Forum Sur l'Armée Algérienne
Cooperative Cyber Defence Centre of Excellence
The Cooperative Cyber Defence Centre of Excellence (CCDCOE) was established in May 2008 in Tallinn, Estonia to enhance NATO’s cyber defense capabilities. The CCDCOE is an international organization with membership open to all NATO nations. Currently, Estonia, Latvia, Lithuania, Germany, Italy, the Slovak Republic, and Spain have signed the memorandum of understanding to provide personnel and funding as Sponsoring Nations. The mission of the CCDCOE is to improve the capabilities, cooperation and information sharing among NATO nations through education, research and development, consultation and evaluation oflessons learned from cyber conflicts.
Three key findings emerged:
• Although there is no commonly accepted definition for cyber war today, we have seen nation-states involved in varying levels of cyber conflict. Further, while we have not yet seen a “hot” cyber war between major powers, the efforts of nation-states to build increasingly sophisticated cyber attack capabilities, and in some cases demonstrate a willingness to use them, suggests that a “Cyber Cold
War” may have already begun.
• If a major cyber conflict between nationstates were to erupt, it is very likely that the private sector would get caught in the crossfire. Most experts agree that critical infrastructure systems—such as the electrical grid, banking and finance, and oil and gas sectors—are vulnerable to cyber attack in many countries. Some nation-states are actively doing reconnaissance to identify specific vulnerabilities in these networks. In the words of one expert, nation-states are “laying the electronic battlefield and preparing to use it.”
• Too much of the debate on policies related to cyber war is happening behind closed doors. Important questions, such as where to
draw the line between cyber espionage and cyber war, are being discussed in private, or perhaps not at all. Many governments have chosen
to keep debate on cyber conflict classified. Since governments, corporations and private citizens all have a stake in the future of the Internet, it istime to open a global dialogue on how to manage this new form of conflict.
As millions of Americans all over the world celebrated their nation’s independence over the July 4th holiday weekend, Web sites belonging to their government were bombarded with access requests, slowing and sometimes blocking access to the sites.
These denial-of-service attacks targeted the White House, Department of Homeland Security, U.S.Secret Service, National Security Agency, Federal Trade Commission, Department of the Treasury, Department of Defense and the Department of State, as well as the New York Stock Exchange, Nasdaq, Amazon and Yahoo. When these sites were attacked, however, the whole country was busy spending time with friends and family and grilling food on their patios. Hardly
anyone seemed to notice that they could not access the latest news from the Federal Trade Commission or the Treasury Department.
The following Tuesday, 11 Web sites of the South Korean government were brought down by the same network of 50,000 computers used in the attacks on the United States. South Korean intelligence officials blamed North Korea as the source of the attacks, an allegation that was reported by the Associated Press. Suddenly a lot more people started paying attention. Internet security experts quickly determined
that an unsophisticated adversary launched the attacks on the U.S. and South Korea, and debated whether North Korea was behind the attacks.
Many of the Web sites were able to return to their usual business within a few hours. Some security experts and policymakers concluded that
the attacks were no more than a nuisance to the people of the United States and South Korea,regardless of whether North Korea was responsible.
What was the motive behind the July 4 attacks?
If the attacks did originate from North Korea, one motivation could have been to test the impact of flooding South Korean networks and the transcontinental communications between the U.S. government and South Korea on the ability of the U.S. military in South Korea to communicate with military leaders in Washington and the PacificCommand in Hawaii, suggests Dmitri Alperovitch, Vice President of Threat Research at McAfee. The ability of the North Koreans to severely diminish the information transmission capacity of those links would provide them with a significant advantage in case of a surprise attack on South Korea across the Demilitarized Zone.
The Georgian Cyber “Flood”:
A Model for Future Conflicts?In August 2008 Russia attacked the nation of Georgia in a dispute over the Georgian province
of South Ossetia. As the Russian military mounted its assault on the ground and in the air, a group of Russian nationalists joined the fray in
cyberspace. Any civilian, Russian-born or otherwise, aspiring to be a cyber warrior was able to visit pro-Russia websites to download the software and instructions necessary to launch denialof- service attacks on Georgia. On one Web site, called StopGeorgia, visitors could download a list of target Web sites and an automated software utility. The only effort required by the user was to enter the Web address of a target and click a button labeled “Start Flood.”2 The coordinated assault inundated Georgia’s government and media Web sites with access requests. While the effects were minor at first, with service going down on some Web sites sporadically, the denial-of-service attacks became more severe once the armed hostilities started.
News and government Web sites were no longer reachable by anyone within or outside Georgia, severely hampering Georgia’s public communications.
Russia achieved a significant psychological victory by preventing Georgia from disseminating accurate information about the state of battle to
the public. And, with Georgia’s side of the story silenced, Russia practically won the battle over international public opinion by default.
Russia denied any involvement on the part of its military or government in the cyber attacks. But some people were suspicious that the Russian military had the serendipity to begin hostilities on the ground concurrently with an entirely independent
civilian cyber assault. The U.S. Cyber Consequences Unit (US-CCU), an independent, non-profit research institute, began monitoring the situation almost immediately after the attacks, in part to determine how the campaign was organized. Ina recently released report, the US-CCU concluded that all of the attackers and activities showed every sign of being civilian, yet someone in the Russian government must have given the organizers of the attacks advanced notice of the timing of Russia’s military operations.3
Perhaps even more surprising than finding some level of coordination between Russian officials and the cyber attackers was that the Russians might have deliberately chosen to limit the damage caused by the attacks. No critical infrastructures were targeted, even though investigations by the US-CCU suggested that a number of these infrastructures were vulnerable and could have been attacked. “The fact that physically destructive cyber attacks were not carried out against Georgian critical infrastructure industries suggests that someone on the Russian side was exercising onsiderable restraint,” the report says. Scott Borg, Director of the US-CCU, believes the Georgia conflict may be a harbinger of how nation-states will orchestrate future cyber attacks.“People were provided with attack tools, targets and timing in the Georgia cyber campaign,” Borg said. “So far this technique has been used in denial-of-service and other similar attacks. In the future it will be used to organize people to commit more devastating attacks.”
2 “Marching off to cyberwar,” The Economist, December 4, 2008.
3 “Overview by the US-CCU of the Cyber Campaign Against Georgia in
August of 2008,” US-CCU Special Report, August 2009.
Once the attacks subsided, Estonia attempted to pursue the perpetrators through a law enforcement response to the attacks. The investigation was successful in identifying some of the attackers in Russia, but Estonian law enforcement officers reached a dead end when they sought help
from their Russian counterparts. “Estonia has been unable to convince the Russian authorities to apprehend the offenders and bring them to
justice,” Peterkop said. In the wake of these events and others, governments around the world are increasing their efforts to prepare for future cyber attacks. NATO has set up a “Center of Excellence” for cyber defense in Estonia to study cyber attacks and determine under what circumstances a cyber attack should trigger NATO’s common defense principle that “an attack on one is an attack on all.” In June 2009, U.S. Defense Secretary Gates announced the formation of the U.S. Cyber Command, a sub-unified organizationunder U.S. Strategic Command. Led by a four-star general, the new command is designed to defend vital U.S. military networks. The UK government recently announced plans to create a central Office of Cyber Security (OCS) to deal with the rising level of online attacks. The OCS will have a role in coordinating offensive capabilities and, in extreme cases, would have the ability to mount a cyber attack in response to intrusions on UK networks. Other nations are contemplating similar initiatives to protect their populations in cyberspace.
Mise à jour ALGERIE-DEFENSE (To be continued )
