The second part of our exclusive report from the NATO TIDE Sprint meeting
Aside from the morning plenary sessions there was a large selection of round tables, one of which centred on these cyber issues. Dr Tamsin Moye, a senior scientist cybersecurity within the NATO Communications and Information (NCI) Agency in The Hague, highlighted the complexity of the questions NATO is posing: “If the effect [of the cyber-attack] is in the physical world [taking control of vehicles, for e.g.] is this still a cyber attack or a hybrid attack? ” Or: “What is a proportionate response?” Or again: “Can a cyber-attack be carried out by actors in other domains [land/ air/navy] and if so, are cyber specialists needed?” These are the kinds of questions that occupied the experts throughout the week.
For Vice-Admiral Arnaud Coustillière, who is the cyber general officer for France (“and being joint is a key element for success“, he noted), one should never forget that “one cannot win a war with cyber but one can lose it with cyber.” He explained that cyberspace in the NATO organisation is placed under division J3 current operations and not under J6 communication and information systems.
Coustillière explained that in France’s White Paper – Defence and National Security 2013, Paris pledged not only to triple its investment in the cyber domain to reach €1bn but also to recruit 2,000 specialists, many of whom will come from the private sector.
Indeed, “the private sector has a vital role to play,” said Philip Lark, Director of the Cyber Security Studies Programme at the George Marshall European Centre for Security Studies in Garmisch-Partenkirchen, Germany. For him the current responses to cyber threats “are not inclusive enough of the private sector, apart from public/private partnerships. Citizens and the private sector are central,” he argued, reminding the audience that “by 2020 there will be 5 billion connected people, US$4 trillion dollars of revenue, more than 25 million apps, 50 trillion Gigabytes of data, and risks of fraud, theft, breaches of privacy, and threats to our supply chains.”
Lark warned that “even if we get it right in NATO and the European Union, there is the rest of the world that won’t benefit from our regulations.” He added that each country should have a strategy, policy, regulations, laws, norms and best practices in the cyber domain. “The problem,” he sighed, “is that [progress] is glacially slow.“