Connect with us

Hi, what are you looking for?



NATO Exercises Cyber Defences as Threat Grows

In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.

In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.

With its harsh lighting and partitioned desks, the room could be any soulless office. But this is NATO’s “cyber range” and these men and women are running the alliance’s biggest cyber warfare exercise, an electronic defensive drill dubbed Cyber Coalition 2018.

The activity is taking place just 50 kilometres (30 miles) from the border with Russia, seen by the West as the biggest cyber threat after a string of attacks blamed on the Kremlin. Targets have included world sports bodies, the US Democratic Party and the world chemical weapons watchdog in the Netherlands.

NATO says such assaults are becoming more “frequent, complex, destructive and coercive”, and are launched not just by state actors like Russia, China and North Korea but also by criminal gangs intent on extortion and “hacktivists” looking to embarrass big organisations.

“The price of entry into operations in cyber is extremely low,” said US Colonel Don Lewis, deputy director of NATO’s new cyber operations centre, set up this year.

“If you want to come at my nation in the air, you have to build an F-35 — that is not easy to do and it’s very, very expensive. But for the price of a latte at Starbucks and a laptop you can get on the internet and for a few hundred dollars you can get malware (malicious computer code) off the black web,” he explained.

NATO has two cyber rapid reaction teams on standby round the clock, ready to respond within 48 hours. Their weapons are fast computers with vulnerability-analysis code, forensic software and special database-management tools.

“It’s our version of the men in black, carrying lots of strong black plastic boxes with them,” said Jeremy Tod of the NATO Communications and Information Agency.

Advertisement. Scroll to continue reading.

– African scenario –

Despite Russia’s reputation and proximity, the three-day exercise simulates a support operation for a fictional east Africa country that comes under electronic attack from a hostile state just as it is holding elections.

The scenario describes malware infecting a water treatment plant to contaminate drinking supplies and an attack on the railway network, diverting trains carrying NATO troops meant to be guarding polling stations.

Seven hundred NATO cyber experts in different countries scramble to analyse the situation and find a solution.

Exercise director Robert Buckles, a lieutenant commander in the US Navy, said the event aimed to get NATO’s cyber teams used to cooperating under pressure.

It also tested how offensive cyber weapons — made available by some NATO members — might be used as part of the alliance’s response.

The US, Britain, Denmark, Estonia and the Netherlands have all pledged to offer their cyber weapons for NATO operations if requested, figuring that aggressors could be deterred if they knew they would counterattacked.

But Lewis said deploying cyber weapons carries the same risks of real-world arms. Consideration must be given to the risk of “collateral damage,” he said, and the commanders in the exercise stopped short of actually deploying them.

– Cyber deterrence –

Earlier this year the Pentagon released a revamped cyber strategy pledging to “defend forward” — to disrupt or halt malicious activity.

The Netherlands has also taken a public stance on its capabilities. Air Commodore Elanor Boekholt-O’Sullivan, commander of a Dutch cyber unit tasked with offensive tactics, said “unacceptable state behaviour in cyber space would no longer go uncontested”.

Last month, Dutch authorities took the unusual step of identifying four suspected Russian intelligence agents accused of trying to hack the headquarters of the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Hague and sharing a detailed account of their plot.

The move was part of Dutch efforts to build up cyber deterrence — based on naming and shaming culprits coupled with an ability to strike back if so ordered.

“Who gets punched in the schoolyard by the bully? Certainly not the kid who is known for his karate skills and who’s surrounded by friends who will stand up for him,” Boekholt told reporters at the NATO exercise.

Targets can include anything with an internet connection, including computers and smartphones, right up to devices which control key machinery at power plants and transport networks.

“Everything that has an on and and off switch, you can manipulate it,” Boekholt said.

Written By

AFP 2023

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...