T1 07 NATO and Cybersecurity Driving Progress Across the Alliance - Niko Pissanidis

my name is Nikhil after retirement sigur rós now we have an acting lieutenant color finally you find me in tweet I don't know why it's doubled anyway so I've been coding for 10 years in a command and control system in Hellenic army the last 5 years I was dealing with cyber security I had the privilege to be three years assigned in estonia tallinn i don't know if you know where it is anyway there we'll talk about about what the cyber defence centre is doing there but I was in the technical branch I was doing exercise I was doing trainings I was a truck manager on conference that they have there and a lot of stuff

anyway enough about me so this my disclaimer of course I don't represent official opinions of the Hellenic army of NATO or something I'm just talking of mine itself and my experience and ideas ok so we'll try I will try to describe what the center of excellence are and this is important to understand how NATO is thinking because in my understanding after three years this kind of a communication vessels so ideas and resources and people are going from one side to the other so center of excellence are first of all the organizations that are independent and they're organized and they share their expertise and their experience on specific topics NATO has already 23 ability David Center of Excellence and

the upper corner is Sonia so is the center of excellence of Estonia the most important to take away from here is that center of excellence are not under structure of Nate so NATO cannot task them to do anything while they cooperate and they can give them a military project and they can see if they can fit in their power of work but they cannot give them the task and that is on purpose because they are their intention was to be more flexible and they can cooperate with academia industry etcetera so this is a center cyber the first Center of Excellence these are the flags of the nations that they are the sponsor nation so the decision are taken

from the sponsor nation they have a director that is doing the day-to-day business but the sponsor nations are involved in their taking the final order there are 20 if you can count them of course Greece is inside and we are have six on the waiting list this is also important because beside the European countries that are still are not inside that they're waiting like Portugal Denmark Romania we also have some three others from the east so we are waiting for South Korea Australia in Japan there are partners of nature so they can join ok so the structure CCDC we you can see on the right corner the structure but mostly it has three branches and this is the most unique of

that they have strut law and that so these are also there our flagships of their project what they are doing there and the unique thing is that under the same roof they have all these elements up in my point and my understanding they're all valuable so in a simple way Strutt tells us what we want to go what we need to achieve the law said that what is wrongful and what is right and we are doing or what we cannot do on testificandum on our west democratic countries and of course it's as the techies that would tell them this is cable and this is not okay so we'll try to talk about some of the

flagship that they have and will actually say what is why this is a influencers so this on 2013 Italian Mandarin Quan it's it's a four year project that actually Mac Smith started its a professor from US Naval College of war and they say that if international law applies to cyberspace own specific warfare on 2013 and actually the the crucial here is that the states they have the rights but there are also beer of Communications something about the sovereignty and jurisdiction and all that most of the time we are hearing on the on the news a cyber attack and this is a cyber attack okay so talent manual said under there are several rules there and it says in simple English what the

cyber attack is and this is most important all all the time definitions of words are very important so it says that it's a cyber operation defensive or offensive we don't care about that but this but it has a reasonable expected causes injury or death I don't know if you can see and then meds or distraction so here we have the physical dimension a cyber attack should have something physical consciousness something that you destroy all the others are not cyber attacks okay that's talent manual and then we have talent manual - well it's on 2017 and it's expanding the cyber warfare also in cyber operations actually it's going further to the things that happening daily that we'll have

discussed before things that are there below the threshold we'll talk about the threshold of the cyber attack and this let's say wrongful ads okay that's a very nice slide that maybe it gives you describe what I tell I said you before so we have the stress hold here that it's the use of force that has something damage physical damage and then talent manual to is talking about this international room full lights DNS hack and all that okay so one other big flagship of the CDC is Lock seals maybe few of you have also participated or you know how it's working the issues here is we have blue teens according to the nation's that they won't participate of corresponds

our nation's and they are on their home base they have their virtual environment that is as close to the real one the difference with other other exercises that they have live-firing you have red team but during the exercise is really making attacks so the blue team's need to defend and of course you have a scoring White team and Green Team infrastructure and all the rest but the most important is to understand that is live firing okay here you have this is some some photos of Block C 2018 I've been Green Team and Red Team and most of the time of these three years you have seen some numbers here but what I want you to mention is that mostly we are

aiming as NATO on critical infrastructure this our concern as electric power grid system and man area vehicles and of course Estonia that's a successful story because here you see two ladies well on the left is the director merle and on the right is the president of Sonja so you see on a high decision political level they take serious cyber and these are nice 3d printing okay I know the final we have the cyclone conference every year it's a very successful they're mostly in 600 high decision-makers that they get influenced by the conference and they have open discussion on that maybe you can recognize the smalls Admiral Rogers Schneider Makaha panel and I want to mention these two guys they're cake

miseries and Alex Thomas I was involved on their invitation and personally I think there are successful second generation great Americans that they are doing are dealing with cyber security okay so we said what CCD CEO is doing and let's say what NATO is thinking and why this is some kind of vessels that they communicate so NATO will always considered like cyber security incident response and then we moved to 2018 to something like be a part of NATO and we have moved from information assurance to mission insurance these very important things to see see us a level up and of course need to understand that cyberspace is a domain that they need also to defend itself as does in other

domains and of course we need cooperation with our allies okay so how we move there okay the milestones in 2018 in Wales I want to make an Asterix here just on his 2014 it's one year after tallied Malan one so they said that NATO allies had a cyberspace international law applies in cyberspace what the manual was saying and also they would say that cyberattack could trigger the article 5 of the Alliance founder treaty I would say explain that later I want you here to mention that it is it's very careful could trigger still on 2014 they are not sure and then they came on 2016 inverse of Samet and they say ok cyber defense is part of nato collective

defence and this is a most important idea that NATO stands for collective defence what is this and what is article 5 so collective defense says that if an ally is under attack then and he requests for help all the other members have to help you so that is the article 5 and so you said that if a nation is under cyber attack and the nation requests for help all the other nations needs to help you just to mention that the trigger file has all once only be triggered on 9/11 the other pillar here is that cyberspace is recognized as an operational domain so we have the land we have the sea we have the air we have

the space now we have cyberspace so cyberspace is an operational domain for NATO what does it mean actually well we're not very sure well we're looking for it but actually we are trying to optimize all the cyber instruments to Porter traditional operations I don't want to say any kind of an example maybe you can of record say something and of course they need to do that on a three-year plan so they started thinking of how is this be done when before I mentioned on the structure of NATO CCD I had the red square on the upper right I don't know if you want to go back here that we have operational brands now so these guys are thinking how we can do

all this on operational level okay and what we need to do Wow building our cyber defense plans a Maina the second main idea of NATO is that pulley necessary NATO's organization does doesn't own anything it doesn't own a tank or an airplane or personnel the nations do so the idea is that you pull and then we serve the same cause that's idea so we are doing the same inside we are pulling we are some of the nations need to build their capabilities resources awareness exercises like locks in cyber coalition trainings and then they will be able to pull that and share it on a common cause and here we come to think that NATO is doesn't like to talk

about a lot but as a response to send a cyber attack so he we say that now after the divorce of 2016 we say that the respond will be full-spectrum this is going more tone strategic way of thinking so they are the adversary doesn't know what to expect so if you have a cyber attack you can respond diplomatic activities send some diplomatics back united states dns hack and all that or you can respond in a cyber means or even go further and respond with conventional means I don't want to give an example and also we are saying that even though that there is a threshold on article 5 about the cyber attack the physical damage and all that

they should also respond in proportionally respond in our defending mod 8 framework below the threshold NATO is the defensive has defensive mandate but of course you understand that when you have the shield you need to know how to use a sword even though that we try to not to say that loud ok what needs to be done well we need to define the rules of engagement I don't know if this means anything to you I could be in an example let's say whenever you will go in a peacekeeping mission the personnel that are going there they have specific rules of engagement let's say that you're going to defend a state and you have people throwing stones so you have a

specific rule of engagement that you are not allowed to shoot them back they just thrown stones you cannot do that this is illegal so the same should also put in cyberspace you want to respond proportionally and in the law of course we need to improve our effective command the decision-making structure in cyber crisis there was a good example in petia and I want to cry the NATO has cooperation with industry and the private sector and we are doing that on exercises like cyber collision we need to start a real debate how we can do offensive cyber security and map the video for coordination counterstrikes and of course even though that we are allies there is a lack of trust between

universe still so we still need to improve our information sharing we need to cooperate between ourselves because cyber defense is not something that you can play alone we have understand that ok I think even though I tried not to be very fast on the previous example I said about information sharing cooperation between the private and the public sector from my understanding this excellent example of this cooperation if you don't know there's a bug bounty program that run first in in the United States Army hug the better boom or hack the army then they had for their force and all that and they have really examples of that so I'm eager for the moment that we can have some kind of a

bug bounty program in NATO or even in Greece and have promised you that you will be all invited that's the end of my presentation I want to thank you for your attention with your fruitful conference and I'm waiting for any questions if I can answer thank you [Applause]