Article published on the Atlantic Treaty Association Website https://bit.ly/2HYDUZ5
NATO faces ‘hourly’ cyber intrusions and is moving to take its systems more resilient to a serious attack, according to the organisation’s director of infrastructure services, Dr Gregory B Edwards
There are millions of cyber probes that we see within a week. These are not necessarily attacks, but give an indication that there’s someone looking at your area,” says Dr Gregory Edwards, NATO’s director of infrastructure services, whose responsibilities include cybersecurity for NATO’s information networks and data centres.
The organisation is undergoing a major IT infrastructure upgrade that will see the delivery of new data centres at Mons in Belgium and Lago Patria in Italy, alongside a further two data centres in the new NATO HQ building in Brussels. Together, these will make up the new NATO ‘cloud’. The Mons and Lago Patria facilities should be up and running by September 2018.
Under the existing system, the Alliance’s IT systems are distributed throughout its member nations. The thought then arises that bringing them together in a smaller number of centres might make them an easier target for hackers. However, it is not just about vulnerability – it is also about recoverability, as Edwards explains: “Right now, you have a lot of individual machines. A cyber threat can infect and eliminate all of them. Our ability to recover those machines would then take years. Bringing them together will aid the process of restoring services in the aftermath of an attack.”
Like any responsible organisation with an IT policy, NATO’s systems constantly check themselves for any signs of intrusions. If one is detected, the system has the necessary electronic tools to quarantine and eradicate the threat. Similarly, NATO has also developed a Rapid Response Team of IT specialists to come to the aid of an Alliance member that faces a major IT threat. “It’s really an assistance team. Should a nation have a cybersecurity event and perhaps they don’t have the same abilities as us, we have the capability to deploy the team,” Edwards explains. In order to stay at the forefront of technology evolution, NATO’s IT experts have a close working relationship with their civilian counterparts in the outside world. “We feel it’s vital we have industry input, so we know what the leading-edge capabilities are in that industry,” says Edwards.
NATO does not ‘track back’ to try to trace the source of a cyber intrusion, but, “We will know via intelligence that there are particular threats. ‘Signatures’ of various types of attack are held on the Alliance’s databases and the system knows what to look for,” Edwards says. That said, one area that NATO’s Allied Command Operations office would like Edwards’s team to develop further is the ability to correlate all the various probes and other types of hostile activity faced by the network. “They want improved situational awareness of the cyber domain,” he explains.
As well as shielding its IT systems from external attack, NATO is also paying attention to what Edwards describes as the emerging threat of someone on the inside of the organization trying to sabotage the system. “We’re aware of that and looking to improve security inside our networks,” he confirms.