Sergey Nivens - stock.adobe.com

NATO countries must coordinate their cyber forces to combat the Russian threat  

The top item on the agenda at the Vilnius NATO Summit this month was the revamping the alliance’s defences.

With Russia and China both in an expansionist mood, member countries have been trying to present a united front against possible adversaries. General Chris Cavoli has drawn up some 4,000 pages of regionalised military strategy. However, the main arena for conflict between NATO countries and their rivals has so far been confined to the digital realm. Cavoli’s strategy includes a sub-plan for alliance-wide cybersecurity, but there remains a disconnect between the size of the cyberthreat and the precautionary measures currently in place.

 Some of NATO’s most muscular military powers, the US, the UK and Germany have been rehearsing the deployment of battalions of soldiers in Eastern Europe. In June, 10,000 NATO personnel and 250 aircraft took part in the largest ever NATO air force drill above Germany. However, computer systems are the new front line and we have not seen nearly as much focus on preparations for a cyberwar.

 Ransomware

Russia has long seen the cybersphere as a realm to sow chaos in the West without waging all-out war and triggering NATO’s article 5. Case in point is the Colonial Pipeline ransomware attack of 2021 which caused panic fuel shortages across the US.

On the day war broke out, Russia’s first act was to attack the Viasat satellite that supported Ukrainian communications, disrupting connectivity in several NATO countries in the process. Its cyberactivities have now properly spilled out into the West, with cyberattacks on the UK and the US the most common.

In the ‘grey zone’ of conflict between peace and all-out war, Russia enacts espionage, disinformation and cybercrime, with Russian-based phishing attacks against email addresses of European and US-based businesses increasing 8-fold since the start of the war.

As a result, ex-NATO General Ben Hodges has suggested that cybersecurity is as vital as missile defences. But critical national infrastructure organisations, be they in telecommunications, energy or finance, are not prepared to thwart even a moderately powerful cyberattack, let alone the full might of a nation-state-based attack. Even the most well-resourced companies and governments are suffering from digital hygiene issues. An organisation’s people, processes and technology must be perfectly calibrated. If any one component part falls short, bad actors will find and exploit this chink in the armour.

War games

The best way to find out where a company’s security posture is lacking is by mission-rehearsing what a cyberattack would look and feel like. US Cyber Command runs these types of war game exercises, taking the Air Force’s Red Flag exercises as its prototype. Cyber Flag runs thousands of cyber operatives through train-as-you fight exercises to rehearse the worst possible cyberattack, hoping to find its greatest leaders and revealing the holes in their defences.

NATO too has started war-gaming what an attack from Russia, China or Iran would look like across countries and agencies. The UK army used a cyber range sandbox to conduct the biggest ever simulated cyberexercise in Western Europe earlier this year.

However, these practices have not yet been implemented in the organisations most critical to the functioning of society as we know it. True, we don’t see tanks rolling down the streets of London or New York, but Western countries are under attack. Critical national infrastructure organisations are the front line where NATO needs to co-ordinate their cybersecurity resources.

Retaliatory cyber attacks

Russia is in particularly prickly mood post-Wagner insurrection. As leaders discuss whether to admit new members to the alliance, with Bosnia, Sweden, Georgia and Ukraine all expressing interest, Russia will likely be planning retaliatory cyberattacks on these countries, as they did on German airports and police networks after the country approved sending Leopard tanks to Ukraine.

Collectively, NATO does have a lot of cyber firepower at their disposal to rebuff these attacks. They have already enjoyed success fighting back against the adversary, as in the case of the US’s Hunt Forward missions where US and NATO cyber teams are invited into the networks of vulnerable countries to root out bad actors.

But resources are often siloed in different governments and agencies. This year’s NATO summit should prove the watershed moment where countries finally unite their cyber-defenses, rehearsing a coordinated cyber response with as much urgency as they are on land and in the skies.

A former decorated fighter pilot, William Hutchison was appointed by presidential order to lead US Cyber Command’s first joint force-on-force tactical cyber training exercise, Cyber Flag. As CEO of SimSpace he continues to run cyber training exercises for critical national infrastructure organisations and NATO governments.

Read more on Hackers and cybercrime prevention