Eight to 10 sophisticated attacks target NATO’s computer systems every day, says Süleyman An?l, the head of the organization’s Cyber Defense Section. These are the ones that require a response from NATO’s technical experts. In addition, there are many more less sophisticated attacks that are detected and remedied by electronic cyber defense systems without the need for technical experts to get involved.
With 100 or so states acquiring cyber attack capabilities, and a wide spectrum of individual or organized non-state hackers mounting attacks on a multitude of targets, some now view cyber attacks as the fifth dimension of warfare — after space, sea, land and air.
“Everyone is attacking everyone on the Internet,” An?l said in an interview with Today’s Zaman, explaining that attackers range from young ambitious hackers aged 16-17 to “hactivist” groups targeting NATO for a number of causes they advocate, and individuals or groups attacking NATO systems with criminal intent — that is, to steal the organization’s secrets and sell them to interested buyers.
“Cyber attacks on NATO computer systems generally come from state actors because NATO computer systems do not store information that would be of interest to non-state actors,” An?l said.
An?l said cyber attacks originating from groups linked to state intelligence agencies are so common that it can now be considered a “new form of intelligence gathering.” “In fact, one might even ask why an intelligence agency wouldn’t do it,” he said.
According to An?l, of about 100 countries that have acquired cyber attack capabilities, only 10-15 have the advanced capacity sufficient to pose a significant threat. Given that not all the countries in this smaller group would be willing to target NATO, there is only a handful of countries with both the intent and the ability to launch significant cyber attacks on NATO. The systematic nature of these attacks leads NATO officials to suspect that intelligence units have been given orders to attack the organization’s systems whenever they find an opportunity to do so.
“This is not a one-time directive. This is a state-sponsored campaign [to attack NATO],” said An?l.
Asked which countries are most active in cyber attacks targeting NATO, An?l said most appear to originate in China, although the quantity does not automatically mean the Chinese government is behind them, given the vast number of hackers one would naturally expect to find in a country whose population is 1.3 billion.
Despite the quantity, attacks originating in China are not always sophisticated. In fact, the fact that the attacks can easily be traced back to China is a sign that they are not very advanced.
Attacks from Russia, on the other hand, are much more complex and not easily traceable.
In the Middle East, Israel and Iran stand out as countries with the means to mount cyber attacks, but An?l would not be specific.
NATO first realized the need to put a mechanism in place to defend its computer systems when it came under attack in the 1990s, during the Kosovo war. The real turning point, though, was in 2007, when alliance member Estonia’s computer infrastructure was devastated in a significant cyber attack by Russian sympathizers.
Cyber attack on one an attack on all?
In 2010, NATO officially identified the danger of cyber attack against member states as a strategic threat. The alliance’s Strategic Concept adopted at a NATO summit in Lisbon that year states that “cyber attacks are becoming more frequent, more organized and more costly in the damage that they inflict on government administrations, businesses, economies and potentially also transportation and supply networks and other critical infrastructure; they can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability” and cites “foreign militaries and intelligence services, organized criminals, terrorist and/or extremist groups” as potential sources of such attacks.
At the Lisbon summit, NATO leaders promised to “develop further our ability to prevent, detect, defend against and recover from cyber attacks, including using the NATO planning process to enhance and coordinate national cyber defense capabilities, bringing all NATO bodies under centralized cyber protection, and better integrating NATO cyber awareness, warning and response with member nations.”
The alliance’s still-evolving cyber defense strategy also leaves the door open for the collective defense of an ally or allies that may come under a major cyber attack, under Article 5 of the NATO charter.
An?l agrees that NATO strategy does not exclude an Article 5 response and explains: “Imagine a situation in which planes crash and people are killed in a cyber attack on the air control systems of an ally state. There is no room for cyber retaliation in this scenario. This is a situation where NATO could theoretically consider a military response under Article 5,” he said.
An?l, a Turkish IT expert who managed NATO’s operational cyber defense services from 1989 to 2003 at the Supreme Headquarters Allied Powers Europe (SHAPE) in Mons, was later assigned to the NATO Office of Security (NOS), which coordinates, monitors and implements NATO security policy. Since August 2010, he has been the head of a nine-member team at the Cyber Defense Section in the Emerging Security Challenges Division of NATO headquarters in Brussels, which is tasked with planning and coordination of NATO’s cyber strategy. The technical team at SHAPE operates separately, but when necessary works in coordination with the Cyber Defense Section.
When an attack on NATO systems occurs that is not managed by the electronic systems, the technical experts work on it, sometimes for half an hour, sometimes for weeks, depending on the nature of the attack. Usually, the technical service in Mons takes care of these attacks on its own, but the Cyber Defense Section may also be called in for help in coordinating a response with member states on occasion.
In February, a 58 million euro contract was awarded to establish a NATO Computer Incident Response Capability, to be fully operational in 2013. A Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness, according to NATO documents.
One of the few Turks at senior positions in NATO, An?l studied electrical engineering at Middle East Technical University (ODTÜ) in Ankara and worked for ITT/ALCATEL before joining NATO.
The Cyber Defense Section is one of the six departments within the Emerging Security Challenges Division, which was created in 2010 in order to deal with a growing range of non-traditional risks and challenges ranging from a nuclear threat to terrorism and energy security.