Suivre ce blog Administration + Créer mon blog
30 octobre 2015 5 30 /10 /octobre /2015 08:50
Defence Secretary Michael Fallon visits home of the Joint Forces Intelligence Group


29 October 2015 Ministry of Defence and The Rt Hon Michael Fallon MP


Defence Secretary Michael Fallon today visited RAF Wyton, home to the Joint Forces Intelligence Group, which is part of Defence Intelligence.


The Defence Secretary met some of the 1,000 individuals who work at RAF Wyton, where intelligence, surveillance and reconnaissance from across Defence and a wide range of public sources is coordinated and analysed. The work carried out by these individuals towards the identification of current and emerging threats is crucial in enabling Government to develop the appropriate responses to protect the UK and its allies.

Defence Intelligence, which operates from a number of sites around the UK, is also tasked to tackle the online threats that the UK faces. These threats can be found in cyberspace and on social media, and this visit follows last month’s Cyber Symposium in Paris where Defence Secretary Michael Fallon stressed that the dangers of activity occurring in cyberspace are only likely to grow, citing the Russian use of cyber in order to gain military advantage and Isil’s efforts to radicalise individuals and spread misinformation.

Defence Secretary Michael Fallon said:

There is no escaping the fact that the scale, diversity and complexity of the challenges all nations, governments and industries face with Cyber is getting bigger.

As I have said before, much of the 2010 SDSR analysis holds good. We were right to identify cyber as key areas for investment.

Next month’s SDSR will review where Cyber sits in the overall prioritisation of security threats and responses. However we are clear that we must continue to invest in our cyber defence capabilities.

Partager cet article
4 juin 2015 4 04 /06 /juin /2015 07:50
Information Warfare: NATO Is Lost In Cyberspace


May 30, 2015: Strategy Page


Tiny Estonia (population 1.3 million) has formed a Cyber War militia because Russia keeps threatening another major Cyber War offensive. Despite its small size Estonia is the most technically advanced (on a per-capita basis) nation in East Europe and was able to recruit several hundred skilled volunteers who are hard at work pooling their knowledge and skills to better handle more Cyber War aggression from Russia.


Estonia borders Russia and is a member of NATO. That last bit makes Russia reluctant to come in with tanks to take over like they did twice in the 1940s. Russia made a major effort to crush Estonia via major Internet based attacks in 2007. Estonia survived that “invasion” but admitted that this sort of Russian aggression caused great financial harm to Estonia. In the wake of these Russian Cyber War attacks Estonia demanded that the UN and NATO declare this sort of thing terrorism and dealt with accordingly. NATO tried to be helpful, but that wasn’t enough. The UN was even less helpful as the UN has a hard time getting anything done when Russia is involved because Russia is one of the handful of founding members that has a veto.


NATO did make an effort and in 2008 established a Cyber Defense Center in Estonia. This was the most tangible NATO response to Estonian calls for NATO to declare Cyber War on Russia. NATO agreed to discuss the issue but never took any action against Russia. The Cyber Defense Center was a consolation prize and studies Cyber War techniques and incidents and attempts to coordinate efforts by other NATO members to create Cyber War defenses and offensive weapons. NATO say that this appears to have deterred Russia from making another Cyber War attack. The Estonians are not so sure as Russia went ahead and invaded Georgia (a nation of four million in the Caucasus) in 2008 and Ukraine in 2014 and still makes very public threats against Estonia.


  Cyber Wars have actually been going on since the late 1990s and they are getting worse. It started in the 1990s as individuals attacked the web sites in other nations because of diplomatic disputes. This was usually stirred up by some international incident. India and Pakistan went at it several times, and Arabs and Israelis have been trashing each other’s web sites for years. The Arabs backed off at first, mainly because the Israeli hackers are much more effective. But in the last few years the Arabs have acquired more skills and are back at it. Chinese and Taiwanese hackers go at each other periodically, and in 2001, Chinese and American hackers clashed because of a collision off the Chinese coast between an American reconnaissance aircraft and a Chinese fighter. That was just the beginning for China, which now regularly makes major hacking attacks on the U.S. and other NATO members.


Since 2005 these Cyber Wars have escalated from web site defacing and shutting down sites with massive amounts of junk traffic (DDOS attacks), to elaborate espionage efforts against American military networks. The attackers are believed to be Chinese, and some American military commanders are calling for a more active defense (namely, a counterattack) to deal with the matter.


The Russian attacks against Estonia were the result of Estonia moving a statue, honoring Russian World War II soldiers, from the center of the capital, to a military cemetery in the countryside. The Estonians always saw the statue as a reminder of half a century of Russian occupation and oppression. Russia saw the statue move as an insult to the efforts of Russian soldiers to liberate Estonia and enable the Russians to occupy the place for half a century. The basic problem here is that most Russians don't see their Soviet era ancestors as evil people, despite the millions of Russians and non-Russians killed by the Soviet secret police. The Russians are very proud of their defeat of Nazi Germany in World War II, ignoring the fact that the Soviet government was just biding its time before it launched its own invasion of Germany and Europe in general.


While many Russians would have backed a military attack on Estonia to retaliate for the insult by an ungrateful neighbor, this approach was seen as imprudent. Estonia is part of NATO and an attack on one NATO member is considered an attack on all. It's because of this Russian threat that Estonia was so eager to get into NATO. The Russians, however, believe that massive Cyber War attacks will not trigger a NATO response. They were so sure of this, that some of the early DDOS attacks were easily traced back to computers owned by the Russian government. When that got out, the attacks stopped for a few days, and then resumed from what appear to be illegal botnets. Maybe some legal botnets as well. Russian language message boards were full of useful information on how to join the holy war against evil Estonia. There's no indication that any Russians are afraid of a visit from the Russian cyber-police for any damage they might do to Estonia. And the damage has been significant, amounting to millions of dollars. While no one has been injured, Estonia is insisting that this attack, by Russia, should trigger the mutual defense provisions of the NATO treaty. It didn't, but it was a reminder to all that Cyber War is very real except when it comes time to fight back.

Partager cet article
3 juin 2015 3 03 /06 /juin /2015 16:50
Information Warfare: Romania Defends NATO Cyberspace


May 28, 2015: Strategy Page


 NATO member Romania has been put in charge of a NATO effort to improve Ukrainian Cyber War defenses. This is one of five areas NATO recently agreed to concentrate on in an effort to improve Ukrainian ability to defend itself against Russian aggression.


When Romania joined NATO in 2004 Eastern Europe was considered Ground Zero for criminal hacking gangs. There are still a lot of black hat (criminal) hackers around but Romania has made a remarkable turnaround. Romania is now the home of many legitimate Internet security firms and Romanian programmers and engineers are frequently encountered at major software firms like Microsoft. Some twenty percent of Interpols Cyber War experts are from Romania. There are still a lot of black hats active in Romania but the local police have their own growing force of skilled hackers to make Romania a more inhospitable place for black hats. Some Internet security companies actively try to get black hats to come over to the white hat side of the business.


Taking on the Ukrainian Cyber War defense assignment is a big opportunity for Romania because if they are successful they will have a high-visibility success for their software industry and an edge in getting contracts from other countries and large corporations to come in and upgrade defenses against hackers and Cyber War attack. Many of these attacks come from black hats in Russia and China.


In 2004 Bulgaria, Estonia, Latvia, Lithuania, Romania, Slovakia and Slovenia joined NATO, putting parts of the former Soviet Union (Estonia, Latvia and Lithuania) within NATO and on Russia’s border. Many Russians do not like this, for Russian policy since 1945 has been to establish a "buffer" of subservient countries between Russian territory and Germany and the rest of Western Europe. This attitude is obsolete in a practical sense, but old habits die hard. The Russian government said it was willing to work with NATO in areas of mutual benefit but that did not work out. Now there is a state of undeclared war between Russia and NATO and the Internet is one of the more active battlefields.

Partager cet article
13 février 2015 5 13 /02 /février /2015 17:45
Cyberspace: new frontiers for gender violence

11 February 2015 by ISS


Recent years have seen an important shift in how security is prioritised, with an emphasis on threats in cyberspace. Last year, the Sony Corporation hack drew attention worldwide, challenging perceptions of state governance and security in cyberspace.

The estimated financial cost of cybercrime worldwide exceeds US$445 billion annually. For individuals, the loss of private and sensitive information is particularly concerning, and a recent poll in the United States (US) shows that Americans fear breaches in cyber security more than any other ‘traditional’ crimes.

Africa has not been immune to increased cybercrime either, with countries such as Nigeria, Kenya and South Africa fast becoming hubs of cybercrime activity.


Read more

Partager cet article
12 décembre 2014 5 12 /12 /décembre /2014 17:20
Gen. John E. Hyten, the Air Force Space Command  (AFSPC) commander.

Gen. John E. Hyten, the Air Force Space Command (AFSPC) commander.


Dec 12, 2014 by Staff Sgt. Torri Ingalsbe, Air Force Public Affairs Agency


Washington DC  The commander of Air Force Space Command talked about the fundamental relationship between space operations and everyday life - not only for the military, but for the American people - during a breakfast at the Capitol Hill Club, Dec. 5.


Gen. John E. Hyten, the AFSPC commander, explained the complexities of global space operations, and how they're a seamless and invisible part of day-to-day living.


"When you look at what we do in space, it's truly the most joint element of our military," Hyten said. "Everything we do is critical to the operations of (all services) - it's critical to our economy and to the world - it's basically embedded in everything we do."


He talked about the history behind aerospace, the integration of air and space and the fact that space is no longer a benign environment, but is becoming a domain.


"We don't ever want to go to war in space, but we need to be prepared to fight a war in that environment," he said. "You figure out how to operate through that threat environment. One of the oldest precepts in war is the best way to avoid war is to be prepared for war."


His future plans for AFSPC include integrating space and cyber, the ability to command and control space assets, and increasing space situational awareness - all to prepare for that environment.


"As we look forward in the future we have to figure out how to deal with this kind of environment," Hyten said. "We have to build resilient architectures. We have to figure out how we're going to work with the other elements of our nation's power to fight through any kind of threat that we have to - and we will."


The current space programs are on track and working well, Hyten said. His focus is becoming more efficient in procurement, and working with partner agencies to make the ground capability and architecture match the current space capabilities.


"We're going to look at a whole bunch of different ways to do business in the future," he said. "We're going to figure out how to be effective deliverers of capabilities and effects, and build the right tools as we walk into that. The key to our future is going to be updating the ground architecture to look at delivering integrated effects to warfighters around the world."


The commercial sector in space operations is something Hyten said he is excited about, and sees as an opportunity to increase the Air Force's capabilities to support the warfighter and the American people. It is one piece of his plan to modernize operations and be more prepared for any future contested environment. Another important piece of this plan is changing the perception many people, including Airmen, have about space and cyber.


"The future of the United States Air Force is the integration of air, space and cyberspace," Hyten said, "to deliver singular effects on the battlefield in the most effective, efficient way possible and to allow the warfighters of today and the future to have unbeatable advantage on the battlefield."

Partager cet article
13 octobre 2014 1 13 /10 /octobre /2014 07:35
Strengthening Australian-Vietnam Ties… In Cyberspace

13 October 2014 By Jessica Woodall – Pacific Sentinel


Cybersecurity can help Australia take its existing engagement with Vietnam to the next level.


Historically, Vietnam’s relationship with China has been complex. Stretching from 111 BC and early Chinese cultural domination of Vietnam, to the 1979 border conflict and more recent disputes over competing claims in the South China Sea, the relationship’s had its challenges.

Earlier this year hostility flared when the Chinese government deployed an oil rig within Vietnam’s Economic Exclusion Zone. That led to public protests and targeted violence towards Chinese nationals in 22 of Vietnam’s 63 provinces.

Tip-toeing around the edges of that tension are several countries—including the U.S., Japan, Russia and India—seeking to step up their engagement with Hanoi. All seek a stronger relationship with a partner in a geographically important location and a warmer friendship with ASEAN’s main players—and some probably hope to counter China’s expanding sphere of influence.

Tangible engagement has, for the most part, centred on arms and natural-resource sales. Vietnam took delivery of the second of six Kilo-class submarines from Russia in March. And India’s said to be close to concluding a deal to sell BrahMos supersonic cruise missiles to the Vietnamese, further boosting their defense capabilities. Earlier this month, the U.S. also partially lifted its 30-year-old embargo on sales of lethal arms to Vietnam, which will facilitate the sale of weapons for maritime purposes for the first time.

Australia should also seek to expand its engagement with Vietnam: it’s too politically and geographically important to ignore. But we need to be careful not to ruffle Beijing’s feathers while doing so. So we must be subtle in our cooperation with Hanoi, proceeding with a softly-softly approach.

Non-traditional security issues such as cybersecurity provide an opportunity to take our existing engagement, which primarily revolves around transnational crime, to the next level. 


Read the full story at The Diplomat

Partager cet article
25 mars 2014 2 25 /03 /mars /2014 11:50
Pilot Exercise for Strategic Decision Making in Cyber Defence


Brussels - 24 March, 2014 European Defence Agency


A pilot Decision-Making Exercise on Cyberspace Crisis Management will take place in Lisbon in May 2014.  The pilot exercise aims to prepare strategic leaders for situations involving  a major cyber-attack.


With an increasing amount of critical infrastructure - as well as military and government activities - now online the threat of cyber-attacks is growing every day. For this reason, at the European Council meeting in December 2013, Cyber was recognised as one of four key capabilities for future EDA activity.

The pilot exercise in Lisbon aims to prepare strategic leaders with the experience and structures necessary to deal with a cyberspace crisis. The exercise will help increase awareness and contribute to a better understanding of emerging cyberspace challenges and threats.  


Used to develop further training courses

One of the aims of the pilot is to help to develop a coherent conceptual toolkit that could be used in assessing current and future decision-making frameworks and could be used in future training plans. This could include the development of a repository of ‘off-the-shelf’ training courses, exercises, and scenarios that Member States could use in the future.


EU Cyber Security Strategy

The pilot was developed under the EU Cyber Security Strategy which identified the improvement of leadership, training, and exercises as a key activity for cyber security efforts in the EU. This was reinforced by the results of an EDA study in 2012 that found shortcomings in Cyber Security training and exercises of all 20 Member States who took part.

The European Council in December called for the EDA to develop a roadmap for cyber defence as well as concrete projects focused on training and exercises, improving civil/military cooperation, and the protection of assets in EU missions and operation.


More information

Partager cet article
22 novembre 2013 5 22 /11 /novembre /2013 12:55
Le continuum défense-sécurité exige une coopération étroite entre les acteurs régaliens, civils, militaires et privés


21/11/2013 Marc Watin-Augouard Général d'armée (2S) - Fondateur du Forum International de la Cybersécurité et Directeur du centre de recherche de de l'EOGN


LE CERCLE. Cette convergence entre le public et le privé ne peut s’envisager sans une politique industrielle qui fasse émerger des "géants", si possible français, aux moins européens, car la seule question de la souveraineté est essentielle, sauf à accepter une domination américaine ou chinoise.


Seul espace entièrement créé par l’homme, le cyberspace est, comme tous les autres, porteur de liberté, de richesses, de croissance, mais il est aussi l’objet de convoitise de la part des prédateurs. Ces derniers, délinquants, terroristes, mercenaires, guerriers, ont compris que le rapport risques/profits leur est plus que jamais favorable. Nul besoin d’être puissant pour faire du fort un faible et du faible un fort.


Dans ce contexte, notre société, désormais modelée par le "tout numérique", ne peut laisser le champ libre aux pirates, aux bandits "des grands chemins de l’internet". La prise de conscience a été lente : nous avons progressé à tous petits pas à partir des années quatre-vingt-dix. Le Livre Blanc de 2008 marque le passage au trot. Désormais, il faut adopter le grand galop, s’il le faut avec l’aide d’éperons et de cravaches ! Nous n’avons pas le choix ! Soyons-en conscients : nous ne vivons pas une évolution, ni une révolution, mais une métamorphose de notre société. La chrysalide devient papillon.


Nous ne pouvons avoir recours aux modèles, organisations, modes d’action, qui ont prouvé leur efficacité dans le passé. Si nous ne sommes pas au rendez-vous, nous serons une "colonie du numérique", pour reprendre le titre d’un récent rapport sénatorial. Pire, nous serons les "esclaves du numérique". Cet impératif résulte du constat contemporain, mais il doit tenir compte de ce que nous réserve un avenir proche avec notamment l’interconnexion des objets, l’inscription de chaque individu dans une "bulle informationnelle" qui agrège l’ensemble des données à caractère personnel. Tout cela sera possible, car le nombre d’adresses IP permettant les connexions va passer de 4,3 milliards à 340 milliards de milliards de milliards de milliards. Chaque grain de sable du désert pourrait ainsi avoir une adresse…


Le récent Livre Blanc donne un sérieux coup d’accélérateur, notamment dans le domaine de la cyberdéfense, avec sa consécration législative inscrite dans la loi de programmation militaire. Pour la première fois, il reconnaît qu’une cyberattaque peut être un acte de guerre et ainsi justifier une riposte au titre de la légitime défense. La structuration de la cyberdéfense constitue une avancée au regard de la sécurité des systèmes mis en œuvre par les opérateurs des infrastructures critiques civiles et militaires.


Mais la cybersécurité ne se cantonne pas à la cyberdéfense et cette dernière n’est pas seulement la cybersécurité du ministère de la Défense. La cybersécurité concerne aussi tous les autres acteurs : administrations, collectivités territoriales, entreprises, particuliers, etc. qui doivent prendre une "cyberposture", car la chaine est souvent trahie par son maillon le plus faible. Il importe donc d’opérer une mobilisation générale, car chacun est un acteur de la cybersécurité, ne serait-ce qu’en adoptant des règles "d’hygiène informatique", selon l’excellente expression de Patrick Pailloux, directeur de l’Agence nationale de la sécurité des systèmes d’information (ANSSI).


La cybersécurité repose sur un tryptique : la sécurité des systèmes d’information (intégrité, disponibilité, confidentialité), les mesures à la charge des utilisateurs (administrations, entreprises) la lutte contre la cybercriminalité et la cyberdéfense. Le continuum défense-sécurité est particulièrement affirmé dans le cyberespace. En effet, contrairement à ce que certains affirment, une cyberattaque relevant de la cyberdéfense relève du droit pénal tant que le droit des conflits armés n’est pas mis en œuvre. Il n’y a pas de distinction entre le "champ de bataille" et les "quartiers sensibles". Les prédateurs empruntent les mêmes voies, utilisent les mêmes armes.


Par exemple, une attaque par déni de services peut être le fait de délinquants qui cherchent un profit en opérant un chantage sur un opérateur de vente en ligne, de terroristes qui veulent désorganiser les secours simultanément à un attentat, ou le fait d’agresseurs qui veulent atteindre un État. Ce qui permet de qualifier une attaque, c’est son intention, sa complexité, la nature de la cible, le mobile poursuivi. Le continuum exige donc une coopération étroite entre les différents acteurs régaliens, civils ou militaires.


Ainsi, l’ANSSI, la composante cyberdéfense de l’état major des armées, les services de police et les unités de gendarmerie, les services de renseignement, etc. ont l’obligation de coopérer, car la complexité des atteintes au cyberespace nécessite la mobilisation de toutes les compétences, une plus grande transversalité.


La coopération ne se limite pas aux acteurs régaliens. La cybersécurité repose aussi sur des acteurs privés, opérateurs, intégrateurs, prestataires de services, etc. Il existe un secteur privé de la cybersécurité qu’il conviendrait de reconnaître au travers de la loi de 1983 relative aux activités privées de sécurité. Ces acteurs sont, dans une certaine mesure, des collaborateurs du service public. Dans le domaine de la cybersécurité, il faut s’attendre à ce que la part régalienne de l’offre de sécurité devienne minoritaire.


Cette convergence entre le public et le privé ne peut s’envisager sans une politique industrielle qui fasse émerger des "géants", si possible français, aux moins européens, car la seule question de la souveraineté est essentielle, sauf à accepter une domination américaine ou chinoise. Cette souveraineté est tributaire d’une capacité de recherche et développement qui garantisse une meilleure indépendance au regard des innovations technologiques. Elle repose également sur un effort en matière de formation, car les acteurs publics comme les acteurs privés sont aujourd’hui confrontés à une pénurie en matière de ressources humaines dans les domaines liés aux technologies numériques.


La gendarmerie a compris très tôt quels étaient les enjeux du cyberespace, ne serait-ce que parce que son maillage ressemble fortement à la "toile du net". L’architecture du réseau Rubis, conçu dans les années quatre-vingt, a pris le pari du numérique et de la convergence voix-image-texte. La prise en compte de la cybercriminalité remonte à la même époque, alors que le Parlement votait la loi Godfrain, relative aux atteintes aux systèmes de traitement automatisé de données.


Aujourd’hui, la communauté N’TECH s’appuie sur plus de mille gendarmes, renforcés par des réservistes opérationnels et citoyens (dont certains appartiennent au réseau des réservistes cyberdéfense). Le pôle "police judiciaire" développé notamment autour de l’Institut de recherche criminelle (IRCGN) et du Service technique de recherches judiciaires et de documentation (STRJD) témoigne de la volonté d’adapter l’organisation. La nomination récente d’un conseiller "cybersécurité" auprès du directeur général reflète la prise en compte du caractère stratégique de l’action qui se développe.


Mais il faut aller encore beaucoup plus loin ! En effet, la cybercriminalité est la criminalité du XXIe siècle. À l’origine, lorsque seul dominait le secteur primaire agricole, les prédateurs s’en prenaient aux personnes : Cain tuait Abel… Meurtres, assassinats, agressions, enlèvements, esclavages constituaient l’essentiel des transgressions. L’apparition du secteur secondaire, avec les produits manufacturés, a entrainé un glissement vers les atteintes aux biens. Voler, détruire, receler offre un meilleur rapport profit/risque pénal.


Puis, le secteur tertiaire, lié aux services a ouvert le champ de la délinquance intelligente en "col blanc". Escroqueries, blanchiment, fraudes, faux, etc., sont des infractions complexes plus difficiles à combattre par les enquêteurs et la justice. Un nouveau glissement a été observé au travers de l’émergence de la délinquance économique et financière.


Aujourd’hui, le "tout numérique" délimite un secteur quaternaire, celui de l’immatériel. Là encore, un transfert s’observe, car, dans le cyberespace, la victime n’a jamais été aussi près de son agresseur, ce dernier n’ayant jamais été aussi éloigné de son juge. La cybercriminalité est un domaine où le "chiffre noir" est très important. Les victimes ignorent souvent qu’elles ont été attaquées.


La lutte est à armes inégales, car, faute d’un droit international universel, le droit national n’est pas adapté à des phénomènes par nature transfrontaliers. La vitesse et l’adaptation permanente du cybercrime heurtent la lenteur de la procédure et de l’entraide judiciaire. Si les institutions, dont la gendarmerie, ne prennent pas immédiatement le virage, le dérapage est assuré avec un risque majeur d’incapacité de l’état à assurer la première des fonctions régaliennes.


C’est pourquoi la lutte contre la cybercriminalité ne peut être exclue du champ de sécurité nationale, ne serait-ce que dans le haut du spectre. La gendarmerie doit donc poursuivre ses efforts dans un contexte budgétairement difficile. Cela passe notamment par une formation accrue de tous les militaires, officiers et sous-officiers, un recrutement plus important de scientifiques et une démarche prospective anticipant les conséquences positives et négatives de nouvelles technologies sur les pratiques professionnelles.

Partager cet article
23 septembre 2013 1 23 /09 /septembre /2013 18:50
Cyber Endeavor seminar gathers security experts for four-day event

September 23, 2013 U.S Navy Mass Communication Specialist Jim Bane, Combined Endeavor Public Affairs


U.S. ARMY GARRISON, GRAFENWOEHR, Germany - Today, nearly every world event or crisis has a cyber-aspect to it, and the decisions made in cyberspace affect our physical or conventional activities and capabilities.


Cyber Endeavor, a regional seminar, addressed these issues and more from Sept. 17-20 during Exercise Combined Endeavor 2013 as an independent event focusing exclusively on cyber security.


In its fifth year, Cyber Endeavor is not an exercise, but one of four regional seminars held in separate countries. Combined Endeavor participants can attend the speaker sessions but “the overall purpose of the program is to build partnership capacity with the partner nations,” said Trina Zwicker of U.S. European Command’s J-6 Cyber Outreach Division.


Speakers for the event included representatives from Microsoft, Hewlett Packard, Cisco, the National Defense University, Verizon and many others. For the presenters, Cyber Endeavor was an opportunity to speak to military cyber experts from more than 30 countries.


Sam Ceccola, Hewlett Packard Department of Defense Technologist, presented insider threat analytics, platform concepts and cloud computing.


“Today we spend a lot of time protecting from outsider threats and we need to spend an equal amount of time protecting from insider threats,” Ceccola said.


Verizon’s Michael Young, a senior account manager for enterprise solutions in Europe, Middle East, and Africa supporting U.S. Federal sales, discussed his company’s publication called the “Data Breech Investigations Report.” According to Young, the report is “an analysis of data breeches that happened over the past year, how they happened, how the attackers got in and what was compromised.”


“Verizon believes that EUCOM and its partners can use this model to create a similar report,” Young said. This report could be used to demonstrate what the cyber landscape looks like and what the threat environment looks like as well.”


The cyber business of Microsoft was presented by David Aucsmith, senior director, Microsoft Institute for Advanced Technology in Governments. Aucsmith is responsible for technical relationships with agencies of the U.S. and other governments, as well as special projects.


“Our product is not only used by our government, but by the governments of our adversaries,” Aucsmith said. “Microsoft is the most attacked place on Earth. We have been attacked by every country on the planet and once from McMurdo Station in Antarctica. That guy is in jail now.”


There are three types of attacks, according to Aucsmith: warfare, where the object is to deny, degrade and destroy your target; espionage, where unauthorized access is the objective; and criminal, where fraud and/or theft are the goal of the attackers.


“If you’re a victim of one of these attacks, you don’t know which one is hitting you. If the attack is warfare in cyberspace, the attack is sustained, it’s continuous unlike conventional warfare,” said Aucsmith.


Aucsmith believes that as long as there is an adversary a static device can’t remain secure. “We need to produce systems that can change and modify in the presence of those adversaries activities.”


Closing remarks were given by U.S. Army Brig. Gen. Bruce T. Crawford, director, EUCOM J-6 C4/Cyber.


“Not doing the basics of cyber security is like building a house on a weak foundation,” Crawford said “The most likely threat vectors are the most routine things out there; the threat vectors are not overly sophisticated.”


“My view is that we have to fix the fundamentals and the thinking about cyber security to bring it to the forefront, a security violation can be just as dangerous as losing a weapons system,” said Crawford.

Partager cet article
7 février 2013 4 07 /02 /février /2013 18:50

cyber warfare


7/2/2013 Ref: EU13-049EN


Summary: 7 February 2013, Brussels - A free and open Internet is at the heart of the new Cyber Security Strategy by the European Union High Representative Catherine Ashton and the European Commission. The new Communication is the first comprehensive policy document that the European Union has produced in this area. It comprises internal market, justice and home affairs and the foreign policy aspects of cyberspace issues.


The Strategy is accompanied by a legislative proposal (a Directive) from the European Commission to strengthen the security of information systems in the EU. This would encourage economic growth as people's confidence in buying goods online and using the Internet would be strengthened.

The Strategy is offering clear priorities for the EU international cyberspace policy:
  • Freedom and openness: The Strategy outlines the vision and principles on applying the EU core values and fundamental rights in cyberspace. Human Rights should also apply online and we will promote cyberspace as an area of freedom and fundamental rights. Expanding access to the Internet should promote democratic reform worldwide. The EU believes that increased global connectivity should not be accompanied by censorship or mass surveillance.
  • The laws, norms and EU core values apply as much in the cyberspace as in the physical world: The responsibility for a more secure cyberspace lies with all players of the global information society, from citizens to governments.
    Developing cyber security capacity building: The EU will engage with international partners and organisations, the private sector and civil society to support global capacity building in third countries. It will include improving access to information and to an open Internet and preventing cyber threats.
  • Fostering international cooperation in cyberspace issues: To preserve open, free and secure cyberspace is a global challenge, which the EU will address together with the relevant international partners and organisations, the private sector and civil society.


FAQ's on the International aspects of the Cyber Security Strategy

How can the core values be ensured in the worldwide web?


One example is human rights, which should also apply online as the European Union will promote cyberspace as an area of freedom and fundamental rights. Expanding access to the Internet should advance democratic reform worldwide. The EU believes that increased global connectivity should not be accompanied by censorship or mass surveillance.


What EU norms and laws should be used in cyberspace?


The responsibility for a more secure cyberspace lies with all players of the global information society, from people to governments. The EU supports the efforts to define norms of behaviour in cyberspace that all stakeholders should adhere to. Just as the EU expects citizens to respect civic duties, social responsibilities and laws online, so should states abide by norms and existing laws. An important pre-condition for free and open Internet that brings political and economic benefits to societies worldwide, is to maintain a multi-stakeholder governance model of the Internet.


Will there be new laws to address cyber threats?


No, the EU believes we have many international law instruments already that should be applied in cyberspace. However, some governments have proposed new treaties and conventions in cyber issues that the EU cannot support. We fear that the argument of cyber security will be used as a pretext to justify limiting the freedom of expression and access to information. For instance, the Budapest Convention includes all the important elements to assist in investigation, prosecution, and international cooperation to address cybercrime.


At present 49 countries have signed the Convention and many countries outside Europe have introduced its principles into their legislation. The EU has assisted the Council of Europe in disseminating the principles of this Convention worldwide, and we are currently financing new programs to promote the Budapest Convention and increase the rule of law in this area.


What does the EU intend to do on capacity building?


The EU will engage with international partners and organisations, the private sector and civil society to support global capacity-building in third countries. It will include improving access to information and to an open Internet and preventing cyber threats. The EU will also actively participate in developing donor coordination for helping capacity-building efforts. These actions will focus on enhancing criminal justice capabilities in training prosecutors and judges, and introducing the Budapest Convention (Cybercrime Convention) principles in recipient countries' legal framework, building law enforcement capacity to advance cybercrime investigations and assisting countries to address cyber incidents.


How does the Strategy contribute to international cooperation in cyberspace?


To preserve an open, free and secure cyberspace is a global challenge, which the EU should address together with the relevant international partners and organisations, the private sector and civil society. The EU will place a renewed emphasis on dialogue with third countries and international organisations, with a special focus on like-minded partners that share EU values. At bilateral level, cooperation with the United States is particularly important and will be further developed.


What the EU is doing on cyber defence issues?


Within the Common Security and Defence Policy, the European Defence Agency (EDA) is developing cyber defence capabilities and technologies, improving cyber defence training & exercises. Given that threats are multifaceted, synergies between civilian and military approaches in protecting critical cyber assets should be enhanced. These efforts should be supported by research and development, and closer cooperation between governments, the private sector and academia in the EU.


The EU is also promoting early involvement of industry and academia in developing solutions and in strengthening Europe's defence industrial base and associated R&D innovations in both civilian and military organisations. The EDA will promote civil-military dialogue and contribute to the coordination between all actors at EU level - with particular emphasis on the exchange of good practices, information exchange and early warning, incident response, risk assessment and establishing a cyber-security culture.


Why does the Strategy address civilian and military issues?


Given that threats are multifaceted, synergies between civilian and military approaches in protecting critical cyber assets should be enhanced. These efforts should be supported by research and development, and closer cooperation between governments, the private sector and academia in the EU. To avoid duplication, the Union will explore possibilities on how the EU and NATO can complement their efforts to heighten the resilience of critical governmental, defence and other information infrastructures on which the members of both organisations depend.


Are the EU and NATO cooperating in cyber security?


There is a regular cooperation going on between the experts. After the Strategy is adopted, we intend to intensify cooperation with NATO in cyber security. Dialogue with NATO should ensure effective defence capabilities, identify areas for cooperation and avoid duplication of efforts.

Next Steps

The Directive must pass through the Council of Ministers and the European Parliament before adoption whilst the Cyber Security Strategy will remain as it is as it is not legislation.


DG Connect


EU Justice and Home Affairs


Partager cet article
1 octobre 2011 6 01 /10 /octobre /2011 07:25
NATO Sec Gen Calls for More EDA-NATO Cooperation

30 Sep 2011 By JULIAN HALE DefenseNews


BRUSSELS - NATO Secretary General Anders Fogh Rasmussen called for greater cooperation between NATO and the European Defence Agency (EDA) to reduce costly duplication of effort.


Speaking at a European Policy Centre event here Sept. 30 looking ahead to the alliance's Chicago summit next year, Rasmussen said that "in a time of economic austerity and in a long-term perspective, we should avoid duplication and waste of money. We should coordinate and merge some projects."


Asked how industry could help, he said that "military equipment is becoming more and more expensive" and that "industry could help by ensuring prices don't rise so fast."


He also said opening up defense markets, as the European Commission is trying to do with a new European Union defense procurement directive, could help.


Complicated political problems prevented agreements on EU-NATO security arrangements in theater, he said, and these were generally resolved on "an ad hoc basis." The EU and NATO can only officially consult on Bosnia and cannot discuss Afghanistan, Libya and Kosovo operations, he said. "We know that the Cyprus dispute is at the origin of this and don't expect rapid progress on this," he said.


He urged Russia to "cooperate actively" in NATO's missile defense shield project. Specifically, he said he envisages a NATO and a Russian missile defense system with two joint centers through which data could be exchanged and joint threat assessments produced.


"We have no intention to attack Russia and I don't think Russia intends to attack us," he said, referring to a 1997 agreement in which both sides agreed not to use force against each other. He went on to describe a NATO-Russia summit at Chicago in 2012 as "an option" but that depends on "real substance and concrete results to deliver."


Regarding out-of-area operations, he said NATO had "no intention to intervene in Syria or other countries." In the case of Libya, there was a U.N. mandate and strong support from the region for NATO action, he said, but "neither condition was fulfilled for Syria or any other country."


NATO's core purpose is territorial defense of its member states, he said, but it "stands ready to protect our territories and populations if conflicts emerge."


Cyberspace is clearly emerging as a growing NATO priority.


"Defense of our territories may start beyond our territories, even in cyberspace," he said. On Sept. 20, NATO's Command, Control and Communications Agency launched a 28 million euro ($37.7 million) call for cyberdefense procurement. Rasmussen referred to cyberdefense and strategic transport as being among the priorities to be unveiled in his proposals for pooling and sharing among NATO countries, known as his "smart defense package."


Cybersecurity, he said, might be an area where NATO would consult with partner countries with specific expertise and which share the same security concerns. "This will be done on an ad hoc basis," he said.

Partager cet article


  • : RP Defense
  • : Web review defence industry - Revue du web industrie de défense - company information - news in France, Europe and elsewhere ...
  • Contact


Articles Récents