NATO & EU Form Cybersecurity Partnership

Uploaded on 2018-04-19 in NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Orange:NATO  Blue:EU  Purple:Both

NATO and the European Union are improving information sharing on the cyber threat and bolstering collaboration on potential solutions. The two organisations seek to increase the relevance of shared data and are discussing the potential for sharing classified information.

Although they have very different missions, NATO and the European Union (EU) face a similar threat in cyberspace, officials say. NATO engages in peacekeeping, humanitarian and military missions, while the EU focuses on economics across the continent.

But both were forced to defend their critical networks when the WannaCry ransomware and the NotPetya malware began infecting systems across the globe. EU officials estimate that businesses faced more than 4,000 ransomware attacks per day last year, and 80 percent of European companies experienced at least one cyber-security incident.

The economic impact of cyber-crime has risen fivefold over the past four years alone, according to EU documentation.

Gregory Edwards, director of infrastructure services for the NATO Communications and Information Agency (NCI Agency), notes that the threat has evolved to the point that it is now difficult to determine whether an attack is being carried out by so-called hacktivists, criminal organisations or nation-states.

“It’s hard to tell which is which. What you think is ransomware designed to extort money can have a completely different purpose, so you end up defending against everyone at the same level,” he asserts.

In February 2016, the two organisations signed a technical arrangement on cyber defense that allows information sharing between the NATO Computer Incident Response Capability and the Computer Emergency Response Team of the European Union (CERT-EU). The technical arrangement provides a framework for exchanging information and sharing best practices between emergency response teams.

For instance, the EU cyber response team can now share and access unclassified cyber threat data provided through NATO’s Malware Information Sharing Platform (MISP), a portal put in place several years ago to improve cyber situational awareness among partner nations.

“The Malware Information Sharing Platform is a method by which users can provide information on threat activities. We adopted it for NATO and now allow them [the EU response team] to use it,” Edwards explains. “Some partner nations are allowed to use it, and industry as well.” He adds that the portal receives about 50 entries each month.

The portal allows sharing of technical characteristics of malware without having to offer up more sensitive information about the context of an incident. It combines a searchable repository with a multidirectional information-sharing mechanism.

The portal’s aim is to speed up the detection of incidents and the production of defense countermeasures, especially for malware that is not blocked by antivirus protection, or that is part of sophisticated targeted intrusion attempts.

Malware experts can use the system to discover the indicators of compromise they need to correlate with their findings and to update detection systems. The portal also includes malware samples and a wide variety of technical information on malicious software.

MISP is an interactive platform that sends a notification each time something new is shared, provides automation for easy import and export of data, and integrates with cyber defense tools. MISP is secure but accessible via the Internet. The MISP portal is malware-based right now, but it could one day provide a broader array of information, including lessons learned.

Although MISP currently includes only unclassified data, NATO officials built it with the intent of one day sharing classified information as well. “We would love to do that. The system has the ability to go there. It is just up to the community to agree,” Edwards offers.

“We have to continue communicating and see if there is a noticeable will to do more to up the level of information sharing to more protected or more inclusive information. It would let us strengthen the defense of both enterprises.”

The MISP system provides some automation mechanisms enabling the import and export of data and interfacing with other systems, but Edwards reports that some users are advocating for additional automation tools to improve data sharing and analysis.

 “The community wants a tool that will be able to automatically ingest information and speed up the analysis of that information for improved situational awareness. We’re chasing that quite heavily,” Edwards says.

He also stresses the need for NATO and the EU to provide only relevant information. “We don’t want to just share information, but to share pertinent information. We need to start providing more meaningful data that is actionable, and we are discussing how to do that,” Edwards states.

The NATO-EU collaboration has proved beneficial during high-profile cyber-attacks, including WannaCry and NotPetya, he reports. Although he cannot provide details, Edwards says the partnership improved situational awareness for both organizations and allowed for a faster, more effective response.

“Anytime we have information sharing, it means we have greater situational awareness. The 29 nations may see different things. They may react differently. If we can put all of that information together and collaborate, it allows everyone to be more effective,” Edwards asserts.

The partnership also allows the EU to participate in cyber-related NATO exercises such as Cyber Coalition and Locked Shields. Cyber Coalition is NATO’s flagship cyber exercise.

The most recent event took place last November and included more than 700 participants from 25 allied nations as well as NATO partner countries, the EU, industry and academia. The exercise tests and trains cyber defenders from across the alliance in their ability to defend NATO and national networks.

From defending against malware to tackling hybrid challenges involving social media to handling attacks on mobile devices, the exercise uses realistic scenarios to help prepare cyber warriors for real-life challenges.

Locked Shields is an advanced technical live-fire network defense exercise. This annual scenario-based, real-time international event, which has been organized by the NATO Cooperative Cyber Defence Centre of Excellence since 2010, focuses on training for security experts who protect national information technology systems.

The exercises are often used to evaluate cybersecurity tools, and NATO and EU officials share information about which tools they find useful. The two organizations do not partner in the development or acquisition of cybersecurity technologies, but Edwards says this might make sense in some cases.

It might be possible, for example, to save money on enterprise-level software licensing agreements. He cautions, however, that while NATO and EU officials are discussing the possibility, no policy has been established to pursue a joint procurement effort.

The NATO-EU partnership offers lessons learned that benefit both parties. Edwards cites some innovative uses of open source information that NATO picked up from EU cyber experts. And the collaboration will only improve, he predicts, as participants grow more comfortable releasing cyber-related information. “Trust develops over time,” he says.

AFCEA

You Might Also Read:

Which Countries Are Ready For Cyberwar?:

NATO Could Go To War In Response To A Cyber Attack:

 

« Increase In State-Sponsored Cyber Attacks
Swedes Turn Against Cashlessness »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

SKKU Security Lab (seclab)

SKKU Security Lab (seclab)

SKKU Security Lab supports research and education in information security engineering. The lab is a part of the College of Software, Sungkyunkwan University.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Netsecurity AS

Netsecurity AS

Netsecurity is a Norwegian owned company focused and specialised within IT security and cybersecurity-as-a service.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

Axiado

Axiado

Axiado Corporation is a security processor company redefining hardware root of trust with hardware-based security technologies, including per-system AI.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

Cybermindz

Cybermindz

Many cyber security professionals are under sustained and increasing stress. We set about providing direct support to restore and rebuild emotional and cognitive health.

Soteria Cybersecurity

Soteria Cybersecurity

Soteria is your trusted Cybersecurity Partner in IT and OT.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.