Holed up in the Estonian city of Tartu, where the Soviet Union once housed a fleet of bombers, NATO officials are testing the alliance’s ability to defend against cyber-threats by rogue states and terrorists.
One simulation put to participants in the week-long exercise that continues Friday involves an Internet attack that would paralyze military commanders’ radar screens, making them unable to see oncoming missiles or aircraft. Another envisages an attack on a general’s tablet computer that resulted in the posting of sensitive information online.
The exercise has taken on added urgency in the wake the Nov. 13 shootouts and suicide bombings in Paris. Spurred by the carnage in the French capital, defense ministries across Europe are stepping up security and intelligence-sharing in a bid to head off potentially lethal cyber-strikes by rogue states and terrorists on public and military targets.
“The big concern is of the potentially growing nexus between cyber and terrorism,” North Atlantic Treaty Organization Assistant Secretary General Sorin Dumitru Ducaru, said in an interview on Thursday in Tallinn, the Estonian capital. “Cyber- threats are a growing concern and they can be as harmful as conventional threats.”
Attacks in the past month, including the downing of a passenger jet over Egypt and the atrocities in Paris, both claimed by Islamic State, have led western governments to step up preparations for a long fight against terrorism. NATO countries fear that extremists, like enemy nations, are combining cyber-warfare with more traditional tactics.
Simulations at the exercises in Tartu, also include the deliberate crashing of air-force monitoring equipment and the compromising of security information through a computer worm planted on a USB stick similar to the real-life Stuxnet virus that severely damaged Iran’s nuclear capabilities.
“We are well aware of the threats coming,” said Lt. Col. Davide Manganaro, one of the NATO officials leading the simulation. Islamic State groups are “trying to leak information about NATO military forces. They’ve been partially successful.”
The U.K. government announced on Tuesday that it will spend 1.9 billion pounds ($2.9 billion) over five years countering Islamic State’s use of the Internet for planning, propaganda and online attacks. Chancellor of the Exchequer George Osborne said Britain will develop an “offensive” capability so the country can counterattack against hackers, terrorists, criminals and rogue states.
“We are not winning as often as we need to against those who would hurt us in cyberspace,” Osborne told reporters. Government Communications Headquarters, the U.K. communications- intelligence agency, is monitoring threats against 450 companies, he said.
The European Union on Friday warned Belgium and four other countries to fully implement EU regulations regarding the fight against cyber-crime, in particular measures against large-scale attacks on information systems. The regulations define criminal offenses and sanctions for criminal behavior online.
Leaders of NATO countries decided to step up cooperation on cyber-defense at a summit in Wales in September 2014. They also agreed that a country under cyber-attack could call for support under the alliance’s Article 5 mutual-defense clause. Until now, they have been mainly concerned about the threat posed by lone hackers and countries using cyber-crime tactics. NATO has warned of Russia’s “hybrid” warfare strategy in its involvement in the annexation of Crimea and the destabilization of eastern Ukraine.
The threat is becoming more complicated. Three months after 17 people died in three days of attacks in and around Paris in January, including nine journalists at magazine Charlie Hebdo, hackers claiming allegiance to Islamic State succeeded in bringing down websites and taking off air TV5 Monde, a French television station that broadcasts around the world.
“The attacks on a great number of French sites after the Charlie Hebdo attacks,” said NATO’s Ducaru, were “just the first signals” of what may come.
–With assistance from Svenja O’Donnell, Alex Webb and Chris Strohm.