NATO, EU, Industry & Cooperation on Cyber Security

35572718946_8cc7220311_o (1)
This Conference is taking place at the European Parliament: the Temple of the European Democracy. However, looking at the presence of 37 Delegations of the Atlantic Treaty Associations (ATA), I would say that today the European Parliament is representing the core of the Euro-Atlantic community.
A Transatlantic community that is linked by the shared values of our free democracies, with free Parliaments, which elected by free societies, that are developing free economies, and sometimes a free competition and disagreement too!
Fundamental values which are today threatened by extreme forms of terrorism, and challenged by state and non state actors which are exploiting the cyber domain to undermine even the foundations of our political systems.
Yesterday, relevant European critical infrastructures have threatened by a malicious ransomware erupted in Ukraine. Few days ago, a sustained cyber-attack has been directed against Westminster Parliament, affecting the network used by every Member Parliament – including Prime Minister Theresa May and her cabinet ministers – for dealing with constituents. A UK security source declared: “It was a brute force attack. It appears to have been state sponsored.”
The attack against Westminster Parliament came just over a month after forty-eight of England’s National Health Service (NHS) trusts were hit by a cyber-attack. Britain’s National Cyber Security Centre (NCSC) have investigated the WannaCry malware that affected the NHS and other organizations in May and concluded that a North Korean hacking team had been responsible.
In May, Russia was linked to the hacking of France’s computer systems during the presidential campaign, taking data from Emmanuel Macron’s presidential campaign and leaking it to the public.
United States Officials have previously said they were seeking to share their experience of the 2016 presidential election, where US intelligence agencies concluded that Russia hacked and leaked Democratic Party communications and disseminated fake news with the aim of influencing the US presidential campaign.
A research by Trend Micro – on the Fake News Machine: How Propagandists Abuse the Internet and Manipulate the Public – outlines that in 2017 cyber-propaganda has become one of the major cybercrime areas.
To this end, the Deep web offers a wide menu of products to influence public opinion and election campaigns: 400.000 USD are requested for a one year of disinformation political campaign; 200.00 USD are necessary to provoke relevant riots in town; while to discredit a journalist costs 55.000 USD.
Although, technically speaking, we still haven’t experienced forms of real cyberterrorism, Daesh demonstrated to effectively exploit the cyber domain and modern systems of communication. It is estimated that 80% of Daesh fighters has been recruited through social media, which represent also a powerful multiplier of tragic messages (pictures and videos) as well as an instrument to perpetrated them.
While to enter the cyber domain is easy, cheap and perhaps inevitable, to protect ourselves from the cyber threats prove to be particularly complex and expensive.
Against this background, a cooperative security approach is mandatory, and the NATO-EU cooperation of paramount relevance.
In this perspective, the tremendous improvement on the forty-two issues of the seven agreed areas of cooperation – 10 are on hybrid warfare and cyber – represents the bedrock for the success of the Parallel and Coordinated Exercises – PACE, carried out through the NATO Crisis Management Exercise (CMX 17) and the EU Multi-Layer Crisis Management Exercise 2018 (ML 18).
Moreover, the EU Council of June 19 represents a milestone on cybersecurity by setting up a Cyber Diplomacy toolbox for a joint EU diplomatic response to malicious cyber activities. The EU diplomatic response to malicious cyber activities will make full use of measures within the Common Foreign and Security Policy, including, if necessary, restrictive measures.
However, a joint EU response to malicious cyber activities would be proportionate to the scope, scale, duration, intensity, complexity, sophistication and impact of the cyber activity.
In most cases, these cyber activities are essentially espionage activities carried out for the different purposes of the different actors involved.
Big data and metadata are the Black Gold of today, and their malicious collection can probably lead to a cyberwarfare or can be exploited to influence citizens and elections, or consumers and markets.
Tomorrow, those who will be able to process big data with powerful algorithms – especially predictive ones – and perhaps with the capability of collecting the information with Augmented Reality – will retain a dominant power.
Thus, it is of paramount relevance that the measures adopted by the EU Council will be steadily implemented, by devoting them the necessary funds and resources. NATO and EU must afford on new capabilities and intelligence, in order to effectively deter and respond – particularly in case of state actors – to the aforementioned malicious cyber activities.
Fifty years ago the Harmel Report “has shown that the Alliance is a dynamic and vigorous organization which is constantly adapting itself to changing conditions.” In this perspective, the today Transatlantic Exchange of Best Practices is crucial to keep the Euro-Atlantic Community ready to effectively address the complex Future Tasks of the Alliance with the same values and spirit which inspired Pierre Harmel and the NATO Secretary General Manlio Brosio in 1967. To this end, ATA continues to play a unique role in connecting the major international and national institutions, together with the key political decision makers, the business community, the media, the wider public opinion, and the successor generations.