Industry, military experts discuss murky cyberwar issues

Nations increasingly touched by cyberattacks are still in the very early stages of figuring out how to deal with incidents that could escalate into critical national security threats.

From DOS (denial-of-service) attacks on Web sites to hacking attempts on power grids and financial and military systems, experts are warning that the next wars will be kicked off by electronic blitzes from non-state actors and that nations haven't worked out clear strategies.

But academics, experts from private companies and government officials are discussing those issues this week in Tallinn, Estonia, at the first-ever Conference on Cyber Warfare. It's hosted by the Cooperative Cyber Defense Center of Excellence (CCDCOE), launched in May 2008 to help NATO countries deal with ever-growing cyberthreats.

"Cyberattacks are here to stay," said Jaak Aaviksoo, Estonia's defense minister, during a keynote speech on Wednesday. "They are not disappearing."

Estonia experienced a devastating cyberattack in 2007 following a decision to move a statue memorializing Russian soldiers who fought during World War II. Pro-Russian hackers took down bank and school Web sites via DOS attacks on Estonian networks.

Subsequently, Georgia experienced similar attacks following its conflict with Russia last year. And earlier this week, Iranian news Web sites and those belonging to political organizations were hit with DOS attacks following the contested re-election of President Mahmoud Ahmadinejad.

A multitude of issues are under discussion at the CCDCOE's conference: how nations can legally respond under international law to cyberattacks, how nations should render assistance to one another and simply what is the definition of a cyberattack.

None are likely to be resolved quickly, said Estonian Army Lieutenant Colonel Ilmar Tamm, director of the CCDCOE.

"The situation changes so rapidly," Tamm said. "We have to be really conscious on the conclusions we recommend, and nations have to be understand the potential consequences of what they adopt on the legal side, the policy side."

The CCDCOE is funded by its seven nation members, which include Estonia, Latvia, Lithuania, Germany, Spain, Italy and the Slovak Republic. The U.S. is not a member but has assigned a civilian with the U.S. Navy to the CCDCOE. Turkey, Hungary and the U.S. have expressed interest in joining CCDCOE.

The CCDCOE does not advise NATO operationally but is instead a think tank that is working in policy areas related to cyberwarfare such as tactics, protection of critical national infrastructure, policy and legal issues, Tamm said. The organization produces research papers, some of which are public and some of which are only for benefit of NATO countries, he said.

On the technical side, CCDCOE also does research on botnets, or networks of compromised computers used in aggregate to carry out malicious activity, as well as ways to automate network analysis tasks such as log files and intrusions.

At the request of NATO, it is also working on a paper that defines concepts around cyberwarfare, Tamm said.

Getting all nations on the same page is crucial. The global nature of the Internet has hampered cybercrime investigations since hackers can route, for example, a DOS attack through countries that have poor law enforcement, said Kenneth Geers, a U.S. Navy civilian analyst assigned to CCDCOE.

"The cyberproblem is real, and it demands an international response, but nobody knows quite how best to improve the international response because nation states and organizations themselves have so many questions about cybersecurity," Geers said.

Another looming issue is the development of offensive cyberwarfare skills that could be used in the event of an attack, but that is not CCDCOE's domain.

"We do know that a number of NATO nations are developing offensive capabilities," Tamm said. "They have reason to do that."

It is clear, however, that organizations such as the Taliban are using the Web effectively, said Johannes Kert, an adviser to Estonia's defense minister and chairman of the CCDCOE's steering committee.

The Taliban and Al Qaeda have created Web sites in order to spread ideology, recruit members and teach bomb-making techniques as well as to promote attacks that have been executed. However, NATO has been focused on cyberdefense rather than offense, Kert said.

"This is a field where we clearly lose today as NATO," he said. "This is a question NATO should start to discuss."