Fresh from secretary-general Jens Stoltenberg’s repeated promises to hack back at cyber-attackers, NATO is now preparing to run a large-scale cyber exercise to test its infosec defences.
NATO’s Exercise Cyber Coalition 19 is intended to bring together doers of all things digital from the alliance’s 27 member countries in order to test them against a realistic scenario where Russia a threat actor with state-level resources starts picking on a NATO country’s next-door neighbour.
With between 700 and 900 military infosec specialists scheduled to test their skills against the most challenging scenarios that NATO’s Communications and Information Agency (NCIA) can dream up, the exercise will hopefully serve as a deterrent to Russia threat actors with state-level resources.
Referring to Stoltenberg’s recent declaration that NATO will “deter and defend against any aggression towards allies, whether it takes place in the physical world or the virtual one,” Lieutenant Commander Robert Buckles, the US Navy officer directing the exercise, told The Register: “The aim of the exercise is to stay below [the] threshold.”
Experts have previously described the problem with NATO’s “an attack on one is an attack on all” policy in cyberspace. Warlike actions in the real world – invading territory, sinking ships, bombarding soldiers and civilians – are very different from warlike, or potentially warlike, actions online.
“Obviously,” said Lt Cdr Buckles, “that decision about where that threshold is, is not something that we’re seeking to find in the exercise. But we’re pretty confident that the storylines we play out are below that.”
NATO’s infosec bods will be on the lookout for low-level but annoying attacks such as “cyber intrusion, espionage, maybe defacement, deterioration of the network, or masking or affecting communications within the network,” according to Lt Cdr Buckles. On top of that, the exercise will also model things like “attacks on a water treatment system or train system,” to add some urgency from the civilian perspective.
Cyber Coalition 19 will be taking place in December over a dedicated sandbox-style network, which Lt Cdr Buckles referred to as a “cyber range”. Flinging virtual bricks at each other across this network will be techies from NATO’s 27 members, as well as representatives from Finland, Sweden, Switzerland, Ireland and Japan.
Finland and Sweden are the two most interesting attendees; Sweden in particular regards Russia as a military threat, while Finland has been a staunch critic of Russian aggression and expansionism.
With Cyber Coalition 19 specifically focusing on a scenario where NATO “is asked through a UN resolution to go and provide a safe and secure environment” in a “non-NATO nation”, the hope of Western commanders is that state-backed threat actors will sit up, pay attention – and leave the West’s allies alone. ®