NATO CCD COE Director Sven Sakkov welcomed the participants, opened the conference and discussed the similarities between the birth of air power in the 20th century to the development of cyber power at the beginning of the 21st century.
Estonian President H.E. Toomas Hendrik Ilves stated that he anticipated NATO declaring cyber as a fifth domain of warfare. However, nations often view cyber as an intelligence operation rather than a cooperative one, ultimately limiting information sharing. He stressed the need to create democratic communities where nations and companies can work to strengthen digital security together, otherwise there will be conflict.
Minister Martin Stropnický discussed how cyber has the potential to undermine social cohesion, pointing to cyber attacks in Ukraine that affected elections and power grids. He stressed the need for nations to do more to defend themselves, exploring whether legislation is effective and how resilience can be enhanced. If cyber is name the fifth domain of warfare, nations must be ready to develop their defence capabilities.
Adm. Manfred Nielson discussed the need to classify cyberspace as a domain separate from land, sea, air, and space. He described three basic dimensions that NATO must consider as part of a broader strategy: people, processes and technologies.
Cyber Commanders’ Panel
The cyber commanders agreed that cyber, while new, is neither special nor unique. It will be used in military operations, whether it is a domain or not. They described the way their individual nations are developing their cyber defence capabilities. They also mentioned the importance of active and pro-active cyber defence. They all agree that NATO should adopt cyber as a domain so that the Alliance can develop a comprehensive policy on cyber defence and cyber operations.
Power in and through Cyberspace
A reflective session looking at how power in cyberspace may be projected, used and categorised. The presenters offered different perspectives and approaches to examining the use of cyberspace as soft and political power leverage. The panel offered a framework for the consideration of cyberspace use, covering the means, scope and purpose of power projection. Cyber used for coercion or a 'brute force' means of achieving a political outcome was also discussed. The panel described cyberspace use for 'productive power' influencing relationships as a means to an end. Use of power in cyberspace, though versatile and offering many options, still needs refinement before its use is effective and optimised.
Protection of Weapon Systems
The panel focused on issues with supply chain management and security engineering. Better hardware suppliers are needed to meet the current security standards in the defence industry. In particular, chip suppliers must provide trustworthy weapon systems hardware, especially for those weapons with decades-long lifespans. Hardware Trojans are another high-cost and high-gain threat for weapon systems. The issue is how to build meaningful Trojans which pass functional testing.
Most Wanted: Criminalisation of State-Sponsored Activities in Cyberspace
The session addressed the nature of state-sponsored cybercrime activities. The borderless nature of cyberspace makes deterrence particularly difficult. Governments have begun using a variety of tools, such as attribution, public-private partnerships and indictments of individuals, to remove anonymity and deniability of conduct of nonstate actors.
New Cyber Threats in Aviation
New air traffic control technologies introduce a landscape for new threats. These technologies tend to be safety oriented and miss to address the threat from open source intelligence. The Software Defined Radio (SDR) technology is very affordable (starting from 10 EUR) and simple to use. There is UAV on UAV (Unmanned Aerial Vehicle) warfare ongoing in the Ukrainian conflict. Widespread usage of civilian drones introduces the idea of crowdsourcing of UAV’s in case of military conflict. Similar to any other platforms, it is advisable for governments to strengthen UAV defence in order to cope with potential cyber attacks. This new development introduces the need to develop new secure protocols for air traffic control.
NATO – Warsaw and Beyond
NATO's technical cyber defense is robust and effective, but information sharing and situational awareness can nonetheless be improved. In the run-up to the Warsaw Summit, the main questions are doctrinal, specifically whether or not to refer to cyberspace as a domain of military operations. The alliance may not yet adopt a formal strategy of deterrence, even though this is starting to happen at the level of individual allies. NATO's cyber defence policy will continue to adhere to the lowest common denominator, so tactical and strategic shifts will occur in an evolutionary, rather than revolutionary, manner.
Cyber Norms and Silence on Opinio Juris
The panel agreed that international cyber law-making is in a critical juncture as non-state actors, such as academic initiatives like the Tallinn Manual process, have taken the lead on developing international law. States, as the lawmakers, should now take a more active role in articulating their views. However, the involvement of non-state actors and different ’norm-making labs’ is necessary as progress is limited due to the complex nature of cyberspace and states.
These overviews are for informational purposes only. Conference proceedings are available as a publication. Videos and presentations will be published on www.cycon.org later in the year. Selected CyCon 2016 Keynote speeches is broadcast live at http://tv.rgb.ee/site/CyCon2016
Keynotes frome previous day can be reached at: https://www.youtube.com/watch?v=j34jptiIxlQ