AusCERT 2013: International cyberwar response more complex than geopolitical treaties: NATO CCD COE analyst

Anna-Maria Talihärm, NATO CCD COE (Cyber Defence Centre of Excellence) analyst

They may not be able to call on real-world cooperation and defence agreements to build their cyberspace defences yet, but government security organisations may find value in emulating Estonia’s experience building a voluntary ‘cyber corps’ of security professionals available in times of need, NATO CCD COE (Cyber Defence Centre of Excellence) analyst Anna-Maria Talihärm has advised.

Technology savvy Estonia has been undertaking information-security research since 1991. A national CERT (Computer Emergency Response Team) was created in 2006 and the NATO CCD COE got its accreditation in 2008. In 2011, the Estonian Defence League’s Cyber Unit (EDL CU) was formally established.

Quite differently than the model used in many parts of the world, EDL CU is involved in enhancing public-private partnerships by maintaining a volunteer structural unit within the EDL. Private-sector security experts, as well as those involved in law and other IT-related fields, are encouraged to be involved in the effort to preserve what the EDL CU charter calls Estonia’s ‘e-lifestyle’.

“What makes this unique is that many countries have defence units within their military structure, but the Estonian example is on a voluntary basis,” Talihärm – a senior analyst with NATO CCD COE and lecturer at Tallinn Technical University who presented on Estonia’s model at AusCERT 2013 – told CSO Australia.

“What is really interesting for me as a researcher is how we can use this unit in a situation of crisis,” she continued. “When we talk about cyber attacks it becomes much more serious because you never know how far or where does the cyber incident escalate: it can go right across thresholds of nations, and is closely related to national security.”

With state-sponsored cyber attacks on the agenda, developing a firm action plan for cyber-attacks had escalated the urgency for a clear chain of command, Talihärm said.

The EDL CU’s mission statement says the organisation “focuses on helping civilian structures during peacetime and on the establishment of supportive capacities for operation in crisis situations”, but it is the nature and power of those capacities that drew Talihärm’s interest.

“Other countries have platforms for public-private partnerships, but Estonia has taken it one step further by writing the possibility of using this unit in a time of crisis into its legal access. There are conditions, but still we have a structure that allows us to use a voluntary based EDL CU in the national structure.”

NATO CCD COE, currently involving 11 sponsoring nations, has found the Estonian example of a Cyber Unit to be a compelling research topic, touching the broader issue of effective national coordination and international cooperation in a time of crises. Attempts to extend such arrangements beyond geographical borders and reinforce existing regional partnerships would, however, be bound to run into legal and political issues such as national sovereignty and differences in security philosophy.

These differences would make it build an EU-styled cybersecurity relationship based solely on countries’ proximity to each other: “you have to take into account 27 member states’ different opinions and different development levels, so in a sense it’s easier to protect one country,” Talihärm said.

Such differences would complicate the formation of NATO-like ‘blocs’ of cyber-defence powers, although Talihärm said it did not mean that countries couldn’t ally with each other to improve their co-ordinated response in the event of cross-border cyber-attacks.

If country A was being attacked by country B from servers based in country C, Talihärm hypothesised, such cooperation might see country C providing information and support to country A to help it fight the threat.

Such alliances could rewrite geopolitical alliances that have historically been based on geographic concepts but can, through the instantaneous global connectivity of the Internet, be based more on shared interests with countries at similar developmental stages.

That would suit the Asia-Pacific geography, where developed first-world countries like Australia, New Zealand, Singapore and Japan shared more cybersecurity commonalities with peers in the US, UK, and Europe than with many of their neighbours.

“It is understood that it’s difficult to agree on something concrete because there are so many different concepts and frameworks at both national and international levels, and people and countries are afraid to bind themselves to certain rules,” Talihärm said.

“However, we believe in principles. Cyberspace has no borders, so the enforcement problem will always be there – but I think the most likely thing to happen would be that like-minded countries agree to exchange certain information, and work to certain principles, to fight the threat together.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags AusCERT 2013cyber crime

More about CERT AustraliaComputer Emergency Response TeamCSOEUNATOTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place