Improving Alliance Cybersecurity

November 2010
By Linton Wells II, SIGNAL Magazine

Cyberdefense is far from being a challenge just for the United States—there are many international aspects to this issue. In this column last month, I cited the important Foreign Affairs article “Defending a New Domain” by Deputy Secretary of Defense Bill Lynn, which addresses U.S. Defense Department cyberstrategy head on.

Alliance relationships depend on shared trust, especially in networked environments. Lynn’s article notes that, “Some of the United States’ computer defenses are already linked with those of U.S. allies, especially through existing signals intelligence partnerships, but greater levels of cooperation are needed to stay ahead of the cyberthreat. Stronger agreements to facilitate the sharing of information, technology and intelligence must be made with a greater number of allies.”

Some of the specifics Lynn cites are new, but the importance of stronger allied computer defenses is not. In the late 1990s, after the intrusion events known as Solar Sunrise, then-Deputy Secretary of Defense John Hamre visited allies in Europe and Asia to discuss the importance of network security. Since then, the United States has negotiated bilateral information assurance/computer network defense agreements with a number of countries. These agreements emphasize that continued shared trust requires all parties to make serious efforts to secure both their information and the systems that store, process and share it.

It is well to pursue bilateral agreements, but NATO collectively must do more. Lynn’s article also notes, “The report NATO 2020, a NATO-commissioned study chaired by former U.S. Secretary of State Madeleine Albright, rightly identified the need for the alliance’s new ‘strategic concept’ to further incorporate cyberdefense. The U.S. government must ensure that NATO moves more resources to cyberdefense so the member states can defend networks integral to the alliance’s operations.”

Implementing this vision will take a serious and sustained effort. Policies and operational capabilities need to change at both alliance and national levels. Over the past few years, NATO has made some progress in the area of cyberdefense—there is an agreed concept, with more-or-less agreed terminology. Progress is being made on a nation-by-nation basis toward consensus on mission scope, NATO’s role, legal issues and other aspects. The alliance’s Cyber Defense Management Board, or CDMB, is operational. NATO’s CyberIncidentResponseCenter, or NCIRC, has reached initial operational capability, though it only deals with a subset of NATO’s collective networks and does not have visibility into national networks.

However, in the broader area related to coordinated cyber operations between NATO and member nations, there is neither an agreed NATO concept nor an agreed NATO terminology. Some countries have registered very restrictive national caveats that effectively would preclude coordinated operations. Much remains to be done.

Nonetheless, there are examples of cyber excellence among alliance members that could be leveraged. Estonia began addressing cyber issues long before the attacks it suffered in 2007. In 2008, the country published a cyberstrategy that called for the development and large-scale implementation of a system of security measures; increasing competence in cybersecurity; improving the legal framework for supporting cybersecurity; bolstering international cooperation; and raising awareness on cybersecurity.

Especially interesting is Estonia’s concept of a cyberdefense league—Kaitseliit, pronounced kite-sel-EET. This is a public/private entity similar to the National Guard that conducts training, education and exercises to benefit both the government and corporate participants. In September, Estonia held a tabletop exercise (TTX) to prepare for e-voting in an upcoming election.

Estonia also hosts NATO’s Cooperative Cyber Defense (CCD) Centre of Excellence (COE). This COE could have a greater effect on alliance cyberdefense capabilities with formal participation from more NATO nations—including the United States—and an expanded role in training and operational matters. Activities could include holding TTXs for senior political and military leaders, and including cyber issues in planning and exercises—examining the impact of cyber disruptions on logistics, for example.

As Lynn’s article noted, U.S. cyber activities now have a great deal of energy focused around real-world “wake-up calls.” A sense of urgency must be conveyed within NATO. Lynn addressed the North Atlantic Council in September about Defense Department concerns. NATO Secretary General Anders Fogh Rasmussen has emphasized cyber in preparations for NATO’s November summit in Lisbon. Follow-on options that could be implemented quickly and at relatively low cost include establishing a dedicated red team to assess vulnerabilities of NATO or national networks, if nations are willing, and to provide concrete recommendations; creating rapid reaction/cyber forensics units—blue teams—to support NATO networks; holding TTXs, as described; enabling access to an existing national cyber range or developing an alliance cyber range within which defenses could be tested, capabilities developed and exercises conducted; and strengthening the CCD COE.

These are areas where AFCEA members could play important roles, on both alliance and national bases. AFCEA and its members bring an international focus, a defense orientation and technical skills that are sorely needed. Get engaged!

Linton Wells II is the director of the Center for Technology and National Security Policy in the Institute for National Strategic Studies, and a distinguished research professor at the NationalDefenseUniversity in Washington, D.C. The views expressed are his own and not those of the U.S. Defense Department or of SIGNAL Magazine.