Cyberattacks on communication networks and critical infrastructures have become an increasing military threat. NATO’s biggest cyber defence exercise, the three-day Cyber Coalition held in Estonia this week, aims to prep the Alliance for zero-hour.
The scenario for the exercise, held in the eastern town of Tartu, is this:
A small developing country, Tytan, has requested help as elections are due to be held this Sunday. However, seeking regional dominance, neighbour country Stellaria is trying to undermine NATO’s monitoring presence.
“It is hard to imagine a conflict in the near future that wouldn’t include a cyber dimension,” said Chelsey Slack, deputy head of NATO’s cyber-defence unit. “We need to be ready to address that.”
Holed up in a compound in Tartu, around 700 defence troops, information technology experts, legal specialists and government officials from 28 NATO member states, the EU’ Military Staff (EUMS) and Computer Emergency Response Team for the EU Institutions (CERT-EU) took part in NATO’s annual flagship cyber defence exercise Cyber Coalition 2018.
Three partner states, Finland, Ireland and Switzerland, were also on board.
The exercise aims to train cyber defenders from across the alliance in their ability to defend NATO and national networks and to test information sharing, situational awareness in cyberspace, and decision-making.
From defending against malware to tackling hybrid challenges, the exercise uses realistic scenarios to help prepare cyber warriors for possible real-life incidents. Operating from NATO’s Cyber Range in Tartu, the participants are coordinating remotely with colleagues in their home countries.
“We aim to draw attention to the cooperative aspects of cyber defence and draw up assignments taking into account the latest and most relevant trends in cyberspace. This year, the input of our experts is challenging the training audience with legal and operational challenges,” said NATO’s Cooperative Cyber Defence Centre of Excellence (CCD COE) chief of staff, Franz Lantenhammer.
Critical infrastructure security
The fictional scenarios, where allied networks and civilian critical infrastructure systems are under assault, were designed along two lines:
One focuses on the legal aspects of a cyber operation, making participants consider respective regulations for NATO operations or the EU’s General Data Protection Regulation (GDPR).
“Focusing on critical infrastructure security allowed participating teams to have a hands-on experience with possible real-life effects on the broader population in the operation area,” Lantenhammer said.
In 2007, exercise host country Estonia was one of the first European countries to come under massive cyberattack, information warfare and fake news that disabled government, banking and media websites, following a dispute with the Kremlin.
It was a wake-up call for the country, which has since then become a leader in cybersecurity.
In recent years, cyberspace has joined the traditional domains of air, land and sea and cyber-security has become a priority for the Alliance.
“There are a wide array of adversaries out there that choose to use cyberspace exclusively sometimes,” said Colonel Don Lewis, deputy director of the NATO Cyber Operations Center. “But every engagement, it’s clear, now will involve some sort of cyberspace element.”
Approved by NATO defence ministers during the 2014 Wales Summit, the Alliance updated its mutual defence clause, Article 5, towards a new cyber defence policy in which cyberspace was recognised as a new defence frontier.
Article 5 states that an “armed attack” against one member of NATO “shall be considered an armed attack against them all” and opens the way for members to take defensive action to restore security. Following the agreement, a digital attack on a member state is now covered by Article 5.
“A decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis,” the Wales provision reads.
At a NATO Summit in July 2018, members approved a new Cyberspace Operations Centre and the ability to draw on allies’ cyber capabilities in NATO missions and operations, as NATO does not have its own cyber weapons.
In recent months, several countries, including the US and Estonia, have offered the Alliance their cyber capabilities, in a message aimed primarily at Russia.
But while NATO itself won’t conduct offensive cyber operations as an alliance, it will coordinate actions of any of its member nations launch on their own as sovereign states, NATO officials indicated earlier this year.
However, officials don’t hide the fact that deterring potential aggressors from even thinking about attacking in the first place is one of the goals of the exercise.
Although the cyber exercise takes place practically at Russia’s doorstep, NATO officials told reporters they weren’t conducting it a specific nation-state or aggressor in mind.
The exercise comes at a time when tensions have flared up again between Moscow and Kiev in the Azov Sea, where Russia fired on Ukraine’s navy near Crimea in a major re-escalation of the war.
Ukraine, which is set to hold general elections next March, has partially imposed martial law in some regions, and the Ukrainian president warning of the risk of ‘full-scale war’.