Locked Shields 2017, the largest cyber defence exercise in the world, is taking place this week. The event was organised by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.
The exercise involves around 800 participants from 25 nations. Participants include security experts who protect national IT systems, policy officers and legal advisors from NATO Allies and Partners.
According to the exercise scenario, experts will have to defend the services and networks of a military air base of a fictitious country, against cyber-attacks targeting the base’s electric power grid system, drones, military command and control systems and other infrastructure.
More than 2500 cyber-attacks will be simulated. While IT experts will train to defend computer networks and handle legal and forensic challenges, policy officers will exercise their decision-making procedures.
The exercise takes place in cooperation with the Estonian Defence Forces, the British Army, the United States European Command, the Finnish Defence Forces, the Swedish Defence University, and Tallinn University of Technology. Industry partners are also closely involved.
In April 2007, Estonia came under cyber attack in the wake of relocation of the Bronze Soldier of Tallinn. The largest part of the attacks were coming from Russia and from official servers of the authorities of Russia.
In the attack, ministries, banks, and media were targeted. This attack on Estonia, a seemingly small Baltic nation, was so effective because of how most of the nation is run online. Estonia has implemented an e-government, where bank services, political elections and taxes are all done online.This attack really hurt Estonia’s economy and the people of Estonia.
At least 150 people were injured on the first day due to riots in the streets.
In the US, General Keith B. Alexander, first head of the recently formed USCYBERCOM, told the Senate Armed Services Committee that computer network warfare is evolving so rapidly that there is a “mismatch between our technical capabilities to conduct operations and the governing laws and policies”.
“Cyber Command is the newest global combatant and its sole mission is cyberspace, outside the traditional battlefields of land, sea, air and space. It will attempt to find and, when necessary, neutralise cyberattacks and to defend military computer networks.”
Alexander sketched out the broad battlefield envisioned for the computer warfare command, listing the kind of targets that his new headquarters could be ordered to attack, including “traditional battlefield prizes – command-and-control systems at military headquarters, air defence networks and weapons systems that require computers to operate.”
One cyber warfare scenario, Cyber ShockWave, which was wargamed on the cabinet level by former American administration officials, raised issues ranging from the US National Guard to the power grid to the limits of statutory authority.
Examples of cyberwarfare driven by political motivations can be found worldwide. In 2008, Russia began a cyber attack on the Georgian government website, which was carried out along with Georgian military operations in South Ossetia. In 2008, Chinese ‘nationalist hackers’ attacked CNN as it reported on Chinese repression on Tibet.
Jobs in cyberwarfare have become increasingly popular in the military. The United States Navy actively recruits for cyber warfare engineers for example.
I do worry that the UK is woefully under prepared for this new theatre of war and although I really dont know what our capabilities are, unless we start preparing to become a leader in this activity we will soon be far behind our adversaries.
There really needs to be a 20k division size force applied to this now..
I’m not sure where our core resources lie for this but if it’s within GCHQ or has a lot of input from GCHQ then I’m not so pessimistic. This is also an area where HMG does genuinely seem to be putting a lot of money into.
During the later end of my career I interacted with GCHQ and many of its counterparts around Europe and other parts of the world. We also had a number of ex-GCHQ technical people on staff. I was not privy to any confidential information, in fact one of the things that impressed me most was how tight lipped our ex-GCHQ staff were, but my general impression from numerous interactions with current and ex GCHQ staff and from seeing the scale of GCHQ and other agencies purchases (there I did have access to some classified information) I found them to be in an entirely different league to all the other agencies that I dealt with. One other agency was as impressive as GCHQ in attitude, approach and expertise but had significantly fewer resources so was still not in GCHQ’s league. (For the record, I did not deal with NSA so offer no views there.)