Ebook: Building Cyber Resilience against Hybrid Threats
Today’s security environment is increasingly complex and unpredictable, with cyber attacks and hybrid warfare blurring the lines between conventional and unconventional forms of conflict, threats to energy security such as climate change and natural disasters, and disruptive technologies like AI and quantum computing. The challenge of adapting and responding to these threats calls for cooperation and novel ways of thinking.
This book presents 11 edited contributions from the NATO Advanced Training Course (ATC) Strengthening SEE Resilient Cyber Defense against Hybrid Threats (STRENGTH), held as an online event from 26 September – 02 October 2021. The ATC brought together more than 60 military and civilian expert participants with 19 renowned professors, experts and practitioners from 14 NATO Member and Partner countries as speakers and lecturers. The ATC aimed to raise awareness about the Alliance and the South Eastern Europe (SEE) evolving complex-threat environment and establish the foundation for a long-term multidisciplinary collaboration among defense and security experts and academia, with the event serving as a first step in the creation of a SEE Network of defense-security and academic experts which can work across borders, linking state of the art of research and practice to build resilience against hybrid warfare capabilities. Participants learned how state and non-state actors acquire hybrid threats via cyberspace to achieve their strategic ends, and took part in working groups, moderated by invited speakers/lecturers, engaging in the productive discussion of questions related to the course topic. The event concluded with briefings presenting relevant case studies and lessons learned.
Today’s security environment is increasingly complex and unpredictable, with State and non-State actors conducting cyber attacks and hybrid warfare which can blur the lines between conventional and unconventional forms of conflict. The spectrum of threats also encompasses energy security challenges, including those posed by climate change and natural disasters, and emerging and disruptive technologies such as AI and quantum computing. The challenge of adapting and responding to these different types of threat is compounded by trends that have radically transformed the security environment.
In an age of strategic competition, cyberspace remains a contested space. The malicious cyber activities targeting our nations are continuous, and their true strategic consequences may lie not in producing a catastrophic armed attack that disables a country in a single moment, but rather in the results of an accumulation of smaller attacks which undermine the sources of national power. We are witnessing a change in international security where conflicts increasingly take place in the grey zone and where aggressors use hybrid tools such as disinformation, cyber-attacks, economic pressure, deception, and sabotage in combination with military instruments. This targeting of our nations through digital means will likely remain an attractive option for years to come. After all, these tools can be exploited by states as well as by proxies and private organisations, without any geographic constraints.
Resilience against cyber and hybrid threats should therefore remain our top priority. Given the evolving threat landscape, societies should focus on building up the ability to resist and recover from major shocks such as the failure of critical infrastructure or a hybrid or armed attack, while also creating national tools to address more drawn out campaigns such as disinformation and electoral interference. Ideally, the practice of building up resilient societies should result in raising our collective benchmarks to a level that makes it more difficult for our adversaries to achieve the effects they desire.
Our ability to deny potential benefits to the aggressor must also be complemented by continuous thinking about and refining of ways to proactively deter and defend against hybrid campaigns. There is constant competition and continuous ambiguity in cyberspace, which renders traditional thoughts on deterrence and strategy less effective. It is not possible to prevent and deter all cyber activity, so we must shift our thinking towards a more proactive approach.
No one corporation, country, or continent can build resilience, deterrence, or defence in isolation. The space of cyber and hybrid conflict is a shared one, so solutions must be built on international coordination and cooperation. Industry remains a primary player in cyberspace, owning most of the infrastructure that supports cyberspace and often being the entity that identifies that an attack is in progress, as well as a first responder. The sharing of responsibility and power with the private sector within an operational domain is therefore a key strategic consideration which needs to permeate all governmental discussions of cyber and hybrid defence strategies. This requires new ways of thinking and working together which may take us out of our comfort zone.
It is therefore my genuine pleasure to welcome this contribution to our collective thinking. Cyberspace and technology will be at the core of the strategic competition that will unfold during the next decade and we need to ensure that we are positioned to harness cyberspace to its benefit in an increasingly digitized environment. Cybersecurity will become increasingly important to securing and enhancing our way of life and ability to conduct business, as industry, government, military, and ordinary citizens rely increasingly on technology and engage in digital transformation. As an enabler, line of effort, catalyst for change, and product of innovation, we must continue to iterate on our thinking about cyber and hybrid defences because they are here to stay.
Christian Lifländer
Head, Cyber and Hybrid Policy Section, Emerging Security Challenges Division, NATO HQ
This article is compiled from the NATO “public releasable” documents, including from the NATO official website, to introduce to the general public NATO Cyber Defence Policy and the concept of Resilience, including how those counter the evolving hybrid threats. The main goal is to develop awareness in the general public and set up the debate on the topic of improving cyber defence and resilience against hybrid threats on national and regional level
With the evolving use of hybrid warfare, threats to the EU and NATO continue to rise. This article explores adversaries’ use of the hybrid threat and the new measures the EU and NATO are adopting to counter it. The content is divided into six parts: first, an introduction outlining the problems associated with hybrid warfare; second, addressing the threat of hybrid warfare; third, describing how the EU is taking measures to address the threat; fourth, an overview of the measures used to counter the threat; fifth, an analysis of Russia’s use of hybrid warfare; sixth, a conclusion that looks at collaborations between the EU and NATO moving forward.
The technology associated with the Internet is said to evolve at the speed of light. That is certainly true when it comes to understanding the strategies and tactics used to commit cybercrimes, whether those crimes target military, governmental or private-sector organizations, and whether the threat actors are governments, government sponsored hackers, criminal cyber-gangs or individuals. In this paper, we examine recent evolutions of cyberspace threats to move them from simple and direct to more layered complex and stealthy methodologies. For example, what appears to be a ransomware attack encrypting files with the hope of collecting a ransom payment for a decryption key may actually hide the actual theft of that data, representing an actual data compromise. Suggestions for maintaining and improving an organization’s readiness to deal with these hybrid threats are provided
Hybrid threats present one of the growing security challenges to the safe and effective management of critical infrastructure, digital systems, and social domains worldwide. The intentional misuse or disruption of such domains and digital technologies will have wide-ranging implications in various aspects of life, spanning from day-to-day activities, civil and military operations, transportation and aviation, communication, finance, and water-food-energy nexus, medical treatments to social media. Despite increasing concerns of evolving cyber threats within multiple domains, only a few strategies to effectively counter the spectrum of hybrid threats have emerged that simultaneously help organizations prevent disruptions, as well as to facilitate recovery and adaptations following such disruptions. Resiliency-based decision-making serves to offer a pathway that may guide policymakers and other key stakeholders to address these challenges by analyzing the nested interdependencies and social resilience of various digital systems. This article posits a multisectoral, multidisciplinary, local, state, and whole-of-government systems approach that conjoins hybrid threats to its social, infrastructural, and informational dependencies.
The chapter considers future foresees of electronic propaganda and digital media transformation challenges with public opinion evolution dynamics. Special accent is given to the analytical perspective of the problem, combining both morphological scenario landscape establishment with system-of-system joint analysis. Results mixed assessment from human factor biometric and simulated multicriteria stochastic evaluation perspectives are further presented. Final wrap-up discussion is provided, trying to generalize the outlined findings and uncertainties towards the future from media and technological perspective, giving additional accents to the new smart digital society and people progress.
This article tackles legal aspects of hybrid warfare activities in cyberspace. It endeavors to explore and to understand how hybrid threats employed by authoritarian regimes undermine international order and challenge the applicability of international principles and standards. The paper attempts to dissect the changing security reality, and the challenge for liberal democracy coming from hybrid warfare activity through cyberspace. The article illuminates the international legal challenges that NATO democracies face amid growing hybrid threats via cyberspace posed by authoritarian regimes.
In last period, the technology development has experienced accelerated and extreme growth resulting in many concepts such as: blockchain, quantum technology, Robotic Process Automation (RPA), Artificial Intelligence (AI) and Machine Learning (ML), Internet of Things (IoT), edge computing, Virtual Reality (VR) and Augmented Reality (AR), and 5th (5G) and 6th (6G) generation networks. This trend is increased by the SARS-CoV-2 pandemic, given that the technology enabled continuance of affairs. In parallel, the threats and attacks on cyber security have dramatically increased as well, causing many losses of all kinds. These two trends need to be treated combined for the purpose of timely and proper addressing and solving of security issues and challenges in the context of future technologies. Therefore, this work contributes by providing a brief overview of cyber security perspective, i.e. challenges and issues for top future technologies. The conducted analysis has shown that security issues for future technologies are numerous and need to be treated in systematic and organized manner during the design of technologies and products in order to minimize the risk and damage and maximize the utilization and benefit.
The last couple of years has constantly shown that ICT can and is used to destabilize and undermine societies and countries using hybrid-based tools and methodologies. Russia’s hybrid war against Ukraine is a clear example of the strength that the hybrid threats pose. Due to its position and previous war conflicts, countries from South-East Europe (SEE) are constantly targeted under the threat of hybrid threats. This chapter gives an overview of the nontechnical measures that can be applied to increase the resilience in the SEE region, and an overview of the AI (Artificial intelligence) based tools and techniques that can be used to generate and combat hybrid threats, especially the disinformation and fake news.
Information infrastructure – computers, embedded devices, networks and software systems – is vital for proper functioning of every sector: chemical, commercial, telecommunications, critical manufacturing, dams, defense production, critical services, energy, financial services, food and agriculture, government institutions, health and public health, information technology, nuclear reactors, waste, transport systems and water and wastewater systems. The global business and industry, government and society as a whole, cannot persist if the major components of critical information infrastructure are degraded, disabled or destroyed. The addition of a large number of new elements contributes to the emergence of new vulnerabilities, and thus possible new attacks. Hence, security is one of the most important factors in terms of protection of the critical information infrastructure. For this reason, there is a need of detecting attacks, and thus reduce the financial losses and impact on the stability and security of the state.
The security of the Internet of Things (IoT) is a key worry since it deals with personal data that must be dependable and can be used dangerously to control and manipulate device operations. In addition, the data generating process is heterogeneous, and the data is enormous in bulk, requiring complicated management. Quantum IoT, or Quantum Computing and IoT, is a notion of higher security design that utilizes quantum-mechanical principles on IoT security management. On the one hand, IoT is beneficial to us, but it also poses several major security risks, such as data leaks, side-channel attacks, malware, and data authentication. Classical cryptographic techniques, such as the Rivest-Shamir-Adleman (RSA) algorithm, perform admirably on traditional machines. However, quantum computing, which has enormous processing capacity and is more than capable of readily breaking current cryptographic algorithms, is steadily gaining traction. As a result, even before quantum computers are commercially available, we must create post-quantum cryptography algorithms to protect our systems from security breaches. Lattice-based cryptography, as a possible option for the future post-quantum cryptography standard, has the features of strong security guarantees and great efficiency, making it ideal for IoT applications. We discuss the benefits of lattice-based cryptography and its implementations for IoT devices in this study.
The application of risk in cyber security plays an integral role as a basis of evidence for decision making as well as providing visibility over existing and potential security postures. To effectively leverage this utility, Risk Management must be integrated within a solution that unifies immediate, short-term, and longer-term functions that deliver cyber security capabilities for secure business services. Through structured language and entity models, integration of systems and processes enables automation that scale when unified holistically. Risk however is something that also integrates human motive with machine applications. It relates the management of source security data with traffic flow, asset criticality, asset owners, controls, as well as policy and predicted representations. The management of risk requires workflow design to manage decoupled governing practises and third-party involvement. What risk highlights is the importance of human-machine teaming, and it is the enhancement of that teamwork that is the focus of the case example, which elaborates on how layered architecture and interoperating mesh security solutions forms the basis of Red Piranha’s Consolidated Security Platform and holistic adoption of Cyber Security Risk Management (CSRM). The novel contribution of this paper is in outlining the adoption of CSRM within a Consolidated Security Platform (CSP). Moreover, the novel contribution here is in demonstrating how CSRM integrates multiple dimensions to leverage automation when unified in a way that can task both workflow and dataflow for its own end.