At NATO’s operational headquarters in Mons, Belgium, the cyber defense team has its hands full fighting a flood of attacks in what one might call a quiet war.
At NATO’s operational headquarters in Mons, Belgium, the cyber defense team has its hands full fighting a flood of attacks in what one might call a quiet war. The alliance’s computer systems are under constant attack, primarily from attackers linked to the intelligence units of rival states such as Russia, China and Iran, as well as individual hackers pursuing a variety of goals.
Eight to 10 sophisticated attacks target NATO’s computer systems every day, says Süleyman Anil, the head of the organization’s Cyber Defense Section. These require a response from NATO’s technical experts. In addition, there are many more less sophisticated attacks that are detected and remedied by electronic cyber defense systems without the need for technical experts to get involved.
With 100 or so states acquiring cyber attack capabilities, and a wide spectrum of individual or organized non-state hackers mounting attacks on a multitude of targets, some now view cyber attacks as the fifth dimension of warfare — after space, sea, land and air.
“Everyone is attacking everyone on the Internet,” Anil said in an interview with Today’s Zaman, explaining that attackers range from young ambitious hackers aged 16-17 to “hactivist” groups targeting NATO for a number of causes the advocates support, and individuals or groups attacking NATO systems with criminal intent — that is, to steal the organization’s secrets and sell them to interested buyers.
“Cyber attacks on NATO computer systems generally come from state actors because NATO computer systems do not store information that would be of interest to non-state actors,” Anil said.
Anil said cyber attacks originating from groups linked to state intelligence agencies are so common that it can now be considered a “new form of intelligence gathering.” “In fact, one might even ask why an intelligence agency wouldn’t do it,” he said.
According to Anil, of about 100 countries that have acquired cyber attack capabilities, only 10-15 have the advanced capacity sufficient to pose a significant threat. Given that not all the countries in this smaller group would be willing to target NATO, there is only a handful of countries with both the intent and the ability to launch significant cyber attacks on NATO. The systematic nature of these attacks leads NATO officials to suspect that intelligence units have been given orders to attack the organization’s systems whenever they find an opportunity to do so.
“This is not a one-time directive. This is a state-sponsored campaign [to attack NATO],” said Anil.
Asked which countries are most active in cyber attacks targeting NATO, Anil said most appear to originate in China, although the quantity does not automatically mean the Chinese government is behind them, given the vast number of hackers one would naturally expect to find in a country whose population is 1.3 billion.
Despite the quantity, attacks originating in China are not always sophisticated. In fact, the fact that the attacks can easily be traced back to China is a sign that they are not very advanced.
Attacks from Russia, on the other hand, are much more complex and not easily traceable.
In the Middle East, Iran stands out as a country with both the means and the intent to mount cyber attacks, but Anil would not be specific.
NATO first realized the need to put a mechanism in place to defend its computer systems when it came under attack in the 1990s, during the Kosovo war. The real turning point, though, was in 2007, when alliance member Estonia’s computer infrastructure was devastated in a significant cyber attack by Russian sympathizers.
In 2010, NATO officially identified the danger of cyber attack against member states as a strategic threat. The alliance’s Strategic Concept promises to “develop further our ability to prevent, detect, defend against and recover from cyber attacks, including using the NATO planning process to enhance and coordinate national cyber defense capabilities, bringing all NATO bodies under centralized cyber protection, and better integrating NATO cyber awareness, warning and response with member nations.”
The alliance’s still-evolving cyber defense strategy also leaves the door open for the collective defense of an ally or allies that may come under a major cyber attack, under Article 5 of the NATO charter.
Anil agrees that NATO strategy does not exclude an Article 5 response and explains: “Imagine a situation in which planes crash and people are killed in a cyber attack on the air control systems of an ally state. There is no room for cyber retaliation in this scenario. This is a situation where NATO could theoretically consider a military response under Article 5,” he said.
Anil is a Turkish IT expert who managed NATO’s operational cyber defense services from 1989 to 2003 at the Supreme Headquarters Allied Powers Europe (SHAPE) in Mons, the central command of NATO military forces. He was later assigned to the NATO Office of Security (NOS), which coordinates, monitors and implements NATO security policy, and he has been the head of a nine-member team at the Cyber Defense Section in the Emerging Security Challenges Division of NATO headquarters in Brussels since August 2010. They are tasked with planning and coordination of NATO’s cyber strategy. The technical team at SHAPE operates separately, but when necessary works in coordination with the Cyber Defense Section.
When an attack on NATO systems occurs that is not managed by the electronic systems, the technical experts go to work, sometimes for half an hour, sometimes for weeks, depending on the nature of the attack. Usually, the technical service in Mons takes care of these attacks on its own, but the Cyber Defense Section may also be called in for help in coordinating a response with member states on occasion.
In February, a 58 million euro contract was awarded to establish a NATO Computer Incident Response Capability, to be fully operational by the end of 2012. A Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness, according to NATO documents.
One of the few Turks at senior positions in NATO, Anil studied electrical engineering at Middle East Technical University (ODTÜ) in Ankara and worked for ITT/ALCATEL before joining NATO.
The Cyber Defense Section is one of the six departments within the Emerging Security Challenges Division, which was created in 2010 in order to deal with a growing range of non-traditional risks and challenges ranging from a nuclear threat to terrorism and energy security. (Cihan/Todays Zaman)