NATO CCDCOE urged to promote cooperation in training of cyber-defence experts as the cyber realm declared a theatre of war.
Cooperation in cyber-defence training urged by Finnish Defence Forces chief of general staff vice admiral
The need for international cooperation in training cyber-defence experts was emphasised by Finnish Defence Forces chief of general staff vice admiral Kari Juhani Takanen during his visit to the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence in Estonia last Thursday.
“Finland is building up its cyber-defence capability and we need the most knowledgeable people,” Takanen said, adding that international cooperation is essential in training experts to counter hybrid threats
Reiterating recent NATO statements on cyber-warfare, Takanen added, “threats in cyber-space are real and it is rightfully becoming a domain of warfare. This means nations have to focus on operational issues in the digital space and laws often need to catch up with events on the ground.”
The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) is a NATO-accredited knowledge hub, think-tank and training facility which focuses on interdisciplinary applied research and development, as well as consultation, training and exercises in cyber-security.
Last month, ahead of the NATO decision to classify cyber-space a theatre of war, a new cyber-policy brief published by the CCDCOE emphasised that the Alliance needs to clearly recognise that network defence does not equal collective defence in cyber-space and develop the full range of military capabilities to defend the Alliance and its interests.
The report, Is NATO Ready to Cross the Rubicon on Cyber Defence? by Matthijs Veenendaal, Kadri Kaska and Pascal Brangetto, looked at NATO and national military cyber-defence policies beyond the Warsaw Summit and lays tracks for the future and considered how Allies could best deploy cyber-capabilities in cooperative defence that goes beyond the current NATO policy on cyber defence.
“Recognising cyber-space as a domain of warfare would be an important step in the right direction. This will impel the Allies to define not only terms and definitions but also to establish common ambitions, procedures, and doctrine,” says the cyber-policy brief.
“Since 2002, NATO has invested significantly in improving the defence of its networks. However, NATO has shown little inclination to move away from its current purely defensive posture in cyber-defence,” the analysis reads. “In order to achieve a more mature and realistic cyber-defence posture, the Alliance must address two important issues. Firstly, it must clearly recognise that network defence does not equal collective defence in cyber-space. Secondly, given that NATO accepts the applicability of collective defence in cyber-space, Allies should develop the full range of military capabilities to defend the Alliance and its interests.”
The authors also called for developing a doctrine and procedures to allow for the use of cyber-capabilities as operational military capabilities. It needs to distinguish the policy mandate applicable to network defence in peacetime from the policy mandate applicable for cyber-operations in military operations and collective defence to ensure that it has the full range of capabilities necessary to deter and defend against any threat in and through cyber-space.
Because we won World War II in less time than we have been working on an offensive information warfare capability, the July 18 Politics & the Nation headline “For Pentagon, a slow start in its escalating digital war against Islamic State” was significantly understated.
There are three reasons for this, and they are easy to understand. First, we populate our cyberwarfare capability with officers whose training and experience are in kinetic, not digital, warfare. We would be better off with a group of hackers or by elevating civilians, who would stay in place over a long enough period of time to acquire the requisite skills. Second, we do not have people in key positions or in sufficient numbers who are fluent in either Arabic or Pashto or in grasping cultural nuances. If you can’t understand the language or culture, it is pretty hard to figure out what is going on and respond to it on either a technical or psychological level. And third, the complex web of organizational relationships in U.S. cyberwarfare precludes quick and dynamic decision-making when time is of the essence.
This week, the 28 member states of the North Atlantic Treaty Oganization will meet in Warsaw, Poland, to discuss the future of the world’s largest military alliance. At the Warsaw Summit, NATO is expected to classify cyperspace as “Operational Territory,” making the online and digital property of member states equivalent to their geographic territory. In other words, if a foreign state messes with a NATO country’s computers, it might as well have just rolled a tank over their border. While NATO’s proclamation shows that the battlefield of the future is changing rapidly, it also proves that no one is completely sure how to conduct cyberwarfare yet.
“When I read this [proclamation], I read it like the Nigerian constitution being hard on corruption — it’s aspirational. It’s not in and of itself something that will lead to a huge outcome of change,” Josef Ansorge, author of Identify & Sort, a book which examines the role of information technology in international relations, tells Inverse.
NATO’s operates as a “collective defense” organization. Under Article Five of the official treaty, an attack on any member nation constitutes an attack on the whole alliance, who will respond in kind. The new rule technically means a cyber attack on any NATO member state would also trigger Article 5, but Ansorge says digital attacks often aren’t as clear cut as physical violence, nor is retaliating to them. Ansorge says the digital battlefield raises three crucial conundrums to world leaders: how to legally classify digital attacks, establish the perpetrators of the attack, and how to respond proportionally. In short, cyberwarfare gets very complicated, very quickly.
The two tech giants have stepped up their fight using the same technology used to remove videos with copyrighted content.
Silicon Valley has long struggled with how to police inappropriate or even criminal content. Earlier this year, Microsoft, Facebook, YouTube, and Twitter agreed to work with the European Union to identify and combat hate speech online. The problem these companies face is that they often rely on users submitting and flagging material, but the concern is that if companies start taking down users’ posts themselves, they run the risk of being seen as self-censoring. Now, though, at least two tech companies have turned to automation to remove extremist content from their platforms.
YouTube and Facebook are among a group of tech giants that have quietly begun to use automation to eradicate videos featuring violent extremism from their Web sites, Reuters reports. Two sources tell the news outlet that the technology the companies are utilizing is the same used to automatically identify and delete copyright-protected content, though it’s unclear how much of the process is automated. (Google, Facebook, and others are already using automation to eliminate child pornography on their platforms.) The companies’ end goal is not to identify new extremist videos posted to their platforms, but to prevent re-posted material that’s already been deemed inappropriate from spreading, including Islamic State videos. Neither YouTube’s parent company Google nor Facebook would confirm the reports, nor will they discuss the use of such automation publicly, Reuters’ sources say, partially out of concern that terror groups will learn to circumvent the technology.
It’s easy to forget about the submarine cables that lie beneath our oceans, but without them, the world would come to a standstill. The cables that connect six of the Earth’s continents are vitally important, accounting for more than 95 percent of phone calls, internet service, and data traffic between the United States and the outside world, as well as a huge amount of money.
“They are responsible for $10 trillion worth of transactional value every day,” Commissioner Jessica Rosenworcel said during a monthly Federal Communications Commission meeting today. “That is more than triple what the United States spends on health care annually. It is greater than the combined domestic product of Japan, Germany, and Australia. It is a big deal.”
Last summer, on July 8, 2015, a typhoon ripped through the Pacific Ocean and damaged one of these submarine cables. According to FCC Chairman Tom Wheeler, for months, it left tens of thousands of U.S. citizens in Pacific islands unable to use a credit card, withdraw money from an ATM, or make a phone call even to 911. Today, the FCC decided that the security and maintenance of the underwater cables had been ignored long enough, and enacted a new rule it hopes will help prevent disasters like the July 2015 outage.