Industry, military experts discuss murky cyberwar issues

Countries are grappling to define cyberwarfare and how they can respond under international law

Nations increasingly touched by cyberattacks are still in the very early stages of figuring out how to deal with incidents that could escalate into critical national security threats.

From DOS (denial-of-service) attacks on Web sites to hacking attempts on power grids and financial and military systems, experts are warning that the next wars will be kicked off by electronic blitzes from non-state actors and that nations haven't worked out clear strategies.

But academics, experts from private companies and government officials are discussing those issues this week in Tallinn, Estonia, at the first-ever Conference on Cyber Warfare. It's hosted by the Cooperative Cyber Defense Center of Excellence (CCDCOE), launched in May 2008 to help NATO countries deal with ever-growing cyberthreats.

"Cyberattacks are here to stay," said Jaak Aaviksoo, Estonia's defense minister, during a keynote speech on Wednesday. "They are not disappearing."

Estonia experienced a devastating cyberattack in 2007 following a decision to move a statue memorializing Russian soldiers who fought during World War II. Pro-Russian hackers took down bank and school Web sites via DOS attacks on Estonian networks.

Subsequently, Georgia experienced similar attacks following its conflict with Russia last year. And earlier this week, Iranian news Web sites and those belonging to political organizations were hit with DOS attacks following the contested re-election of President Mahmoud Ahmadinejad.

A multitude of issues are under discussion at the CCDCOE's conference: how nations can legally respond under international law to cyberattacks, how nations should render assistance to one another and simply what is the definition of a cyberattack.

None are likely to be resolved quickly, said Estonian Army Lieutenant Colonel Ilmar Tamm, director of the CCDCOE.

"The situation changes so rapidly," Tamm said. "We have to be really conscious on the conclusions we recommend, and nations have to be understand the potential consequences of what they adopt on the legal side, the policy side."

The CCDCOE is funded by its seven nation members, which include Estonia, Latvia, Lithuania, Germany, Spain, Italy and the Slovak Republic. The U.S. is not a member but has assigned a civilian with the U.S. Navy to the CCDCOE. Turkey, Hungary and the U.S. have expressed interest in joining CCDCOE.

The CCDCOE does not advise NATO operationally but is instead a think tank that is working in policy areas related to cyberwarfare such as tactics, protection of critical national infrastructure, policy and legal issues, Tamm said. The organization produces research papers, some of which are public and some of which are only for benefit of NATO countries, he said.

On the technical side, CCDCOE also does research on botnets, or networks of compromised computers used in aggregate to carry out malicious activity, as well as ways to automate network analysis tasks such as log files and intrusions.

At the request of NATO, it is also working on a paper that defines concepts around cyberwarfare, Tamm said.

Getting all nations on the same page is crucial. The global nature of the Internet has hampered cybercrime investigations since hackers can route, for example, a DOS attack through countries that have poor law enforcement, said Kenneth Geers, a U.S. Navy civilian analyst assigned to CCDCOE.

"The cyberproblem is real, and it demands an international response, but nobody knows quite how best to improve the international response because nation states and organizations themselves have so many questions about cybersecurity," Geers said.

Another looming issue is the development of offensive cyberwarfare skills that could be used in the event of an attack, but that is not CCDCOE's domain.

"We do know that a number of NATO nations are developing offensive capabilities," Tamm said. "They have reason to do that."

It is clear, however, that organizations such as the Taliban are using the Web effectively, said Johannes Kert, an adviser to Estonia's defense minister and chairman of the CCDCOE's steering committee.

The Taliban and Al Qaeda have created Web sites in order to spread ideology, recruit members and teach bomb-making techniques as well as to promote attacks that have been executed. However, NATO has been focused on cyberdefense rather than offense, Kert said.

"This is a field where we clearly lose today as NATO," he said. "This is a question NATO should start to discuss."

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attackscyber security

More about ecruitNATO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts