NATO Alliance and the Estonian Cybernetic Sword
The exercise scenario was straightforward: enemy hackers attack the air base of the fictional state “Berilia”. It is clear that they are understood as Russia, the “electronic war” with which the Tallinn cyber division works out ...Official Tallinn likes to repeat that he asked NATO to organize a cyber defense center after hacking attacks on government websites in 2007 during the sadly memorable Bronze Nights. The then head of the Estonian Ministry of Justice Rein Lang said that they were allegedly carried out from the IP addresses of Russian state institutions. At the moment, the Czech Republic, France, Germany, Hungary, Italy, Latvia, Lithuania, the Netherlands, Poland, Slovakia, Spain, the United Kingdom, the United States, Greece, Turkey, Belgium are taking part in the work of the Estonian cyber center of NATO. Austria, Sweden and Finland. The teachings of the Locked Shields series have been the center of cyber defense since 2010. In 2017, the defense forces of Estonia, Finland and Sweden, the armed forces of Great Britain, the command of US forces in Europe, as well as specialists from Tallinn Technical University participated in the organization of the event. In the list of participating enterprises - Siemens AG, Threod Systems, Cyber Test Systems, Clarified Security, Iptron, Bytelife, BHC Laboratory, openvpn.net, GuardTime and others.
According to the scenario of the current "Closed Shields", "enemy hackers" tried to damage, disable, take control
power supply systems, fuel filling stations, surveillance from drones, email services, websites.
“These systems, software, information technologies are actually used at air bases,” said Raimo Peterson, head of technology at the NATO Cyber Defense Center. In accordance with the outlined scenario, the “blue” team was supposed to operate in the conditions of “cyber attack”, the number of which reached 2500, to ensure the operation of key services and networks of the military base “Berylia”. The program of the event was included, along with the technical, and strategic component. Experts in the field of politics and law gave their lectures.
According to Peterson, using each virtual system as a “springboard” to “jump” into a more protected one, hackers are able to disable the entire airbase. It is worth noting that the NATO airbase is located in Estonian Emari, where alliance fighters are based there patrolling the airspace over the Baltic States. “Today, a telephone is the same computer, a smart watch is a computer, and a car is a whole set of computers. We do not attack smart watches at these exercises, but we had a scenario in which IP cameras and other smart home devices were attacked. We see that more and more of this technology is connecting to the Internet in everyday life. Cyber defenders must be prepared to protect such systems, ”said Rein Ottis, representative of NATO cyber center. “Can you imagine that in order to drive a car, we will not need a driver in the future? And what if a self-driving car is hacked and can be controlled as a kind of weapons on distance? I think that such threats can appear, ”- NATO expert cyber security expert, Jean-François Agnessens, sounds alarming.
“The main problem question is how to prove that a certain group of people or a state are involved in an attack? On the question of how to respond to cyber attacks, which are believed to have been committed by another state, global practice is still very small. We can say that the accusation of another state has not yet yielded any serious practical results, ”explained the head of the NATO cyber center’s law and policy department, Lauri Aasman.
According to him, the information background that accompanies government cyber attacks may be a signal that certain servers have been hacked.
For example, this could be the placement of fake News on media sites. It was with the posting of fake news on the website of the airbase that the state of Berylia plans to spray paralytic gas from the aircraft and the hacker attack began during the “Closed Shields”. It is significant that in these exercises the Estonian team took second place, beating the NATO team, but losing to Czech IT specialists.
“Hackers appear from different parts of the world. There are no borders in the cyberworld, so for such a criminal there is no difference, he is in New Zealand, Brazil or Africa. He can attack the infrastructure of any state. But where the defenders come from is a good question, because the Estonian education system must train them, these high-quality cyber-experts, ”says Clyde Mägi, head of the incident department of the state Department of Information Systems. According to the head of the NATO Cyber Defense Center, Sven Sakov, his staff are watching what is happening in the world. “It is important to note that we are not an operational unit, that is, we are not daily engaged in the defense of anything. We conduct research, train people, organize courses. We also conduct similar exercises, ”Sakov said.
In February, the cyber center staff presented the Tallin Manual.2 book, which analyzed the norms of international law in terms of how they can be applied to cybercrime.
Siim Alatalu, head of the international relations department of the Center for Cyber Security, said: “Our experts studied current international law in terms of the possibility of applying its norms in the Internet sphere. These are different legislative areas: environmental law, space law, human rights, and so on. And they developed some 160 rules. This is an attempt to adapt existing norms to the current Internet reality. This is not some kind of official document: independent experts from different countries worked on it. ”
Alatalu added that cyber attacks are increasingly becoming a normal part of everyday life, repeating stereotypical statements about the all-powerful "Russian hackers." “You no longer need to be on the brink of war with someone to undergo a cyber attack. Therefore, now cybercrime cannot be treated exclusively as a military threat. Let us recall, for example, the attack of Russian hackers on the servers of the Democratic Party in the United States. Cyber attacks are becoming more destructive in their consequences and less and less predictable. The population of the world is now about 7 and a half billion people. Of these, three and a half billion are connected to each other via the Internet. This is convenient, but it is a huge challenge, because there is a potential danger here, ”said Siim Alatalu. Answering the question of whether the center provides assistance in case of large-scale cyber attacks, Alatalu said: “It is possible, but we are not authorized by the states to solve such issues. We rather advise. In addition, once a year we conduct exercises in which different countries take part as players. We form a team that acts as a hacker, and national teams must repel their attacks. ”
In other words, representatives of the cyber center in every way emphasize the defensive nature of their activities. But is it?
“According to the official legend, the“ cybercenter ”in Tallinn is intended to protect countries belonging to the military-political bloc opposing us from external“ cyber-attacks ”. But in fact, only one step separates from defense to attack, ”said Russian military expert Igor Korotchenko. He adds: “Americans are continuously monitoring the Russian segment of the Internet, the websites of state and regional authorities, ministries and departments. Again, a cyber attack can be carried out by a command from the center against them. Social networks are subjected to similar “probing” in order to establish control over social and political activity and the moods of citizens. In the prewar period, the parties are actively engaged in information stuffing, which are designed to undermine the citizens' confidence in the government. And also to sow in the society doubts about the correctness of its foreign and domestic policy. Before the start of real hostilities, cyber attacks can be conducted against the websites of state authorities and control centers. ”
It is worth mentioning here that two years ago, the Pentagon presented a new “Cybersecurity Strategy”, which turned out to be an expanded version of the similar document 2011 of the year. One of the areas identified by American strategists concerns working with “foreign allies” to gather intelligence information, the other is cybernetic support for US military operations.
This document, unlike the previous one, explicitly names the main opponents of the United States in cyberspace - China, Russia, the DPRK and Iran.
And in early November, 2016, NBC News, referring to its sources in American intelligence, announced that the alleged “military hackers” of the United States had infiltrated Russia's power grid and telecommunications, as well as into the Kremlin’s command system, making them vulnerable to attack by the American secret cyber weapons, if Washington deems it necessary.
A year ago, the then Estonian Foreign Minister Marina Kaljurand, speaking in Brussels, said: “We consider it necessary to increase political and operational cooperation in the field of cyber defense and the exchange of information between the EU and NATO. The EU’s broader approach to cyber security and the more narrowly focused cyber defense activities of NATO complement each other. Information sharing makes it possible to more effectively identify all incidents and respond to them faster. ” The fact that such statements are made by the Estonian minister is not accidental - among the NATO countries this particular state has one of the most developed infrastructures for cyber war. Indeed, in addition to the Cybersecurity Center, the structures of the IT Center of the European Union are also located in Estonia. As part of the Estonian civilian militia, the Defense Union (Kaitseliit), a special “cyber defense unit” has been operating since 2010.
It is worth remembering the events of almost four years ago. The author of the Independent Military Review, Maxim Crans, spoke about the largest exercises at the time at the end of November in Estonia to work out the cyber defense issues of the NATO infrastructure Cyber Coalition-2013. Almost 2013 people then took part in them: more than 500 employees of the Tallinn Joint NATO Cyber Defense Excellence Center and even more 100 officers from 300 countries (members and partners of NATO) - remotely. These figures give an idea of the significance of the structure created by the alliance in Tallinn. The “cybermaneuvers” scenario of November 32 provided for, in addition to repelling aggression against Estonia by the fictional state of Botnia (which, again, Russia was understood), and working out the defense of the NATO countries from the large-scale cyber-attacker of the alleged enemy. “Amazing” coincidence - at the very beginning of the exercise, the state information resources of Ukraine, Russia, Poland and the Baltic countries were subjected to quite real, and not educational, hacker attacks. For several hours, even the site of the Tallinn NATO Cyber Center stopped working.
“I was alarmed by the fact that for some reason the Estonian authorities, who had lost access to the website of their Ministry of Defense for almost a day (!), Decided not to investigate the incident. They say the damage is minimal, and the investigation will be too expensive. Agree, a very strange explanation from the leadership of the country, on the territory of which the Center for Cyber Defense of the North Atlantic Alliance is located, which was created at the time to protect Estonia itself from hacker attacks. With Ukraine, the situation is different. On the sites of the Ukrainian state structures that were disabled (the Prosecutor General’s Office, the medical service of the Security Service of Ukraine and others), on behalf of the NATO Cyber Center in Tallinn, a warning was posted about the incompatibility of these web pages with NATO cyber security standards. And although this was the number one news in the news and on social networks, the leadership of Ukraine did not respond to it at all.
Obviously, the official Kiev chose to stick their heads in the sand just in case - as if something had happened. To blame NATO for cyberterrorism or to conduct its own investigation, Viktor Yanukovych clearly did not have enough spirit, ”writes Crans. Brussels, of course, denied any involvement in these incidents, and their true reason remained unclear to the public.
In conclusion, it is worth recalling that the vital activity of any state is closely tied to the normal functioning of its computer systems.
Computers currently manage and control almost anything and everything. Accordingly, the temptation to set up a “digital Pearl Harbor” for a potential enemy, throwing it into the Stone Age at one stroke, will always remain.
Information