Coordinated Approach to Cyber Defense Urged
- Maj. Gen. Patrick Fermier, director of NATO C3 Staff: “information sharing is a key parameter of success in any military operation.”
- Maj. Gen. Isaac Ben-Israel, adviser to the Israeli PM: “”there was a real threat from states and major criminal organizations.”
- Robert G. Bell, representative of the secretary of defense in Europe: “We have no alternative except to work in close partnership with industry”
- Cecilia Malmström, the EU’s commissioner for Home Affairs: “there was no strategy” in EU-NATO to respond to an Estonia-type cyber attack
- Paul Mac Gregor, Finmeccanica/Vega Director: “The Global Organizations should take in account local cultural and local technological capabilities also bringing global knowledge base”
- Florian Walther, Curesec Sn Consultant: “we need liability for sw vendors, that should test their sw against cyber threat before selling it”
At the launch of the SDA’s cyber-security initiative, a high-ranking panel assembled discussants to tackle the core question of “Defining cyber-security”.
This debate opened a new SDA series that seeks to make sense of the confusion over cyber-security and cyber-crime, and examines the cooperation mechanisms both in place and urgently needed. How vulnerable is Europe to cyber-attack, and what EU-level measures are now under discussion? How does Europe compare in the global drive to promote cyber-protection? What concrete actions should now be taken at national and international level and how can these actions be coordinated?
Countries need to have a good understanding of the cyber capabilities being developed by opponents, said a leading Israeli government official, because “you can’t block an attack by waiting for the attack to come, including in cyber defense.”
Isaac Ben-Israel, a senior cybersecurity adviser to the Israeli prime minister, was speaking at a Security and Defence Agenda event on cybersecurity.
Maj. Gen. Patrick Fermier, director of NATO C3 Staff, dodged a question about whether there was a need to improve cyber offensive capacity to improve cyber defense. “NATO is trying to develop the protection of its infrastructure network,” Fermier said. This is the first step, he added, after which “we’ll see, at 28, what steps to take in the future. Protecting information and information sharing is a key parameter of success in any military operation.”
Robert Bell, senior civilian representative of the secretary of defense in Europe and defense adviser to the U.S. ambassador to NATO, said that NATO needs to get all its agencies and commands under a single cyber defense roof by the end of 2012 and was on track to do that. He also said NATO needs to identify standards. “We have no alternative except to work in close partnership with industry, which has much to teach us about the use of open standards to get us to the point where we need to be,” he said.
Ben-Israel said Israel had realized in 2002 that the most vulnerable points are power production, water distribution, food supply etc. The country then set down a list of 19 key areas but faced a legal problem because most are owned or operated by the private sector. As a result, Israel had to change its laws and define how much government “intrusion” into the private sector was allowed in order to guarantee security.
Ben-Israel also said “there was a real threat from states and major criminal organizations.” In that context, a report released Nov. 3 by U.S. intelligence agencies said, “the governments of China and Russia will remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace.”
In her keynote address, European Home Affairs Commissioner Cecilia Malmström warned that denial about the scale of threats in cyberspace is naïve. “This is a battle we may not win”, she warned, calling “on all governments and industry to put this high on their agenda.” She pointed out that the EU has developed relations with NATO in this area and has a formal relationship with the U.S. But asked if there was an EU-NATO plan to respond to an Estonia-type cyber attack by another state or terrorist organization, she said that “there was no strategy.”
Download the debate report 111109 SDA Report_Defining_cyber_security here.