NATO and the Future of Cyber Security

RAF 2013003Over the past decade, the cyber security domain has been able to equal in importance the most traditional ones − land, air, sea and space − and represents today a Fifth Dimension.

In fact, while the Roman Empire was able to conquer and to connect the world by building roads and linking remote places, our present life is moving on kilometers of optical fibers.

However, our smart and super grid interconnected societies, and the use of dual technologies, are also dramatically increasing the vulnerability of our critical infrastructures. News and reports regarding the occurrence of malicious actions, falling within the categories of cyber crime, warfare and espionage, data leakage and breaches, have become part of our daily life.

In the recent debate between the United States and Europe on these issues, the NSA Director revealed as the non‑authorized probes or illegal intrusions against US information infrastructures are equal to 250.000, per hour!

Most recently, the Wi-Fi network of the European Parliament, deemed as one of the most secure and impenetrable, was easily hacked; previously the European Council Presidency had already suffered a cyber-attack.

On the other side of Brussels, NATO Secretary General Rasmussen warned against this mounting phenomenon, admitting that NATO countered more than 2.500 attacks in 2012 only.

The economic impact of such activities has been calculated 300 billion USD per year, whereas the so called targeted attacks raised by 42 per cent. Moreover, a recent analysis conducted by the FBI together with Symantec, estimated the cybercrime profit equal to 1 trillion USD, more than the double of the global narco‑trafficking market.

As a consequence, countering the destabilization of the cyber space and protecting the related critical infrastructures, which are vital to our modern and interconnected societies, has become a priority in the security agendas of national States, and International Organizations as well.

A comprehensive and farseeing strategy is needed to effectively address all the wide range of issues implied by the cyber threat: from the legal aspects to the development of proper capabilities.

In fact, these capabilities have to counter an asymmetric threat, usually originating by a non-kinetic action but able to produce a huge kinetic impact (f.i. on the air control system, the civilian one as well as on the drones used in military operation).

The adoption of the NATO Cyber Defense Policy and the European Union Cyber Security Strategy reflects the growing concern of the Euro-Atlantic Institutions and their member States.

However, providing guidelines is not enough in order to effectively deal with the cyber security domain. To tackle such rapidly evolving threats, advanced capabilities are to be built up, both in the technological as well as in the human field. The former entails a smarter and closer cooperation with the industrial sector, while the latter requires an adequate training of personnel.

The Exercise Cyber Coalition, held by NATO in Estonia on November 2013, points to this direction, and was able to enhance the role of NATO in the cyber domain also by promoting the exchange of knowledge and expertise of experts, researchers and professionals, coming from different but complementary backgrounds. Thus, it is up to the member States to take advantage of the NATO added value on cyber security and to develop the necessary awareness, strategy, and capabilities at national level.

Opening Remarks at the Rome Atlantic Forum, 2 December 2013.