Cyberwar requires more info sharing between NATO allies [CyCon Tallinn]


TALLINN, Estonia – NATO’s cyberspace capability can be maximized if the alliance succeeds in creating a deeper level of intelligence sharing between member nations, according to cyber warfare experts.

“There is a great need to share intel and protect the alliance through coordination of information and actions,” said Brad Bigelow, the principal technical adviser to the alliance’s Supreme Headquarters Allied Power Europe (SHAPE), a unit established in 2016 and which is dedicated to the development of NATO cyberspace defensive and offensive capabilities.

NATO needs to adopt a position of readiness to act when one or more member nations are faced with a cyber space-based cyber crisis or serious threat, Bigelow told a gathering of cyber experts at CyCon (Cyber Conflict) in Tallinn, Estonia.

“NATO needs to build strong cyber space operating capabilities. Attacks in cyber space are now an everyday reality. They are disruptive and can be financially costly. There is no point just waiting for a crisis to happen. We must be equipped and prepared,” Bigelow said.

The significant challenge for NATO is to substantially improve its capacity to secure specialized/cyber intelligence from member nations at points that are both above and below crisis and serious threat levels, said Bigelow.

“One of the challenges faced by NATO in securing information from member states is that these countries will want to know why NATO wants to know about such intel. In this environment, NATO’s command structure can experience problems obtaining information from nations,” Bigelow said.

NATO’s command can except optimum cooperation on cyber threat and attack sharing in the event of a serious crisis, but such a sharing mechanism, and the processes to underpin it, must also be “in place for sharing general types of information,” Bigelow said.

In order for NATO’s operations in the cyber domain to work efficiently, the alliance will need to construct a more robust intelligence bond and enhanced trust structure with member nations, said Catherine Lotrionte, director of the CyberProject at Georgetown University.

“Top leaders need to re-think laws and rules, and we need more user-friendly protocols. Strong leadership can help this change by supporting better information sharing,” Lotrionte said.

A close partnership will be needed between governments, the military and the private sector going forward, said Trevor Goldman, a customer solutions engineer with U.S. firm Waterfall Security.

“The basic principles we operate under are these: Nothing is secure, and all software can be hacked,” Goldman said.