Cybersecurity
military machinations, is not uncommon. Since the first recorded ‘hack’ – in the mid-1980s a German hacking group gained access to US military computer systems, selling acquired information to the Soviet KGB – this type of digital subterfuge has exploded. In 2019, according to Council of Foreign Relations data, there were 76 state-sponsored cyber operations. More recently, Russia has phished European entities to get information about Ukrainian government operations. At the same time, its security agencies have used malware to gain access to private sector and state computers across the US and European Union. Both successful and unsuccessful breaches of cybersecurity defences are hardly Matrix-like, too. Earlier this year, news headlines charted a German security breach after a military official dialled into a call from an insecure landline. High stakes? Certainly. High tech? At least not to outside eyes.
Indeed, as first publicised via Russian media, the
world’s largest country was able to access a meeting in which German military officers discussed sending ‘bridge-busting’ Taurus missiles to Ukraine, after an official logged into a WebEx call from a non-secure Singaporean hotel line. But despite the seeming banality of the hack, follow-on consequences have been of blockbuster proportion. In Germany, the breach reignited a politically divisive domestic debate about sending such weapons eastwards, as well as sparking recriminations around digital security and protocols around sensitive communication. One German minister called for en masse retraining in protected communications. Another information security expert simply told Politico: “Somebody was sloppy.”
Security, not sloppiness It’s within the remit of Jean-Paul Massart, chief at Nato Digital Workplace Centre and Nato Communications and Information Agency (NCI Agency), to ensure that any so-called ‘sloppiness’ doesn’t impact the security of digital communication within the 32-country military and political alliance. As head of the Nato’s internal data and technology agency, he is responsible for every aspect of Nato’s digital structure: from ensuring access to digital tools for seamless workplace operations to overseeing ongoing digital transformation as well as cybersecurity. Massert’s team help make good on the latter part of his remit, digital security, by forging the right vendor partnerships but also by devising appropriate guiding standards and digital security classifications. Indeed, such standards are used to dictate protocol on calls that might involve discussion around information as sensitive as that on the now infamous German Taurus missile mishap. As Massart explains, protocols, as well as any incumbent checks and balances, being adhered to are critical to ensure no unwanted third parties can access specific digital communications. Such checks can be surprisingly simple, he adds, ranging from asking the identity of
call participants to finding ways to communicate offline where appropriate. “Sometimes we take communication off the internet and we monitor networks for any suspicious activity,” he says. “But when a call is very important, members of my technical team sit in and if they notice anything [suspicious] they can shut them off the call.” Massart brings this type of, admittedly rudimentary, but nonetheless, effective check to life on our own WebEx chat: asking who I am and where I’m dialling in from. With no blanked-out video mosaics or unexpected participants on our screen, we’re free to chat. “It’s very important we know who is on a call,” he adds. Massart continues that checks such as these only need to happen on the most classified of communications. Between officials discussing potential weapons transfers; probably, yes. But hardly useful for pre-agreed conversations with journalists, where information will enter the public realm thereafter. With his internal agency also tasked with contributing to Nato’s strategic prowess, digital security also has to be designed so as not to impinge on organisational needs. Here, a hierarchy of security classifications, alongside a clear view of the nature of intended communication helps Massart’s team decide on the appropriate digital security tack. “Our classifications go from public-facing all the way to secret,” he explains. “We don’t use expensive systems or create an air gap [taking comms offline] if the conversation is administrative, so we have built a digital toolbox to satisfy different scenarios.”
Cybersecurity in concert Critically, as Nato is an international alliance, Massart explains that standards around digital security and application need multi-party in-concert agreement in order to ensure interoperability and effectiveness. “All [Nato] nations need to buy in,” he adds, noting that while military leaders might not care about which specific system is used, they will care about its utility, such as the ability to have live translation or seeing the
Defence & Security Systems International /
www.defence-and-security.com 37
After the beginning of the Covid-19 pandemic, Nato’s digital communications increased by 1,000%.
Parilov/
Shutterstock.com
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51
