NATO Cyber Exercise Builds Response Capability Of Partner Nations

DW : Can you tell us about Cyber Coalition 2013 and its participants?

NATO official: From 26-28 November, NATO conducted a cyber defence exercise (Cyber Coalition 2013) which tested the Alliance’s ability to defend its networks from attacks. More than 30 countries were involved, making this the largest exercise of its kind in terms of participating nations. Some 300 cyber defence experts participated from their home countries. An additional 80 experts took part from a military training facility in Tartu Estonia, which hosted the exercise.   Participants were drawn from national armed forces, law enforcement and relevant ministries. Experts were also drawn from civilian and military staff at NATO headquarters.   This was the sixth run of the exercise. Five non-NATO nations, Austria, Finland, Ireland, Sweden and Switzerland participated in the exercise alongside experts from the 28 NATO member nations. New Zealand and the European Union had observer status.

DW : Can you explain the exercises’ scenario? What kind of procedures were the participants exposed to?

NATO official: The aim of the exercise was to train technical personnel and their leadership and to test the ability of Allies and partners to coordinate their actions in warding off multiple simulated cyber attacks. As always, the exercise was based on a fictitious scenario. In the story line unknown adversaries launched cyber attacks against one of NATO’s static networks and against a simulated deployed network. Participants faced mock attempts to infiltrate a NATO computer network to seize information. Attacks included so-called botnets and malware infected websites. NATO and partner experts tested their ability to detect these infiltrations, share information about them and stop them.

DW : How does NATO plan to keep pace with this evolving threat?

NATO official: Cyber attacks are a daily reality and they are growing in sophistication and complexity. NATO has to keep pace with this evolving threat which is why the NATO Cyber Incident Response Centre (NCIRC) is undergoing a major 58 million euro upgrade to provide it with state of the art sensors, scanners and intelligent analytic capabilities to better prevent, detect and respond to cyber threats. This upgrade will significantly enhance NATO’s ability to protect its own networks. The NCIRC has proven to be a vital hub for dealing with cyber incidents and for disseminating cyber security information across the Alliance.

DW : NATO has yet to decide if there will be a collective response should there be an attack against a member. Is a decision on the horizon?

NATO official: This is a hypothetical question. But attacks delivered through computer networks could be as devastating as those carried out through traditional military means. Any decision to invoke Article 5 rests with the North Atlantic Council, NATO’s highest decision making body.

DW : In 2012, there were over 2,500 "significant cases" of cyber attacks on your systems. How has 2013 fared and how do you plan to tackle the coming year?

NATO official: NATO, like many banks, media or political institutions, is experiencing a growing intensity and frequency of cyber incidents. Threats range from low-level hacking attempts to more serious attempts of denial of service or cyber espionage.   The NCIRC is at the core of NATO’s cyber defence effort. As you mentioned, in 2012, it responded to more than 2,500 cases. Most of these incidents were dealt with automatically, using sensors, scanners and firewalls. The real challenge is from high-end targeted attacks, which for NATO, can number ten or more a month. They can include emails with dangerous attachments, probes looking for vulnerabilities in NATO defences or denial of service attacks. Such high-level threats are dealt with by NATO’s cyber defence experts.   Exact 2013 figures have not yet been compiled. What we can see is that the incidents recorded by NATO experts so far this year are comparable to what similar organisations have faced and generally consistent with 2012 levels. There have been no significant rises or reductions in attacks in 2013 compared to 2012. Looking to 2014, we expect to see the operational benefits of the increased detection and response capability which we are currently achieving by upgrading the NCIRC. Our defensive efforts will focus on tuning our new system to maximum effect.

DW : Where does NATO stand on the establishment of rapid reaction teams against cyber attacks?

NATO official: As part of ongoing efforts to upgrade the Alliance’s cyber defences, NATO is standing-up two rapid reaction teams that can help protect NATO networks in the event of an attack. By the end of the year we expect to have both teams up and running, which is the timeline we had planned for.

DW : Could you elaborate on the revised cyber defense policy?

NATO official: In June 2011, NATO Defence Ministers agreed on a revised cyber defence policy. The policy sets out a vision on NATO’s efforts on cyber defence. Its overall aim is to improve the Alliance’s coordination on cyber defence, with a focus on prevention and building resilience. All NATO structures will be brought under centralised protection. The policy clarifies political and operational mechanisms of NATO’s response to cyber attacks, and integrates cyber defence into NATO’s Defence Planning Process.   The policy also sets the principles on NATO’s cyber defence cooperation with partner countries, international organisations, the private sector and academia. The document reiterates that the priority remains the protection of NATO’s own networks and that any collective defence response requires a decision by the North Atlantic Council, NATO’s top decision-making body.    In parallel to the policy, Ministers adopted a cyber defence action plan to ensure the implementation of the policy.

DW : How do you plan to bring cyber defense into NATO's normal planning process?

NATO official: Through the NATO defence planning process Allies collectively decide what military capabilities NATO as a whole needs and what each Ally should contribute towards them. At the Lisbon Summit in 2010, Allies agreed that cyber defence capabilities need to be included in NATO’s defence planning process. In June 2013, NATO Defence Ministers approved the first step of integrating cyber defence capability targets into the Defence Planning Process.  This effort centres on bringing Allies up to a minimum standard in terms of defensive capabilities and preparedness. Capability targets can include the introduction of national cyber policies, a national cyber authority and the creation of national cyber defence response capabilities. Work on these capabilities is ongoing. Making cyber part of the defence planning process will help to harmonize efforts on cyber procedures within NATO and at the national level to ensure that the Alliance’s overall cyber defence capability meets agreed targets.

DW : In an effort to protect your information systems, strike will you develop offensive cyber defense capabilities?

NATO official: No, everything NATO does on cyber security is purely defensive. NATO is not in the business of conducting cyber warfare. And NATO has no offensive cyber doctrine or offensive cyber capability. There are no plans within the Alliance about NATO as a body developing or using such capabilities.