defence, as well as NATO as a whole.”

GRADUATE PROGRAMME A key part of the NCI Agency recruitment strategy is a newly launched programme aimed at recent graduates, who will be hired 81


The NCI Agency’s recruitment programme will hire graduates as NATO employees for three years, and each will be mentored by field experts to develop skills on the job (PHOTO: NCI AGENCY)

for three years as NATO employees, but who will learn on the job. Successful candidates will rotate through a variety of placements and work on business-related projects with practical outcomes. They will be mentored one-on-one by field experts who are fully committed to spending time developing the skillsets of the graduates. “Yes, our experts are geeks and love their computers, but they are willing to share their knowledge and expertise,” says Rebrean. “They realize that to learn and achieve practical skills, you need lots of hands-on experience.”


The graduate initiative builds on highly successful internship and cyber summer school programmes that have sold both participants and staff on the value of working with young people who have new skills and ideas, but may lack practical experience. This year, the team fielded 60 requests for interns, as well as looking for its first intake of 30 candidates for the graduate programme. As an added bonus, the search for talent within universities may also create more opportunities for encouraging diversity within the tech sector. “There is a shortage of

The NCI Agency’s graduate initiative could also help to encourage diversity within the tech sector (PHOTO: NCI AGENCY)

diverse role models within the sector,” Rebrean explains. “We are looking at our outreach programmes and our branding to see how we can broaden our appeal and address diversity and inclusion issues across the Alliance. We can go into universities to find people, bring them in and grow their talent, and we look forward to working with Member States to make sure they are represented.”

IDEAL CANDIDATE The ideal candidate will have theoretical and academic training which can be developed to support NATO’s evolving needs. In return, they will find a mission and environment a million miles away from the ‘move-fast-and-breakthings’ ethos of Silicon Valley. “The graduate programme is designed to help us develop and nurture our own talent, recognizing that the needs of NATO can be very bespoke and very particular,” concludes Stone. “Through training, learning and mentorship within the graduate programme we can create the well-rounded, tech-savvy leaders we need and, ideally, retain them in NATO, because they will know that their work is meaningful and valuable.”

Diana de Vivo, Stakeholder Engagement and Diversity Advocate at the NCI Agency, asks Clare Hutchinson, NATO Secretary General’s Special Representative for Women, Peace and Security, about her tireless efforts to promote inclusivity and integration




Why is advancing the Women, Peace and Security (WPS) Agenda important to NATO?


As the security landscape evolves, there are new areas where threats arise – the hybrid domain, in particular – and this has implications for the way we think about security today. NATO, as the largest political-military Alliance in the world, has a responsibility to set the tone for the political debate and to affirm that gender equality is an integral part of its core values. To be a successful, agile and modern Alliance, we have to take into account the perspectives of both men and women. If we solely look at security in a traditional way, we miss out by leaving behind 50% of the population. Threats such as human trafficking, conflict-related sexual violence and the impact of armed conflict on children are a security threat to the Alliance.



High on the WPS Agenda are efforts to increase the involvement of women in STEM (PHOTO: NCI AGENCY)

A lot of progress has been made since the endorsement of NATO’s first Policy on Women Peace and Security in 2007. Women are affected by conflict and instability in different ways than men. Addressing these different security needs allows us, as an Alliance, to respond to conflict and instability (and their root causes) in a more effective and sustainable way. Through the Civil Society Advisory Panel (CSAP), we are engaging with civil society from Allied, partner and conflict-affected countries to broaden our security dialogue and understand the needs of people on the ground and what lessons NATO can learn.


What is WPS doing to enhance the number of women within NATO?


One of the pillars of the NATO/EAPC Policy on Women Peace and Security and Action Plan is ‘Inclusiveness’ – enhancing the number of women within the organization. We are collaborating with the Executive Management Division by adopting several measures to remove the barriers for women’s participation at NATO, such as ensuring women are equally represented in recruitment panels.


We also work with Allies and Partners to support their efforts to increase the number of women in their Armed Forces and the number of women they deploy to NATO operations and missions. Research has shown that a diverse military is a force multiplier, which enhances operational effectiveness. By deploying diverse troops, the local population can be accessed in a different way and issues on the ground can be analysed from a different perspective.

Changing the cultural and institutional obstacles is key to enhancing women’s participation across NATO. Through the Diversity and Inclusion Action Plan, NATO is working to change the cultural dynamics and institutional barriers to attract and retain women at NATO Headquarters. As a military Alliance, NATO is often perceived as a masculine and traditional institution. Therefore, many women feel they don’t have a role to play. We are working with the Public Diplomacy Division to change and refresh the narrative of who we are and how we promote NATO to the outside world. There is a need for a wide variety of skills at NATO, from journalists to engineers.


How will the gender bias in emerging tech impact the WPS Agenda in the future?


There can be a risk of Artificial Intelligence and emerging technology marginalizing women. New technologies can often be biased against women. Diversity, including a better gender balance in the technology workforce, will ensure the products we will be using reflect the whole of the population. Diversity

Greater diversity in the tech world requires more education and training opportunities for women (PHOTO: NCI AGENCY)


Inclusivity and integration initiatives aim to improve the prospects for women to follow in the footsteps of senior figures such as Commodore Josée Kurtz, Commander of Standing NATO Maritime Group Two (SNMG2) (PHOTO: NATO)

of thought within tech development will enhance the quality of product/content development and economic growth. Technology is the future – if we miss the opportunity to enhance diversity in tech, it will set gender equality back, but also the economic impact will be profound.


What can be done to tackle the gender norms that limit women’s role in technology and Science, Technology, Engineering and Mathematics (STEM)?


When I started my career, I worked in a tech company just as the internet was rolling out into the public domain. Technology is key for connecting and building communities, especially in conflict-related areas. The potential of technology for social cohesion is sometimes overlooked, as well as the gender dynamics of this. More women are becoming gamers, hackers and software developers, but we are creating the virtual world with a masculine approach and through a masculine lens. We must think more broadly and start getting more women into STEM.

We need to change the narrative of what is possible in the tech world, which needs creative and disruptive thinkers, a diverse workforce, to be able to identify solutions to global issues. The more we engage women, the more creative technology will be, and the more problems can be identified and resolved. The rate of tech development is extremely fast. Integrating women into this field is an economic, societal and intellectual imperative. It is a global responsibility to encourage young girls to learn STEM subjects. Women can perform many different roles in tech. This needs to be highlighted and promoted within the broader society. Engaging women does not imply that men lose out. It is not a zero-sum game – everybody benefits from it, both men and women.






As the new NCI Academy in Oeiras, Portugal, opens its doors to students for the first time, it aims not only to deliver a stream of suitably qualified and trained personnel, but also to do so in an increasing number of fields. The NATO Communications and Information Systems School (NCISS) is now based at a new, state-of-the-art building in Oeiras, having relocated from Latina, south of Rome. The decision to move the school to Portugal was combined with one to broaden the scope of training and to establish wider partnerships in the C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance) and cyber fields. Ground was broken at the site in 2017 and the new NCI Academy is already providing expert training to civilian and military staff from NATO

and its Member States on the Alliance’s advanced IT and cyber systems – both software and hardware. The Academy will also replace the Air Command and Control Training School in Glons, Belgium, as well as two additional training sites located in Mons, Belgium, and The Hague, Netherlands. Operators trained at the new Agency facility will be part of the Alliance’s 21st-century ‘digitally savvy’ workforce. The large majority of the Academy students will be going on to staff NATO’s Federated Mission Network (FMN) and its future IT and communications systems, as well as the Alliance’s air, ballistic and cyber defences.


Colonel Paulo Nunes, Director of the new NCI Academy in Oeiras, Portugal, tells Alan Dron how its wider C4ISR curriculum and expanded student base will play a major role in defending NATO Nations against cyberattacks and other security-related threats

A NEW CURRICULUM Since March 2018, an NCI Academy interim training facility has been operational at Oeiras. A significant step towards launching a new curriculum for cyber defence across the Alliance took place in February 2019 when the first NATO Cyber

The new NCI Academy in Portugal offers a wider curriculum to more students than its predecessor



Defence Advisor Course was conducted at the interim facility by the NCISS Cyber Defence Training Section. The course brought together some 15 subject matter experts and provided an opportunity to improve their skills for 35 staff officers from various NATO headquarters, agencies and commands, as well as national defence ministries and European Union (EU) military staff. “The NCI Academy transcends the physical building and the activities that will take place there,” explains Colonel Paulo Nunes, Director of the Academy and, previously, Commandant of the NATO Communications and Information Systems School. “For example, it is certainly about C4ISR and cyber, but it is also about innovation in training and new delivery methods, fostering new ways of learning and, of course, supporting new areas that are just emerging from the NATO digital endeavour.” Given its leap to prominence in recent years and its designation as the ‘fourth operational domain’, cyber is naturally a main plank of the school. The warriors of the 21st century need to be as knowledgeable in this field as in traditional forms of warfare.


An obvious indicator of the importance of this new operational domain can be seen in the fact that, until now, the school has handled an average of 4,000 students per year, but this figure is expected to increase to between 6,000 and 8,000 in the next few years. The Academy will deliver training to a variety of target audiences. They will come from several organizations, not only the military, although the latter group naturally accounts for most of the trainees. However, the new Academy will also

“Right now, the Academy is at the cutting edge of cyber training” says Colonel Nunes. “We have developed an integrated curriculum to create overarching training for the entire NATO organization, from strategic to operational, tactical and technical levels.” The Academy cyber training will also have the support of a cyber laboratory, which will bring the simulation and modelling aspects of cyberwarfare. “The majority of our courses last for one week. Some are longer as they delve a little more deeply, so we can

“Right now, the Academy is at the cutting edge of cyber training” provide ‘enterprise services’, where appropriate organizations can pay for training. For example, EU staff participate in courses, as part of a 2011 cooperation agreement between the two organizations. Cyberwarfare training is a critically important area for the NCI Academy, given the scale of potential threats in this sector.

The NCI Academy will deliver training to a variety of target audiences, with cyber as one of the key elements, recognising the importance of knowledge of this field

provide hands-on training. This can be ‘nuts and bolts’, going down to the size of systems. That requires deeper knowledge, so some courses have a maximum duration of three to four weeks,” explains Colonel Nunes. ”We already have a large number of civilian staff at NATO. The NCI Agency itself needs to be trained, so it will also be providing internal training for those who need to be at edge of innovation.” Staff at the Academy will be a mix of military and civilian personnel. Most of the instructors’ team leaders are civilians, assuring business continuity and knowledge transfer, while military staff will handle management and the delivery aspects of the training. Making the point that the work of the Academy has practical uses, Colonel Nunes notes that a high percentage of personnel who have completed courses at Oeiras would find themselves supporting NATO operations or deployments within six months.

Each year, the Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, runs the Locked Shields live-fire cyber competition to test the Alliance’s cyber security practitioners. Simon Michell reports

Colonel Jaak Tarien, Director of the CCDCOE (PHOTO: CCDCOE)

“Cyber security training has become an essential part of securing and protecting vital assets. Therefore, NATO Member States and partners are regularly pulling together to enhance cooperation and work jointly on enhanced cyber security,” says Colonel Jaak Tarien, Director of the NATO CCDCOE (Cooperative Cyber Defence Centre of Excellence). “The annual cyber exercise, Locked Shields, organized by the CCDCOE, is one


THE CYBER EXERCISES KEEPING NATO FORCES ALERT of the flagship training events in the calendar and stems from the fact that our nations’ militaries, governments and industry have all recognized the interdependencies in cyberspace.” Locked Shields offers insights into how to defend critical targets and how to work in teams of cyber defenders. It is a unique opportunity for national cyber defenders to practise protecting national IT systems and critical infrastructure under the intense pressure of a severe cyber-attack. Each year the exercise gets bigger, becomes more challenging and covers a wider range of threat scenarios. “This year, there were 23 different Blue Teams and roughly 1,500 participants. Furthermore, we introduced several new technical challenges,” says Lauri Luht, the CCDCOE’s Head of Cyber Exercises. “For example, it was the first time



that operators had to defend power plants from cyber-attacks, and we also introduced a new maritime surveillance element.” As the exercise and the CCDCOE are designed to support cooperation among NATO Allies, the scenario aims to create dependencies between different teams. This element of the exercise was supported through the introduction of a Malware Information Sharing Platform (MISP), which enabled the teams to share information and data gleaned from the attackers – indicators of compromise or other kinds of attack vectors. “The understanding that better results can be achieved through cooperation between different teams is not easy to bring about, but we are getting there,” says Luht. It was not just information that the teams shared. In order to prepare them for a likely scenario in a major cyber-attack, in the 2019 exercise the teams had an opportunity to

(left) Lauri Luht, CCDCOE Head of Cyber Exercises; (above) intense activity during Locked Shields (PHOTOS: CCDCOE)

directly support each other during the attack by sharing access to power. “This emphasis on developing dependencies between nations is a trend that is likely to grow in future exercises, and we realized from this year´s event that this element should be kept in the gameplay in the future,” confirms Luht. The NCI

Agency fully supports this concept, and having won last year’s competition decided to invite cyber security experts from other Member States to join its team for the 2019 competition. As a result, 10 members from six nations (Bulgaria, Croatia, Norway, Romania, Slovenia and Turkey) volunteered to form a united team with the NCI Agency.

CWIX – ACHIEVING FEDERATED INTEROPERABILITY Every year, NATO’s Allied Command Transformation (ACT) holds its premier interoperability training exercise – CWIX (Coalition Warrior Interoperability eXercise) at the Joint Force Training Centre in Bydgoszcz, Poland. The event enables NATO Member States and Partners to experiment, test and de-risk their deployable CIS systems before undertaking missions such as the NATO Response Force. It also allows commanders to ‘fine tune’ their command and control capabilities before achieving combat readiness at the Steadfast Cobalt and Trident Juncture exercises. In addition, it is a great way to test interoperability between mobile tactical radios in preparation for the Very High Readiness Task Force. 90

The NCI Agency played a vital role by acting not only as a support backbone, but also by providing 60 subject matter experts and 33 critical capabilities and systems to make sure the exercise was a success. As you might expect, there is a mutual benefit in linking the CCDCOE’s expertise with CWIX to embed ever greater levels of cyber security, as Colonel Jaak Tarien explains: “CWIX, has become a useful and attractive platform to test the cyber security levels of different assets used in NATO missions. The CCDCOE has cooperated closely with ACT and the CWIX organisers to share the expert knowledge and capability we have gained during the Locked Shields exercise by contributing experts and know-how for red-teaming of the different assets.”

INCREASING THE TALENT POOL The make-up of the blue teams at Locked Shields is quite varied. There are purely military teams, teams comprised only of civilians, and some joint teams with a military and civilian mix. Different nations have a different approach to who they want to train, but, in each case, training together establishes a glue that builds the community and diversifies the skills base. About a fifth of the Locked Shields participants represented strategic decision-makers, with the rest being technical experts from national Computer Emergency Response Teams (CERTs), military cyber services and other organizations. The goal of Locked Shields, as well as other cyber exercises, is to train these groups to work more closely together, as they would in a real-life scenario.

The exercise trains the teams in how to protect unfamiliar environments and to make correct decisions with incomplete information, as computer emergency specialists are often required to do when faced with real-life situations. All nations’ private-sector and government agencies struggle to find experts with up-to-date skills to monitor networks and ensure that they are secure. Participating in cyber exercises such as Locked Shields helps to train specialists for a variety of skillsets and jobs, such as information security managers, security analysts, testers, software developers and system administrators. Exercises are also useful for developing new talent and skills, including the newest methods in malware, trends in hacking and the dynamics of attack vectors. Beyond the technical, they also bring the teams into an environment that


A team from the Portuguese military taking part in Coalition Warrior Interoperability eXercise (CWIX) 2019 (PHOTO: NATO)

CCDCOE Chief of Staff Lt Col Franz Lantenhammer (PHOTO: CCDCOE)

enhances their knowledge and experience of legal and media aspects of cyber security incidents. With the cyber threat increasing on a daily basis, it is no surprise that cyber defence exercises have been growing in scale. Lieutenant Colonel Franz Lantenhammer, CCDCOE Chief of Staff, takes this a step further, pointing out that many governments have decided to invest in capability – not only to protect themselves, but also to affect the network-based systems of potential adversaries. Moreover, with cyber now a NATO domain of operations, there is a real need to make sure that the Member States are all able to contribute their own national capabilities to the fight.




Unless more care is taken, the widespread adoption of Artificial Intelligence technology may inadvertently negate centuries of hardwon civil liberties and gender-equality freedoms. Ann Rogers reports

Anyone who uses Facebook or carries a passport will have almost certainly already encountered facial analysis technologies tasked with detecting, classifying and recognizing one’s most accessible identifier – the face. These emerging Artificial Intelligence (AI) technologies are powerful tools for security enhancement in intelligence, surveillance and reconnaissance roles, immigration and border control, law enforcement and other areas where identity verification is needed. However, there are increasing concerns about the reliability, legality and ethicality of such technologies. Commercially developed products are proliferating in a largely unregulated marketplace, where accuracy claims are untested and performance metrics are under-reported. Lack of industry standards and government



oversight further compound the issues. During recent mass protests in Hong Kong, demonstrators have covered their faces, raised umbrellas and even used laser pointers to defeat facial surveillance systems.

SERIOUS ISSUES MIT graduate student Joy Buolamwini’s industry-changing research into facial recognition technology (FRT) has uncovered serious problems in how algorithms can discriminate based on race and gender. In a testimony to the US House Committee on Oversight and Government Reform in May, Buolamwini, who founded the Algorithmic Justice League (AJL), used the example of Michelle Obama, misidentified by Microsoft Azure software as being a young man wearing a black shirt and a hairpiece. As a person of colour, Michelle Obama belongs to a population segment upon which face recognition systems routinely 93


Research into facial recognition technology by Joy Buolamwini, founder of the Algorithmic Justice League, uncovered serious problems in how algorithms can discriminate based on race and gender (PHOTO: WORLD ECONOMIC FORUM)

perform poorly. In an audit conducted in 2018 that included systems developed by industry giants such as IBM and Microsoft, the AJL found that “women with skin types associated with blackness had error rates as high as 47%,” Buolamwini reveals.

THE DEVIL IS IN THE DATASETS FRT, which is now found in most smartphones, is one of a suite of facial analysis systems that uses AI to attempt to verify identity.




FRT can also learn “soft biometrics” – such as age, race and gender – and, controversially, some applications claim to be able to infer the emotions, sexual orientation and potential criminality of subjects. Bias problems begin in the research design process. Most FRT, explains Buolamwini in her testimony, rely on machine learning. The systems are “trained” to detect facial patterns by exposing them to literally millions of examples of human faces, generally using images captured through visible light, near-infrared, thermal imaging and so on. But eventual performance of such systems will only be as good as the dataset on which they learn. If the dataset is skewed towards examples of white male faces, then the software may become adept at reading those

Recorded FRT error rate for “women with skin types associated with blackness”

types of faces, but accuracy plummets when it encounters types of faces it has not been shown.

IMPROVED RESULTS Buolamwini’s findings have already led to better results. She told an audience at the World Economic Forum in Davos earlier this year that her most recent tests showed that, by tweaking its algorithms, IBM had raised accuracy from 88% to 99.4% for dark-skinned men, and 65.3% to 83.5% for dark-skinned women. More-representative datasets are not the only issue, however. Current systems struggle to accurately identify certain facial characteristics such as skin reflectivity and eye shape. In her Congressional testimony, Buolamwini cites the case of an online passport photo checker that rejected the image of the face of an Asian male, whom it deemed had his eyes closed. People with darker skin, younger and older faces, women and transgender people are more likely to be

misidentified, but, as Buolamwini said at Davos, such problems can also be ameliorated if companies make solving them a priority.

MITIGATION, REGULATION AND COMPETITION While accuracy can be improved, the commercial rush to get products out into an unregulated market is intense. Aside from privacy concerns arising from the large-scale harvesting of data without informed consent, a lack of industry standards fuels misleading claims about accuracy and reliability.

The risk of violating civil liberties is grave enough that Buolamwini and the AJL have called for a ban on use of unregulated and unproven facial analysis technologies by US law enforcement. “These tools are too powerful, and the potential for grave shortcomings, including extreme demographic and phenotypic bias, is clear,” explains Buolamwini in her testimony. Buolamwini’s reservations about the rush to produce AI-based systems in the commercial sector are also applicable to the Alliance. The same legal and ethical pitfalls facing the commercial sector apply equally – perhaps more so – to an international organization such as NATO as it seeks to enhance its systems with machine-learning capabilities and embedded algorithms. Preventing bias by ensuring diversity within the


As the presence of AI systems for identifying individuals increases, issues concerning privacy, accuracy and reliability become more pressing

teams and datasets employed to create AI-enabled capabilities needs to be something that is done at the beginning of development, not as an afterthought. Moreover, the biases that Buolamwini has highlighted in facial recognition systems are not confined solely to that area of algorithmic development. The International Committee of the Red Cross has expressed its own concerns in its white paper of June 2019, entitled Artificial Intelligence and Machine Learning in Armed Conflict – a Human-centred Approach, in which it points out that there are documented instances of an image-classification algorithm being tricked into identifying a 3D-printed turtle as a rifle. The paper calls for “rigorous testing in realistic environments” before any AI systems are fielded.



INVOLVING THE WIDER SOCIETY With women woefully underrepresented in the cyber security industry, Christina Mackenzie asks Rosanna Kurrer, co-founder of CyberWayFinder, how she is attempting to redress the imbalance

Cyber security is a maledominated industry filled with professionals who have studied IT. But, as Rosanna Kurrer, co-founder of CyberWayFinder in Brussels and Luxembourg, remarks, “The consequences of the evolution of cyber security have expanded beyond IT. So, there is a need for diversity in terms of background and mindset”.


It was with this in mind that Kurrer and Patrick Wheeler opened CyberWayFinder in 2017 to train, certify and mentor women who want to make a career transition into cyber security. The professional backgrounds of these women vary widely – from marketing to finance, legal to political science, journalism to compliance – but they should preferably have little or, even better, no knowledge of IT. “We prefer that our students have no computer knowledge because they spend the first half of the year on basic fundamentals, which would bore

those who already hold that know-how,” explains Kurrer. Kurrer’s own background is not in cyber security. She is an architectural engineer by training and holds a Masters in Engineering (Major in Building Physics) from Kyoto University in Japan. But it was when she was advocating for women in tech in non-government organizations that she met the Chief of Staff of global financial messaging network provider SWIFT at the time, “who told me that what they really needed was security”. She paired up with Wheeler, whose background is in cyber security, but who also used to run career clinics for women. It took them almost a year and a half to set up CyberWayFinder. Four women from SWIFT were the first to sign up,


Women on the CyberWayFinder programme start their course learning the very basics of IT (PHOTO: CYBERWAYFINDER)



followed by 20 from other sectors. The programme opened in 2017 with these 24 women, most of whom were between 28 and 38 years old, “but we do have students in their early 20s and some in their early 50s,” says Kurrer. After the initial, month-long “baptism-of-fire bootcamp” in Brussels and Luxembourg – during which the students spent six hours of study split over two weekday evenings and then three to four hours on a Saturday – four women dropped out. The remaining students dedicated three hours one evening every week and three hours every Saturday to the course during the Belgian school terms.

A group of CyberWayFinder students celebrate earning their certificates (PHOTO: CYBERWAYFINDER)

Certification Consortium), which costs 230 EUR and is non-refundable if the candidate fails.

MAKING THE GRADE At the end of every year there are certificates to pass. A large part of Kurrer’s job is “boosting their confidence because it’s not unusual to have to sit these exams two or three times before achieving a pass, even for those with 10 years’ experience in the sector”. To progress from first to second year, the students must pass the Systems Security Certified Practitioner (SSCP) exam set up by the ISC² (International Information Systems Security


At the end of the second year, the women must pass the Certificate of Cloud Security Knowledge (CCSK), organised by the Cloud Security Alliance. For the 395 USD fee they get two tokens, so if they fail once they can try again. Kurrer herself just took this exam... and passed! The programme entered its third-year cycle in September 2019, with 11 women who have stayed the whole course. At the end of the

Women on the course have committed several hours a week to study for certificates that will make it much easier to further their careers (PHOTO: CYBERWAYFINDER)

programme, they should be ready for the CISSP (Certified Information System Security Professional) exam that is often required for senior Information Security positions, such as Chief Information Security Officer. “This exam is not easy and is not for everyone,” Kurrer warns. If they pass, though, “it makes it easier to get a job anywhere in the world, and in almost any sector,” she adds. In Luxembourg, CyberWayFinder has the support of the cyber security agency SMILE (Security Made In Luxembourg). “They are incubating us by hosting us and it’s a very good place for us to be in,” says Kurrer, who would like to set up a branch in The Hague, Netherlands, but meanwhile has recruited another class of students to start in October 2019. Tuition is free for students, so what is CyberWayFinder’s business model? “We have two,” explains Kurrer. “The SWIFT model, where companies pay so that their women employees can come and study with us, and we have another model where students are contracted out. Some have recently signed contracts with the European Commission – a new client. “I’ve got my foot in the door!” she laughs.

Did you know?

We can help protect your entire business Threats to your organisation are growing more sophisticated every day. We have the technology and the intelligence to spot and tackle cyber dangers before they become the stuff of headlines. For more information visit