Connect to share and comment
With cyber war pegged as a serious threat, NATO is prepared to respond with real force.
TALLINN, Estonia — It was a horrific scenario.
The African island nation of Boolea was reeling from an attack by religiously inspired insurgents. Then a deadly cholera epidemic struck.
Local authorities were quickly overwhelmed. Only an international coalition force and a handful of aid organizations held the country together.
Then came the coup de grace: A sophisticated cyber attack struck the computer systems of the aid workers and international troops, severely degrading their response capabilities.
Vital food and medical supplies faced disruption. The downing of communications between the government and coalition troops risked giving the insurgents the upper hand.
“NATO is painfully aware of the danger of a major system-destroying attack.”
That’s when the coalition's 10-member cyber defense force was called in and given two days to beat off the attack and avert disaster.
In the midst of the crisis, in an army barracks built for the Russian Imperial Army on the banks of the Baltic Sea, a pony-tailed young man spearheading the insurgents' cyber strike leaves a control room filled with blinking computer screens. He brushes past a group of visiting Western diplomats and military officers — to help himself to another Diet Coke.
The Boolea attack is fiction, the center-piece of operation Locked Shields, a "live fire" cyber exercise run by the NATO Cooperative Cyber Defense Center of Excellence in late April, to test the rapid response capabilities of allied cyber units.
Among the "red team" playing the part of the villainous insurgents are volunteer geeks from the private sector. They were called away from their day jobs — “penetration-testing” the systems of financial institutions and major corporations — to spend a couple days outwitting crack NATO electronic defense teams scattered around Europe.
"We use the same techniques as pen-test companies use, also the same techniques cyber criminals use," explains Col. Artur Suzik, the Estonian infantry officer who runs the center.
It may have been just a war game, but participants say the scenario realistically portrays the threats facing the North Atlantic Treaty Organization as cyber defense emerges at the frontline of alliance strategic thinking.
"If the bad guys are teaming up to do things better, then actually we should be teaming up as well," says Kristiina Pennar, spokeswoman for the cyber center. "We would like to believe that the guys on the defense side are one step ahead. That's what we are working toward."
Fending off cyber espionage or attempts to hack alliance systems has become routine, says Jamie Shea, who heads NATO's Emerging Security Challenges department.
"What NATO is experiencing is pretty much what banks and companies, scientific laboratories and pretty much everybody else is experiencing these days," Shea said in an interview from alliance headquarters in Brussels, Belgium.
"Most are easily parried, pretty much like putting up an umbrella in the rain."
Last year, the NATO Computer Incident Response Capability responded to more than 2,500 cases. That works out to an average of seven cases per day.
Most of the online incidents were dealt with automatically, using special detection sensors, scanners and firewalls. More serious incidents crop about 10 times a month, NATO officials, say. They can include targeted emails with dangerous attachments, probes looking for vulnerabilities in NATO's defenses or denial of service attacks.
Despite the diverse nature of the threat and the increasingly sophistication of the attacks, NATO's cyber defenders are proud that the alliance reached the end of 2012 without any major disruption to its network services.
The alliance however is painfully aware of the danger of a major system-destroying attack that seeks to corrode the West's military defenses, or trigger a disastrous real world event by, for example, interfering with air traffic control, power grids or other critical infrastructure.
NATO’s 2010 Strategic Concept — a roadmap for the decade — recognizes a growing cyber threat from terrorists, organized crime, foreign militaries and intelligence services. These "can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability."
The center here in Tallinn acts as a training and research center, developing strategy and identifying risks and communicating these ideas among allies.
Nightmare scenarios include the prospect of enemy hackers cutting off vital fuel supplies, triggering a missile strike, or opening up dams to cause catastrophic flooding.
"Let's imagine that state A decides it is going to target state B's water purification plant and in particular the computer mechanism that controls the purification of