Cyber Defense Is All About Political Decisions

Uploaded on 2017-11-27 in NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

One of the things democracies are least prepared to handle about a cyberattack is how quickly the response to it turns in to a a political controversey.

Defense officials responding to an attack quickly encounter bureaucratic roadblocks and geopolitical concerns they may be unprepared to navigate.
 
That was one of the main takeaways from a first-of-its-kind tabletop cyber exercise Estonia hosted in October.

CYBRID 2017 put European Union defense ministers in the hot seat as a fictional scenario “moved from a minor cyber incident up to a real blockade of communications systems that stopped a naval operation on the Mediterranean,” Estonian Defense Minister Jüri Luik said.

“At first, you were not able to recognise whether it was a cyberattack against just the personal computers of the people working there, or was it, for instance…a ransomware attack. And then it became more and more confusing,” Luik told reporters in Washington this week.

“There were more hacks, systems were down, computers stopped working, communications stopped working.”

“In the end, we ran into a situation where the whole military communications system was down, and the EU headquarters was not able to contact the ships on the Mediterranean, and there was no clear information about what had even happened to these ships. And from point to point to point, the ministers had to make a decision” about how to respond, he said.

The world hasn’t seen a “9/11-level” cyber incident yet, said Luik, whose country was on the receiving end of one of the most serious to date: A Russian attack in 2007 that shut down the country’s banks, media outlets and government websites. The events played out in CYBRID 2017 didn’t rise to that level either, but one of the things the exercise exposed was just how difficult it is to evaluate how bad things are.

“The biggest issue is that we have no baselines for such attacks,” Luik said. “Our capability to judge what has happened is very complicated, because we even don’t know what these terms mean — is it high-risk, is it low-risk? How do you assess the risk?”

That complicates a nation’s response. Something that can appear small, a seemingly random computer malfunction in an EU military office, can quickly “transpire into a strategic political issue,” said Kristjan Prikk, Estonia’s undersecretary for defense policy.
 
And when that happens, defense ministers have to “be willing to look into that, not on a technical level, but to understand what’s at stake and…tackle those at a strategic political level.”

The exercise revealed various roadblocks to effective response, including the reluctance to share information across political boundaries. Luik said there’s a natural hesitation to disclose vulnerabilities and talk openly about an attack, even among allies.

“The exercise showed us how demanding it is to communicate in order to pass the right information to the public in case of severe cyberattacks, especially on critical infrastructure,” German Defense Minister Ursula von der Leyen said after the exercise. It highlighted “how important the coordination of reactions on cyberattacks is. Coordination not only among EU member states but also amongst EU Institutions and also NATO.”

Once the decision has been made to involve other parties, whether that’s calling in treaty commitments for collective crisis management and security, or just informing critical infrastructure providers to be on alert, there’s still the question of how, exactly, to go about doing so.

So during CYBRID, Luik said, “the ministers had to answer the question, starting from, there is a drone above the EU international installation. Who has the right to shoot it down? Is it the host country or is it the international body? And ending with, the situation is so complicated we have to ask NATO for assistance: How would we do it?”

 “Let’s say you get attacked, a government facility gets attacked,” Luik said. “The immediate assumption would be that we should inform all the power stations, factories, etc., that this kind of attack took place.

“But … everything is classified. How do you share that information? And with whom? Whom do you call? The owners? The heads of the cyber defense units of those organisations?”

DefenseOne

You Might Also Read:

EU Nations Expand Their Cyber Defences:

US Is Not Drawing 'Red Lines' in Cyberspace:

 

« Maritime Cybersecurity: No Substitute for Testing
Thomson Reuters Create A Knowledge Meta-Graph »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

CUJO AI

CUJO AI

CUJO AI is the global leader in the development and application of artificial intelligence to improve the security, control and privacy of connected devices in homes and businesses.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

Nordic Defender

Nordic Defender

Nordic Defender is the first crowd-powered modern cybersecurity solution provider in the Nordic region.

System Two Security

System Two Security

System Two Security automates detection engineering and threat hunting.

Aeris

Aeris

Aeris IoT Watchtower is the world’s first fully integrated cyber security solution for cellular IoT devices.