NATO or the The North Atlantic Treaty Organization, also called the North Atlantic Alliance, has just announced plans to spend £2.6 billion on satellites, cyber security and drones over the next three years, according to new reports.
This includes an investment of £61 million to protect NATO’s 32 main locations from cyber attacks, and an additional £155 million to provide more secure mobile communications for alliance soldiers in the field.
Pradeep Chakraborty spoke exclusively with
Ian Gosling, MD of AIRBUS Cyber Security UK, to find out why such an investment was needed, and the kinds of threats that NATO needs to protect itself from. Excerpts:
BW: Why is this investment needed by NATO?
Ian Gosling: Last year, NATO had declared the Internet as a war zone, confirming the importance of cyberspace as a new frontier in global conflicts. Almost all crises and conflicts today have a significant element that is played out online. Dangerous attacks can be launched on the Internet and within computer networks more easily than they can on traditional battlefields.
However, while conflicts fought on land or sea tend to have clear dividing lines, with the competing forces wearing different uniforms, and easily recognizable equipment to differentiate each side from the other, the Internet allows attackers to hide in the shadows.
In cyber battles, knowing your attacker can be a complex and challenging task. We don’t always see the enemy coming, and attackers carry out hacks without any warning, and are difficult to identify.
Compared to the other domains of war, the Internet has some very unique challenges. As a territory, it is enormous in size and vulnerable to attack from any of the multitude of Internet-connected devices we operate in our everyday lives.
BW: What are the kinds of threats NATO needs to protect itself against?Ian Gosling: In 2007, a NATO member, Estonia, was the victim of a series of Russian cyber attacks that crippled dozens of government and corporate websites, effectively taking the entire country offline.
Hundreds of thousands of computers were used in a well co-ordinated attack against government agencies and banks, which had far-reaching consequences in Estonia and beyond. Estonian authorities traced most of the attacks back to Russian state computer servers, though Russia denied any involvement.
These attacks prompted NATO to enhance its cyber war capabilities and to establish the alliance’s cyber defense research centre in Tallinn in 2008.
BW: What role could nation states play in cyber attacks over the next 10 years, and what impact could this have?
Ian Gosling: No one is surprised anymore to hear reports of one country attacking the computer systems of another.
The hacks behind last year’s US elections brought this issue into sharp focus, but this was really just the latest in a long line of nation state attacks ranging from the 2015 attack on the US Office of Personnel Management, and North Korea’s famous attack on Sony in 2014.
However, serious nation states can go a lot further than these types of hacks. Rather than simply causing embarrassment or impacting an individual company’s share price, complex cyber attacks affecting critical national infrastructure have the potential to seriously disrupt entire economies.
For example, the attacks on power grids in Ukraine in late 2015 demonstrated the potential for cyber attacks to be used as part of a larger military assault.
Unless we ensure that our infrastructure is properly monitored and defended, our access to critical services like electricity, water, or transport networks, could be at the mercy of hackers.