Cyber Attacks against NATO and Protection from them

A cyber attack is any type of offensive manoeuvre that targets computer information systems, infrastructure, computer networks, or personal computer devices. According to the data provided by Laura Brent, cyber threats that endanger the security of the Alliance are growing “more frequent, complex, destructive, and coercive.” In order to protect the Alliance, NATO needs to continue to view cyber threats as fundamental to the Alliance’s security, as recommended in its enhanced policy and action plan adopted in 2014. NATO should upgrade its Computer Incident Response Capability (NCIRC), which protects NATO’s networks, by providing centralised and round-the-clock cyber defence support, along with NATO’s Smart Defence initiatives, where countries help one another if they are not able to protect themselves. In order to bring attention to cyber threats among citizens, NATO needs to continue to improve the state of its cyber defence education, training, and exercises. Finally, NATO should continue to cooperate with the cyber industry in order to establish multinational cyber-defence projects. This article will discuss the types of cyber attacks that can and have been used against NATO as well as the initiatives and projects of NATO and its Allies to protect cyber space.

By Khalisa Huseynova

1. Introduction

The threat of cyber attacks is always present. They occur daily: whether through the hacking of websites, personal information, or illegal transactions via online banking. The most horrific damage, however, is when cyber attacks are carried out against members of such giant intergovernmental military alliances as NATO.

In recent years, cyber threats to the security of the Alliance have become more frequent, complex, and destructive. There are over 100,000 people in 60 locations around the world, from NATO HQ to operation sites, who use NATO’s IT infrastructure.[i] Additionally, hundreds of millions more use member countries’ IT infrastructures on a daily basis—making the Alliance a large target for cyber attacks over the past decade.

Allied leaders introduced ideas to strengthen their cyber defence capabilities at the 2002 summit meeting in Prague. Since then, cyber has become an important focus at NATO summits, with NATO adopting its cyber defence policy six years later, in 2008, following the massive cyber attack against Estonia in 2007. In 2016, Allies recognized cyberspace as a domain of military operations and pledged to prioritize enhancing the cyber defence of their national networks and infrastructure and help other members of the Alliance in times of emergency. In an article for Prospect’s new cyber resilience supplement in August 2019,[ii] NATO Secretary General Jens Stoltenberg stated, “A serious cyberattack could trigger Article 5, where an attack against one ally is treated as an attack against all.”

In the first part of this work, I will outline the nature and type of cyber attacks against NATO and the structural elements of NATO and its forces that are easy targets for hackers. The second part of the work will outline NATO initiatives to improve its cyber defence systems, such as the NATO Computer Incident Response Capability (NCIRC) and NATO’s Smart Defence initiatives, along with NATO’s efforts to improve member states’ cyber defence education, training and exercises, and cooperation with industry.

2. The nature of cyber attacks against NATO

NATO’s main focus in cyber defence is to protect its own networks (including operations and missions) and enhance resilience across the Alliance. However, there are many ways in which NATO is vulnerable to a massive cyber attack. First, the vulnerability of member states’ satellite control systems pose a high risk. NATO’s reliance on space-based infrastructure is essential, as it provides data and services for operations in air, land, cyber, or maritime spaces. Second, since NATO does not own satellites, it needs space, weather, and flight reports provided via member states’ advanced satellite reconnaissance systems, which can easily be attacked by hackers. Third, cyber vulnerabilities can lead to low confidence in the performance of NATO’s strategic systems.

 There are several ways in which cyber attacks can or have been used to threaten the core infrastructural elements of the NATO Alliance:

1) Cyber attacks against member countries – The largest and perhaps most significant cyber attack to take place against a NATO member state occurred in 2007 in Estonia. Mobile SMS messages were utilised to spread disinformation, exhorting the Estonian population to take up armed resistance against the government. Russian-language social media platforms and websites recruited volunteers to launch cyber attacks against Estonian political parties and government websites, along with providing lists of targets, instructions, and attack tools.[iii] The attackers carried out Denial of Service (DoS) attacks[iv] and Distributed Denial of Service (DDoS) attacks.[v] The hackers also used website defacement, email spamming, and posting of automated comments to attack Estonia’s cyber system. The attacks primarily affected banking and communications infrastructure, as DNS (Domain Name Servers) were completely damaged by the attacks.

Several other attacks have since taken place in member states. In March 2012, persons suspected to be connected to the Chinese government targeted British military officers and officials of the British Ministry of Defence via a fake Facebook account of NATO Supreme Allied Commander US Admiral James Stavridis. The attackers obtained officers’ and officials’ private email addresses, phone numbers, and photos. The following month, in April 2012, several government websites of the Czech Republic, including the website of the cabinet, were attacked following protests against the Anti-Counterfeiting Trade Agreement.

2) Cyber attacks on space-based architecture - Strategic military systems rely on space-based assets to access data and other capabilities, including PNT (positioning, navigation, and timing), ISR (intelligence, surveillance, and reconnaissance), and SSA (communications, space, situational awareness), as well as environmental monitoring. It is essential to know that any cyber attack on one element can have collateral effects on others.

3) Military domain vulnerabilities - This targets the use of commercial companies for military purposes, ‘back-doors’[vi] in encryption, and the supply-chain security of satellites, along with physical, personnel, and procedural vulnerabilities. As most space-related technology can be used both for civilian and military aims, these elements are increasingly hackable.[vii]

4) Terminals located in ground stations - Attacks on terminals located in ground stations can bring danger to the whole system. These terminals are access points for satellites and usually not guarded by authentication in order not to interfere with operational actions. 

5) Data - The manipulation of data can cause serious problems and is hard to recognize. As cited in a report by Chatham House, the following can affect the situation of data:

a) A higher number of data exchange interfaces used between the military and civil sectors;

b) The fact that each actor has its own isolated view of its data network, protected by its own security standard;

c) The use of old and proprietary IT hardware and software;

d) The failure or inability to conduct regular software updates to remove known vulnerabilities.viii]

6) Missile defence systems - In the event of a cyber attack, missile defence systems can malfunction and provide false information because of communication systems such as ground-based radar.

7) Communication system - Cyber attacks against communication systems can affect the ability of presidents, prime ministers, and senior military staff to make decisions as they will not be able to send the necessary orders using the chain of command in the event of some cyber attacks. Furthermore, decisions based on wrong or false information circulated during an attack may escalate conflict and decrease the chances of solving it.

8) Environmental monitoring system - Wrong information may escalate events and decrease the chances of solving the conflict, as the military relies on daily weather information to conduct its operations.[ix] Additionally, weather information is fundamental for land, air, and maritime domains as well as the cyber domain as weather forecasting systems could impact operational capacity.

9) Social media - Soldiers’ social media accounts can be tracked in order to find information on the dates of military exercises, movements of battalions, and their exact locations, which can completely destroy the work of the Alliance.

3.  NATO initiatives for cyber protection

In order to interpret international law in the context of cyber operations and cyber warfare, between 2009 and 2012 an international group of legal scholars and practitioners penned the Tallinn Manual on the International Law Applicable to Cyber Warfare. Written on the initiative of the NATO Cooperative Cyber Defence Centre of Excellence, the manual examines the application of international law to cyber conflicts. The manual was published by Cambridge University Press in April 2013. In February 2017, Tallinn 2.0 was released as a book by Cambridge, expanding the scope of the Tallinn Manual by “examining  the international legal framework that applies to cyber operations and explaining how the general principles of international law, such as sovereignty, jurisdiction, due diligence, and the prohibition of intervention, apply in the cyber context.”[x] In June 2018, the Alliance approved the Vision and Strategy on Cyberspace, and at the Brussels Summit in July 2018, Allies agreed on the integration of sovereign cyber effects, provided voluntarily by Allies, into Alliance operations and missions. Following these events and considering the frequency of cyber attacks on the Alliance, NATO has designed the following initiatives for cyber protection:

1) NATO announced the initial operations of the Cyberspace Operations Centre (CyOC) in October 2018. CyOC “provid[es] cyberspace situational awareness, centralised planning for the cyberspace aspects of Alliance operations and missions, and coordination for cyberspace operational concerns.”[xi]

2) The NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) was established in Tallinn in 2008 following the 2007 cyber attacks on Estonia. CCD COE brings together experts from 25 nations to facilitate “research, training, and exercises in four core areas—technology, strategy, operations, and law.”[xii]

3) The NATO Computer Incident Response Capability (NCIRC) aims to provide 24/7 protection of NATO sites and their cyber infrastructure. NCIRC will work on a continual basis over the coming years to maintain pace with the rapidly changing threat and technology environment.[xiii]

4) Smart Defence initiatives help countries work together to develop and maintain capabilities they could not afford to develop or work on alone. They provide resources for developing other capabilities,[xiv] including information sharing, through organising cyber defence exercises to help develop national expertise. 

5) Regular exercises on cyber defence such as the Cyber Coalition Exercise (annual) and the Crisis Management Exercise (CMX) focus on integrating cyber defence elements and considerations into the entire range of Alliance exercises.

6) The NATO Communications and Information Systems School (NCISS) (Latina, Italy) trains personnel from member states, as well as from non-NATO nations participating in NATO-led operations, and maintains NATO communications and information systems.[xv]

Along with putting effort into improving new systems of cyber defence, NATO engages with a number of partner countries and other international organizations to develop international security, including  the European Union (EU), the United Nations (UN), and the Organisation for Security and Co-operation in Europe (OSCE). In order to broaden its defence system, NATO aims to work with the private sector, and through the NATO Industry Cyber Partnership (NICP), NATO, along with its Allies, aims to build relationships with the industry.

4. Conclusion

NATO should consider the following policy recommendations in order to prevent and contain future cyber attacks: 1) NATO, as well as Allies, should devise strategies to defend its cyber systems. 2) All members of the Alliance must develop the norms underlined in the Cyber Defence Pledge, which will be accepted by the whole Alliance, instead of relying on the general norms of international security. 3) NATO and Allies should increase situational awareness along with investment in technology and research in cyber security. 4) NATO should work to strengthen contacts between the Alliance and industry. 5) NATO should build a signalling system for deterrence threats.

About the Author

Khalisa Huseynova is a political researcher with four years of experience in the security field at the Scientific Society of the Academy of Public Administration under the President of the Republic of Azerbaijan (APA). She holds a BA in Political Science from APA and qualification degrees in Religion, Conflict, and Peace from Harvard Divinity School as well as Global Diplomacy from SOAS University of London. She is the founder of “Guide to education magic” educational program and “Sciences in sight” research platform.

Her scientific works have been presented at different conferences, including the International Conference on Sustainable Development Goals and 2nd International Forum of the Caucasus Studies Scholars, among others. Her research interests include international relations, strategic studies, terrorism, non-proliferation of nuclear, chemical, and biological weapons, comparative politics, political violence, human security, cyber defence, women and politics, and sustainable development. Currently, she works as a researcher at the Azerbaijan Migration Research Initiative.

Notes

[i] Factsheet - NATO Cyber Defense, NATO, February 2019, https://www.nato.int/nato_static_fl2014/assets/pdf/pdf_2019_02/20190208_....

[ii] Jens Stoltenberg, “NATO will defend itself,” Prospect (republished on the NATO website), last updated 29 August 2019, https://www.nato.int/cps/en/natohq/news_168435.htm?selectedLocale=en.

[iii] “Russia’s Involvement in the Tallinn Disturbances,” International Centre for Defence and Security, 11 May 2007, https://icds.ee/russias-involvement-in-the-tallinn-disturbances/; for a detailed timeline see, “Monument of Contention: How the Bronze Soldier was Removed,” err.news, https:// news.err.ee/592070/monument-of-contention-how-the-bronze-soldier-was-removed.

[iv] “[A] type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service,” https://www.techopedia.com/definition/24841/denial-of-service-attack-dos; see also, Matthew Prince, “Empty DDoS Threats: Meet the Armada Collective,” 25 April 2016, CloudFlare, https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/.

[v]  “[An attack in which] Multiple compromised systems, infected with a Trojan, are used to target a single system.” Newton Lee, Counterterrorism and Cybersecurity: Total Information Awareness (New York: Springer, 2013).

[vi] A backdoor is a means to access a computer system or encrypted data that bypasses the system’s normal security mechanisms.

[vii] Joan Johnson-Freese, Space as a Strategic Asset (New York: Columbia University Press, 2007), 31.

[viii] Beyza Unal, “Cybersecurity of NATO’s Space-based Strategic Assets,” July 2019, https://www.chathamhouse.org/sites/default/files/2019-06-27-Space-Cybers..., p. 8­–9.

[ix] Ibid., p.16–17.

[x] NATO Cooperative Cyber Defence Centre of Excellence, “Tallinn Manual 2.0,” https://ccdcoe.org/research/tallinn-manual/.

[xi] Brent, “NATO’s role in cyberspace.”

[xii] Federico Plantera, “NATO CCDCOE – Expertise and cooperation make our cyber space safer,” e-Estonia, October 2018, https://e-estonia.com/nato-ccdcoe-expertise-cyber-space-safer/.

[xiii] Factsheet - NATO Cyber Defense.

[xiv] Jacom Henius, “Specialization – the Gordian Knot of NATO’s Smart Defence,” from J.Henius and J.L McDonald, Smart Defence: A Critical Appraisal, NDC Forum Paper, Rome, March 2012, p. 29.

[xv] Cyber defence, NATO, last updated 6 September 2019, https://www.nato.int/cps/en/natohq/topics_78170.htm.