NATO hammering out cyber defence policy


NATO defence ministers last week agreed on a policy to improve the alliance’s protection against cyber security threats.

The meeting covered NATO’s cyber security policy but also emphasised the importance of working with other partner organisations such as the European Union and United Nations. At the next meeting in June, NATO ministers are expected to approve the new NATO cyber defence policy and establish a cyber defence strategy.
“The concept is the first step toward the approval of a new cyber defence policy to update the current one [which is three years old],” a NATO official said. “It takes into account the fact that cyber defence is evolving fast and the need to update capabilities to deal with the threat.”

NATO’s Computer Incident Response Centre will be brought up to full operational capacity by next year. The official said this meant creating cyber response teams and investing in equipment.

Another official said that a tender, worth about 30 million euros (US$41 million), will be put out in May.

The issue of cyber security came to the fore late last year after the Stuxnet worm infected computers in Iran, sabotaging centrifuges at Iranian nuclear facilities. The malware attack has been described as the world’s first cyber weapon, The Register reports.

Another serious attack, dubbed Operation Aurora, occurred for several months in late 2009 when hackers in China attempted to gain access to and modify source codes at a variety of technology, security and defence companies, including Northrop Grumman, Dow Chemical, Morgan Stanley, Yahoo, Symantec and others.
“No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways – much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting,” said McAfee Labs Chief Technology Officer George Kurtz.

Before 2007, NATO’s cyber defence efforts were mainly concentrated on protecting the communication systems owned and operated by the alliance. After the 2007 cyber attacks against Estonia, which were directed against public services and carried out throughout the internet, NATO’s focus has been broadened to the cyber security of individual allies.

The 2010 NATO Lisbon Summit mandated the development of a new NATO policy on cyber defence and an action plan by the end of June 2011 for its implementation.

In November last year the United States military’s Cyber Command, designed to protect from cyber threats, became fully operational. It is responsible for shielding 15 000 military computer networks linking more than seven million machines. Over a hundred foreign intelligence organisations try to break into US networks, Deputy Defence Secretary William Lyn stated last year.

The British government has allocated £650 million over the next four years to deal with cyber threats, which it puts on a part with international terrorism, The Register reports. £63m from this fund will go to fighting cyber-crime. In November last year the UK government identified cyber attacks, terrorism, inter-state conflict and natural disasters as the top threats to national security.

Australia’s spy agency ASIO has established a cyber intelligence unit to counter digital terrorism and other cyber security threats. Announced last week, the unit has been operating since the middle of last year.
“The explosion of the cyber world has expanded infinitely the opportunities for the covert acquisition of information by both state and non-state actors,” said Australian Attorney General Robert McClelland, IOL reports. “As these attacks can be staged from anywhere in the world, they can infiltrate the control systems of critical infrastructure, be activated remotely, causing damage and mayhem to our technology-dependent lives,” he said.

Meanwhile in South Africa, the Department of Communications has developed a draft Cyber Security Policy that will be tabled before cabinet this year for approval. The policy will seek to put a framework in place to “bolster and improve South Africa’s cyber-security”.

The Draft Cyber Security Policy was released at the beginning of last year by the Department of Communications. Its decision to boost cyber security comes in conjunction with the government’s plans to battle crime using technology-based solutions and partnerships.
“We all recognise that in today’s world living in an information age where so much of our communication, our economy our virtual lives rest upon security of our information networks, that this is a very important area an indeed that it is treated as one of the priority areas by the cluster,” Deputy Minister of Justice and Constiutional Development Andries Nel said.

The draft Cyber Security Policy aims to ensure that all organs of state as well as the private sector can cooperate to ensure the security of South Africa’s information networks. The policy will enable government to fight crime such as child sexual material on the Internet and attacks on information systems as well as identity fraud.