In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.
With its harsh lighting and partitioned desks, the room could be any soulless office. But this is NATO’s “cyber range” and these men and women are running the alliance’s biggest cyber warfare exercise, an electronic defensive drill dubbed Cyber Coalition 2018.
The activity is taking place just 50 kilometres (30 miles) from the border with Russia, seen by the West as the biggest cyber threat after a string of attacks blamed on the Kremlin. Targets have included world sports bodies, the US Democratic Party and the world chemical weapons watchdog in the Netherlands.
NATO says such assaults are becoming more “frequent, complex, destructive and coercive”, and are launched not just by state actors like Russia, China and North Korea but also by criminal gangs intent on extortion and “hacktivists” looking to embarrass big organisations.
“The price of entry into operations in cyber is extremely low,” said US Colonel Don Lewis, deputy director of NATO’s new cyber operations centre, set up this year.
“If you want to come at my nation in the air, you have to build an F-35 — that is not easy to do and it’s very, very expensive. But for the price of a latte at Starbucks and a laptop you can get on the internet and for a few hundred dollars you can get malware (malicious computer code) off the black web,” he explained.
NATO has two cyber rapid reaction teams on standby round the clock, ready to respond within 48 hours. Their weapons are fast computers with vulnerability-analysis code, forensic software and special database-management tools.
“It’s our version of the men in black, carrying lots of strong black plastic boxes with them,” said Jeremy Tod of the NATO Communications and Information Agency.
– African scenario –
Despite Russia’s reputation and proximity, the three-day exercise simulates a support operation for a fictional east Africa country that comes under electronic attack from a hostile state just as it is holding elections.
The scenario describes malware infecting a water treatment plant to contaminate drinking supplies and an attack on the railway network, diverting trains carrying NATO troops meant to be guarding polling stations.
Seven hundred NATO cyber experts in different countries scramble to analyse the situation and find a solution.
Exercise director Robert Buckles, a lieutenant commander in the US Navy, said the event aimed to get NATO’s cyber teams used to cooperating under pressure.
It also tested how offensive cyber weapons — made available by some NATO members — might be used as part of the alliance’s response.
The US, Britain, Denmark, Estonia and the Netherlands have all pledged to offer their cyber weapons for NATO operations if requested, figuring that aggressors could be deterred if they knew they would counterattacked.
But Lewis said deploying cyber weapons carries the same risks of real-world arms. Consideration must be given to the risk of “collateral damage,” he said, and the commanders in the exercise stopped short of actually deploying them.
– Cyber deterrence –
Earlier this year the Pentagon released a revamped cyber strategy pledging to “defend forward” — to disrupt or halt malicious activity.
The Netherlands has also taken a public stance on its capabilities. Air Commodore Elanor Boekholt-O’Sullivan, commander of a Dutch cyber unit tasked with offensive tactics, said “unacceptable state behaviour in cyber space would no longer go uncontested”.
Last month, Dutch authorities took the unusual step of identifying four suspected Russian intelligence agents accused of trying to hack the headquarters of the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Hague and sharing a detailed account of their plot.
The move was part of Dutch efforts to build up cyber deterrence — based on naming and shaming culprits coupled with an ability to strike back if so ordered.
“Who gets punched in the schoolyard by the bully? Certainly not the kid who is known for his karate skills and who’s surrounded by friends who will stand up for him,” Boekholt told reporters at the NATO exercise.
Targets can include anything with an internet connection, including computers and smartphones, right up to devices which control key machinery at power plants and transport networks.
“Everything that has an on and and off switch, you can manipulate it,” Boekholt said.