Cyber Security Conference /

CyCon 2012


5-8 Jun 2012



Tallinn, Estonia

Number of participants:


Our fourth conference focused on military and paramilitary activities in cyberspace. The topic was explored from strategic, conceptual, political, legal and technical perspectives within two parallel tracks.

Opening speeches on the first day by MG Jaap Willemse from NATO ACT and Dr Rain Ottis from NATO CCD COE raised questions about offensive capabilities in cyberspace and the future of cyber conflict. Both speakers agreed that nations need red team capability to test the resiliency of their networks and organisations in a non-conventional situation. Later talks by Frédéric Dreier and Kenneth Geers confirmed the necessity since technical exercises need strong red teams to do feasible attacks against the blue teams.

Forrest Hare took a novel approach to attribution and deterrence in his speech. He suggested that in the end, attribution is a political decision not a legal concept and moreover, attribution is not always required to coerce the adversary. Technical Track also devoted fair amount of time to the attribution issue. Attribution is hard because of the nature of attacks, which tend to have several stages and the whole attack is spread over a long period of time. It is of no help either that the Internet is governed by multiple jurisdictions so international cooperation is necessary but often lacking.

Another key issue in the realm of cyber security is the transition to IPv6 which was extensively covered by Dr Latif Ladid. More and more technology gets connected to the Internet and new addressing system has to be used. This, on the other hand, brings about many new vulnerabilities and the need for increased competence in device and network designers and managers.

Technical Track also bounced news and ideas on case studies on botnets and a cyber attack case study by Symantec. Mario Golling from the Munich University summarised key trends in computer network attacks based on regular research. He emphasised that while sophistication of malware is rising, attackers need less skills to perform malicious activities. New developments that pose risks to computer security include the rise of number of smartphones, cloud computing and encryption tools used by the attackers.

Law and Policy Track covered a wide array of questions, discussing the threshold and intensity of a cyber conflict, if and when is it appropriate to exercise the Law of Armed Conflict, what is an armed attack in cyberspace, under which circumstances can a cyber attack trigger lawful self-defence measures. Professor Michael N. Schmitt introduced the work done by a group of experts with a goal to develop authoritative reference on the international law applicable to cyber conflict. The Tallinn Manual or Manual on International Law Applicable to Cyber Warfare will be published in 2013. Professor Schmitt also gave his overview of the notion of an attack. Some of the key points he stressed was the idea that even an attack that includes delayed effects is an attack and that severity of consequences is always the key. At the same time, the notion of status of the target as the key is slowly fading away.

Popular talks in the Strategy Breakout Session discussed cyber defence through a conventional military prism, raising questions on the effects, persistence and target attributes of cyber attacks. An informative talk on cyber capabilities in Iran by Jeff Bardin packed the room full of conference participants to receive an introduction to different groups in Iran involved in hacking activities, training and education and covert operations. Keir Giles' great talk on Russia's stance on information warfare was another highlight of the session. One of his main conclusions was that the ideas floated by Russia in international information sphere are essentially not new but are increasingly being followed by a significant number of like-minded nations.

Last day in the Strategy Breakout Session a tabletop exercise, orchestrated by Colonel Timothy Evans from the Maryland National Guard, took place. The exercise featured a number of distinguished experts and practitioners on cyber security, (inter)national security and law. The fictitious scenario included cooperation between intelligence agencies and law enforcement agencies, international cooperation among like-minded and not so like-minded countries, attribution, internal and international crisis communication and public-private partnership.

In one of the final talks of the conference, President of Estonia Toomas Hendrik Ilves expressed his pleasure over the fact that Estonia is no longer a lone voice in discussing cyber security at the international level as there are capitals stressing the importance of the issue all over the world. However, there seems to be a lack of strategic awareness in Brussels - NATO and EU seem to be lagging behind their member states.

CyCon 2012 was supported by IEEE, Cisco, Gamma International and Microsoft.

Conference articles and videos are available here.