Tag Archives: cyber defence

NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) – 3rd International Conference on Cyber Conflict (ICCC)

The following conference report was originally published in the BCS Information Security Now Magazine, Summer 2011 issue (Volume 5, Issue 4), which was on the topic of Cyber Warfare:

ISSG Chairman Gareth Niblett reports from the 3rd International Conference on Cyber Conflict (ICCC), organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn, Estonia.

This conference rated as one of the best I have attended in the last 20 years – not having to speak or organise possibly helped. The first day opened with an introduction and scene setting by Col Ilmar Tamm, the NATO CCD COE Director followed by a keynote from the President of Estonia, Toomas Hendrik Ilves, who demonstrated both a deep understanding of cybersecurity issues and an ability to communicate them clearly, even to an expert audience. I’d be impressed if leaders of other countries could do even half as well.

Ilves told the audience to look past state-to-state for asymmetrical cyber attacks, and towards handling an increase in plausibly deniable online operations, subcontracted to the private sector, with official public statements of disbelief when accused of involvement. Cyber attacks can offer a negative take on public private partnerships (PPP), with botnet-herders and hackers implementing state desires without being part of the apparatus of government or military directly.

The president challenged governments to look beyond their fixation on military infrastructure (~2 per cent GDP) and towards protecting intellectual property. It is easier to steal than develop through investment and R&D (~3 per cent GDP) and arguably this could have a greater impact on a country. As part of a positive PPP, providing information sharing for mutual protection, Estonia has established a Cyber Defence League (CDL), weekend warriors with ponytails, to help protect its critical national infrastructures – much of which resides in the private sector, which is also where the otherwise unaffordable knowledge and expertise also lies.

Nation perspective
Major General Jonathan Shaw, UK MoD, followed with a talk covering cyber force from a nation state perspective, and a view that cyber warfare will not overtake kinetic, although the UK MoD has woken up to the threat and is addressing it in the Defence Review. Shaw expressed a position that cyber war is about people, not technology, and we should also start looking for the next thing beyond it. He stated that cyber war sits in a continuum of tools and must be integrated into training and operations, as well as a traditional defence capability of defend, detect and respond and it should be mainstream for defence in the UK by 2015.

Concepts and challenges
Apart from the keynotes, the days were split into two tracks – one covering concepts, strategy and law, which remains an emerging area, and the other covering technical challenges and solutions, which is a continual battle. All had an excellent array of speakers and topics but some of the highlights for me were:

Charlie Miller, Accuvant Labs, explaining the technical approaches to discovering unknown vulnerabilities in products, including Apple iPhones, and watching the media concentrate on slides about code disassembly and buffer overflows.

Tom Wingfield, Marshall Centre, Germany, discussing the ongoing development of a manual of international law applicable for cyber conflict, which was explained with the use of onstage shrubbery during the media workshop prior to the conference.

Raoul Chiesa, United Nations, giving a overview of the long-term study on the underground hacking scene, with statistics from over 1,200 interview / profiles, along with an interesting view of five generations of hackers, from original to present.

Ralph Langner, who led the efforts in reverse engineering and analysing the StuxNet worm, which was referred to as the first actually deployed cyber weapon in history, covering its architecture, highly targeted nature and implications. Ralph was engaging and had an excellent appreciation of the cybersecurity world, having come from a control systems background – a boon in the SCADA world.

Sachin Deodhar, Cyberconflict Researcher, India, discussing the use of covert communications channels in VoIP and its possible uses in terrorist planning and co-ordination and the challenges it presents to investigators. This is a threat area that I warned lawful interception agencies of quite a few years ago, as certain types wish to evade both traffic and content analysis yet want near real-time communications.

Richard LaTulip, US Secret Service, on shedding the suit and growing long hair to infiltrate both the underground credit card fraud and surfer scene, winning the trust of criminals and, with Operation Carder Kaos, dismantling one of the leading online black market sites for stolen card details.

Iosif Androulidakis, Ionnina University, Greece talking about how the introduction of modern communications technology doesn’t address traditional issues of PBX security, interception and forensics; indeed adding IP can make things worse.

Mikko Hypponen, Chief Research Office of F-Secure, covering cyber espionage in practice, provided real world examples of spear-phishing emails and malicious files, which had been collected by anti- virus research organisations. Mikko’s constant research, targeting the criminal underworld, also makes him a target; shortly after the conference, a fake news story was released in an attempt at discrediting him.

Unfortunately, it was not possible to attend or cover all the talks, but it was obvious why people from all over the world keep coming back to Tallinn for this conference, beyond the local sights, food, drink and summer weather.

Estonia is known as e-Estonia (http://e-estonia.com/) due to its highly digital society, and this can only be sustained through constant vigilance and protection. As such, Estonia is working to be at the forefront of research and preparation.

No hype
Obviously, the infamous 2007 cyberattacks against Estonia were mentioned numerous times, but without much of the hype that the media heaped upon it. Most delegates recognised it as a minor annoyance – rather than a cyber war or cyber terrorism delivering widespread panic, real-life casualties, or significant infrastructure or economic damage – whilst cognisant that the next attack may go beyond mere inconvenience.

Co-operation and co-ordination was mentioned throughout the conference, but issues of trust and privacy, from both a organisational and legal standpoint, require continued efforts to address and that everyone plays a part in cyber defence: government, intelligence, law enforcement, military, public sector, private sector and even the citizen. The 4th conference is scheduled for Tallinn 2012 and I hope to attend again and see how efforts have continued and increased over 12 months.”

A PDF version of the magazine is available online at:


ISNow – Cyber Warfare

The following introduction was originally published in the BCS Information Security Now Magazine, Summer 2011 issue (Volume 5, Issue 4), which was on the topic of Cyber Warfare:

“One of the significant problems with cyber war, versus traditional kinetic warfare, is the lack of agreed definitions and rules.

Proposals are beginning to emerge, and the NATO Cooperative Cyber Defence Centre of Excellence (www.ccdcoe.org) based in Tallinn, Estonia, has produced a reference called ‘The 10 Rules of Behaviour for Cyber Security’, which I think provides an good starting point:

1. Territoriality. Information infrastructure located within a state’s territory is subject to that state’s territorial sovereignty. Using the concepts of property, sovereignty and jurisdiction, states can enforce cyber security from a national security perspective.
2. Responsibility. The fact that a cyber attack has been launched from an information system located in a state’s territory invokes the responsibility of that state for the attack.
3. Cooperation. The fact that a cyber attack has been conducted via the information system located in a state’s territory creates a duty to cooperate with the victim state.
4. Self-defence. Everyone has the right to self-defence when facing a clear and imminent danger.
5. Data exchange. Information infrastructure monitoring data is perceived personal unless provided for otherwise.
6. Duty of care. Everyone has the responsibility to implement a reasonable level of security in their information infrastructure.
7. Early warning. Everyone has to notify the potential victims about an upcoming cyber attack.
8. Access to information. The public has the right to be informed about threats to their life, security and well-being.
9. Criminality. Every nation has the responsibility to include the most common cyber offences in its substantive criminal law.
10. Mandate. An organisation’s capacity to act (and regulate) derives from its mandate.”

A PDF version of the magazine is available online at:


Talk on ‘Why the Private Sector is Key to Cyber Defence’ (Slides)

I spoke at the SMi Group Cyber Defence 2010 (National Security in a Borderless World) conference in Tallinn, Estonia, on Monday 17th May 2010. My talk was entitled “Why the Private Sector is Key to Cyber Defence” and the slides are now available:

Talk on ‘Why the Private Sector is Key to Cyber Defence’

I will be speaking at the SMi Group Cyber Defence 2010 (National Security in a Borderless World) conference, being held at the Swissôtel in Tallinn, Estonia from 17th – 18th May 2010. My talk is entitled “Why the Private Sector is Key to Cyber Defence”, and I will be covering:

  • The private sector and critical national infrastructure
  • Why is the sector key to cyber defence?
  • Information sharing between private sectors and government
  • Private sector support for cyber defence and investigations
  • Lessons learned and how collaboration may be improved

Further information can be found on the SMi Group website: