Upcoming Cy-Con Conference in Estonia: Architectures in Cyberspace


2015-02-13 CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy.

The pre-conference workshop day, 26 May, features a variety of talks and hands-on training.

The 7th International Conference on Cyber Conflict (CyCon 2015) held on 27-29 May 2015 in Tallinn, Estonia, will focus on the construction of the Internet and its potential future development.

This year’s topic – “Architectures in Cyberspace” – asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security.

The NATO Cooperative Cyber Defence Centre of Excellence is a research and training facility that aims to enhance capability, cooperation and information-sharing within NATO, its member nations and partners in Cyber defense through education, research and development, lessons learned, and consultation.


Last year’s conference focused on various aspects of cyber operations including:

  • Active Cyber Defense
  • Models of Active Cyber Defense
  • Cyber Situational Awareness
  • Detection and Deception
  • Cyber Operational Activities

TOC 2014 CyCon Conference

An especially interesting presentation for general considerations at the Conference was presented by Dr. Irving Lachow, the Mitre Corporation on the Subject of Policy and Strategy Aspects of Cyber Defense.

The work in cyber operations is a major part of the transformation of NATO.

An article by Peter Woudsma, Command and Control, Deployability and Sustainability, published on the NATO ACT website on March 29, 2012 highlighted the linkage:

NATO operates in a connected world, and uses an information technology infrastructure to communicate and collaborate with nations and organisations around the world.

The global network of these interdependent infrastructures is called “cyberspace”. The Alliance needs to defend its freedom of movement in cyberspace and the safety of its information against cyber threats, through a Cyber Defence programme.

As a highly-visible organisation, NATO has always been exposed to attacks on its Information Technology (IT) infrastructure.

Hacker groups have tried – and continue trying – to disrupt NATO’s political and military capabilities and mock our public image. Hacking incidents in the late 1990s, related to our operations in the Balkans, led to the start of NATO’s Cyber Defence Programme.

After the 2002 Prague Summit, initiatives were taken to establish the NATO Computer Incident Response Capability (NCIRC), an organisation now under the NATO Communications and Information Agency (NCI Agency) that monitors our infrastructure and responds to cyber threats and attacks. Since then, the Nations have re-confirmed NATO’s commitment to Cyber Defence, and implementation into the new Strategic Concept and the Cyber Defence Policy has begun.

A Plan for Cyber Defence

Allied Command Transformation (ACT) is involved in NATO’s Cyber Defence Programme in several ways.

The Cyber Defence Action Plan (CDAP) was introduced in 2011 with the release of the Cyber Defence Policy.

It reflects a number of short-term actions that are taken to mature NATO’s Cyber Defence capabilities and enhance the political and operational mechanism of the response capability of the Alliance.

ACT is leading in about one-third of these actions, and providing support to one-third more.

Several of this command’s activities focus on aspects that have a relationship with the Connected Forces Initiative (CFI).

Through the development of education, training, exercises and evaluation (ETEE) solutions we will sustain “expanded education and training”. Our development of a burden sharing concept strengthens a “better use of technology”.

Other aspects cover assessments of Cyber Defence measures and dependencies, the establishment of a standardised appropriate vocabulary and the development of a transformational agenda for future Cyber Defence solutions.

Furthermore, ACT is contributing to this topic through its leading role in Consultation, Command, and Control (C3) capability development.

Our investment proposals and project plans help to make sure that new solutions are implemented with state-of-theart monitoring and protection capabilities.

The specific requirements for these capabilities are captured in the C3 Classification Taxonomy.

Cyber: The Fifth Dimension

The current Cyber Defence activities in the Alliance – e.g. from the CDAP, at the NCIRC, with IT Modernisation and C3 capability development — are moving forward at a steady pace.

These activities have leaned heavily on the technical aspects of NATO’s own communications and information systems (CIS) in the past ten years.

Nevertheless, the scope of Cyber Defence is wider than the current work, as is highlighted by several trends.

For instance, in member nations there is a growing awareness of the operational implications of this activity. Some nations even consider cyberspace as the fifth dimension of warfare, right next to sea, land, air and space.

United States intelligence officials recently told that they believe that the United States faces a greater threat from cyber-attacks than from terrorism. Moreover, the “Tallinn Manual on the International Law Applicable to Cyber Warfare” — a study written by an independent team of legal experts at the invitation of the Cooperative Cyber Defence Centre of Excellence (CCD COE) — appreciates existing international law for cyberspace in the context of armed conflicts and the right to self-defence.

Amongst other things, it analyses the possibility to invoke NATO’s Article 5 in case of a cyber-attack on any NATO country.

The Human Dimension

ACT believes we need to consider Cyber Defence in a broader approach.

Our CIS infrastructure – and therefore cyberspace – should no longer be seen solely as a technical enabler for operational and administrative processes.

Cyber Defence is not an exclusively technical issue but rather a response to a threat to all aspects of the Alliance.

NATO can perform a role in coordinating the planning and implementation of national Cyber Defence capabilities as well as the integration of cyber responses between NATO and member nations.

It is important to put a greater emphasis on the human dimension. Cyber attackers often exploit human weaknesses through “social engineering”.

Studies show that users are the weakest link in Cyber Defence and we need tools and measures to offer them an easier capability to protect data, guarantee use of the IT infrastructure according to their legitimate needs, and prevent them from knowingly or unintentionally creating security violations.

We must raise awareness through information, training and exercises programs.

A Continuous Effort

With all the activities going on in ACT and beyond, and all the investments that are being made in C3 capabilities across the whole DOTMLPFI spectrum, it will not guarantee that NATO will be permanently and fully protected against cyber-attacks.

Cyberspace is becoming increasingly sophisticated. Cyber threats are constantly evolving and the Alliance needs to be vigilant and inventive to counter them.

That is a continuous effort, and through the update of our programs and our expertise, ACT is well-positioned and strongly committed to perform its transformational role in Cyber Defence.

Editor’s Note: It is no accident that the cyber center is located in Estonia. 

As the Honorable Ed Timperlake noted in an article published in 2009:

Cyberwar is now a fact of life in 21st Century wars.

Actual and potential enemies of America already know the dimensions of Cyberwar and have moved into full combat.

With a real world combat engagement in Georgia and Estonia, the Russians have shown skill…

And in 2011 Ed Timperlake was asked to testify in front of the Foreign Affairs Committee US House of Representatives on the emerging threat of cyber attacks, espionage and technology transfers to the People’s Republic of China and added some context to how cyber fits into the bigger picture

The Revolution in Military Affairs and Cyber War

While Congress was researching the issues mentioned above in the late 90s, Mr. Andrew Marshall Director of Net Assessment, Office of the Secretary of Defense, published his short and very direct paper heralding the advent of a “Revolution in Military Affairs.” The PLA and especially their spymasters were paying close attention.

Mr. Marshall’s vision was profoundly simple. He postulated that technology and war fighting would evolve toward two constantly improving military capabilities.

  • Precision-guided munitions with remote sensors;
  • Information war (the word “cyber” had not yet come into vogue).

In developing their “Information War” military doctrine, the PLA was awarding Doctorates in Information War to military officers as early as 1998.

Since that time PRC cyber espionage attempts have been growing and are unrelenting.

Traditionally the commonly accepted thoughts about PRC espionage is that they have different “spy craft” than the “cold war Russian” model of linear cells and cut outs. 

The evidence in the 1990s is that the PLA approached collecting information and technology much differentially than the Russian “cold war” model.

It has been my experience in investigating illegal money contributions that the PLA as needed will use their military along with their Intel community professionals, criminal elements (Triads), businessmen “hustlers,” academics both professors and students and even relatives of all those groups—what ever works.

So when the world become more digitized through the computer revolution, the PLA adapted, and became world class offensive cyber war fighters. 

However, this time there was a role reversal from Russian cyber activity. 

Russian cyber activity has been reported to be very wide open ranging from military and state sponsored activity, to numerous criminal enterprises for profit, to any of many other reasons. 

As mentioned above, PLA collection efforts in the field are very freewheeling and unstructured.

But in cyber activities the PRC has adopted a Russian paranoid “cold war mentality.”

They appear to be trying to keep their cyber war fighters in a rigid military chain of command.

In fact there are significant criminal penalties in China for violating cyber restrictions put in place to keep their citizens from freely playing on the web and also acquiring information.

The leadership of China is trying to constrain and contain the growing World Wide Web sharing of information. 

It will be interesting to see if overtime the PRC is capable of stopping their citizen’s nascent “Jasmine Revolution” which is currently originating in Africa and the Middle East and spreading.

The PRC essentially has two cyber targets, those external to China and also their own citizens.

Only totalitarian dictatorships and closed societies have this challenge. It is an Intel/cyber seam for a free and open society to exploit.

But currently today, regardless of internal PRC cyber issues their external attacks continue to be relentless. It is an ongoing struggle by the DOD CI community (NCIS, OSI, Army G-2), NSA, DNI, Law Enforcement (FBI and others) and Homeland Security to try and stay ahead of this dynamic and significant threat.