In May 2008, the U.S. Department of Defense and the German Ministry of Defence signed a memorandum of understanding concerning Cooperation on Information Assurance and Computer Network Defense. Computer network defense (CND) refers to actions taken on computer networks to monitor and protect those networks. It is not the only memorandum the U.S. Department of Defense has signed with allies on cyber defense.
In late 2016, U.S. Cyber Command operators wiped Islamic State propaganda material off a server located in Germany. The German government was notified in some fashion but not asked for advance consent, causing much frustration. While U.S. Cyber Commands reported action may have violated Germanys sovereignty, it didnt explicitly violate the memorandum. It wasnt an act of CND; it was a computer network attack (CNA), seeking to disrupt, deny, degrade or destroy.
This reveals an uneasy situation within cyber cooperation: Allies do not agree on the appropriate procedures and boundaries for offensive cyber operations. More specifically, there is no agreement on when military cyber organizations can gain access to systems and networks in allied territory to disrupt adversarial activity. As I have argued previously, this issue may end up causing significant loss in allies trust and confidence. My proposed solution: NATO allies should establish memoranda of understanding on offensive cyber effects operations in systems or networks based in allied territory.
Objectives of Out-of-Network Operations in Allied Networks
Allied states may operate in each others systems or networks in at least three ways: as an observer, gathering intelligence on adversarial activity in others networks; as a passerby, transiting through allied systems and networks to access a certain adversarial target; or as a disrupter, seeking to cause friction for an adversarys operation within an allys network or system. The German case discussed above is the only publicly known case of a state acting as a disrupter in an allied network. But we can expect that more of these cases will be publicly disclosed in the future.
It has now been widely discussed that the U.S. Cyber Command has undergone a significant shift in strategic thinking away from deterrence toward persistent engagement and defend forward. Following these recent changes in strategic thinking, U.S. Cyber Command seeks to cause friction wherever the adversary maneuvers, operating globally, continuously and seamlessly. In a similar vein, NSA director and Cyber Command head Gen. Paul Nakasone writes in an article for Joint Force Quarterly: We must maneuver seamlessly across the interconnected battlespace, globally, as close as possible to adversaries and their operations, and continuously shape the battlespace to create operational advantage for us while denying the same to our adversaries.
While one may expect adversaries to maneuver in allied networks, the U.S. is currently the only NATO state that makes causing friction in allied networks a necessary and explicit component of its strategy. Other military cyber organizations could follow in the near future.
And we already see countries moving in this direction. On Aug. 1, the Communications Security Establishment Act (CSE) came into force in Canada. According to the Canadian government, CSE could be authorized to proactively stop or impede foreign cyber threats before they damage Canadian systems or information holdings, and conduct online operations to advance national objectives. The Canadian government does not explicitly talk in its latest strategy about the need to operate globally, continuously and seamlessly or to cause friction wherever the adversary maneuvers. In that regard, it needs to do more strategic thinkingas other countries doon the exact role of cyber operations on allied networks in the military context.
But the proposed memorandum of understanding on cyber offense addresses exactly this possibility.
The Goal of the Memorandum of Understanding
The goal of the proposed memorandum is to reduce discord among the allies; enhance trust, transparency and confidence between allies; and improve the effectiveness of disrupting and deterring adversaries operations in cyberspace.
The scope of the memorandum should include (a) developing a common notification equity framework for out-of-network operations that seek to achieve cyber effects in allied systems or networks; (b) identifying procedures for communicating the consideration and conduct of offensive cyber effects operations between states against systems or networks in allied territory; and (c) identifying technical solutions and administrative documentation required for the continuous exchange of information on offensive cyber operations.
In writing the memorandum, states first and foremost should agree on the equities involved in permitting signatories to conduct cyber effect operations in each others networksand the relative weight of those equities. Equities that should be considered include (a) the ability of an actor to take action to negate known threats on or to the other parties networks and systems; (b) the likelihood that an action will negate known threats; (c) the imminence and scale of the threat; (d) the risk of collateral damage; (e) whether the computer system or network is government owned or privately owned; and (f) the certainty that the system or network will be used to achieve strategic effects by the adversary.
There are three open questions about the memorandum of understanding.
I. Should the Proposed Memorandum Be NATO-Wide or Bilateral?
There are benefits of negotiating a NATO-wide agreement, including ensuring it contributes to the defense of all NATO members networks and enhances resilience across the alliance. It could also guard against the potential that persistent engagement and defense forward might be exploited by adversaries, as I argued previously:
Adversaries dont randomly choose which intermediate nodes to direct their operations through. If Russia has the choice to go through a network that would raise some serious diplomatic friction between the U.S. and a U.S. ally, or operate through a network that would cause no diplomatic friction for the U.S., what would it prefer? It would make sense for adversaries to operate through the networks of exactly those countries with which the U.S. has a strong relationship but that do not want the U.S. to operate within their networks causing any effects.
But there are constraints on a NATO wide-memorandum, too. To start, not all states are equally willing to share intelligence information. A bilateral agreement would make it easier to tailor the notification equity framework to the specific preferences and capabilities of both governments.
II. Can It Be Used as a Public Signaling Device?
The notification equity framework part of the memorandum of understanding can remain classified. Governments might not get it right the first time. As the framework might need tweaking, immediate public disclosure is risky. But a public version, if crafted carefully, can also help to set the parameters of what Michael Fischerkeller and Richard Harknett call agreed competition. That is, it can help clarify where adversaries are allowed and not allowed to go within each others networks. If we want stability in cyberspace, this is a mechanism by which to achieve it.
III. Should the Memorandum Also Address Cyber Operations Beyond Allied Networks?
A memorandum of understanding narrow in scopethat is, addressing the allies conduct of cyber effect operations taking place only in systems or networks in allied territorywould ignore the negative impact on allied intelligence operations and capabilities beyond these systems and networks.
Military cyber organizations are operating in a global environment historically dominated by intelligence agencies, and the Five Eyes has always been the most dominant actor in cyberspace. But the anglophone intelligence alliance is not the only intelligence actor operating across the world. Recent casessuch as the Dutch s General Intelligence and Security Service infiltration into the Russia-based network of the infamous hacking group Cozy Bearhave illustrated the continued global prevalence and value of allies intelligence operations beyond the Five Eyes alliance.
If military cyber organizations increasingly take up the role of disrupter, it may negatively impact global intelligence collection of alliesparticularly those countries that favor long-term access over immediate effect. It will also more likely uncover and burn allied capabilities.
The risks of occurring are higher than one may think as intelligence agencies have a tendency and incentive to target and track the same entities. For example, in late 2014, cybersecurity company Kaspersky Lab reported on the Magnet of Threats. The cybersecurity company discovered a server belonging to a research organization in the Middle East that simultaneously hosted implants for at least five Advanced Persistent Threat (APT) actors: Regin and the Equation Group (English language), Turla and ItaDuke (Russian language), Animal Farm (French language) and Careto (Spanish language). Consider what would have happened if one of those five APT groups had sought to cause a disruptive effectrather than collect intelligenceagainst the target in the Middle East. It likely would have resulted in much earlier discovery and analysis by threat intelligence companies (or other actors) exposing the tactics, techniques and procedures (TTPs) of each actor group.
Also, even the anticipation of more cyber effect operations in nonallied networks from one allied state could lead to a change in operations by another state. Indeed, states have shown in the past that the anticipation of early discovery of an operation has led to a change in their TTPs. For example, the National Security Agency (NSA) created an exploit orchestrator called FoxAcid, an Internet-enabled system capable of attacking target computers in a variety of different ways, depending on whether it is discoveredor likely to be discoveredin a given network. FoxAcid has a modular design, with flexibility allowing the NSA to swap and replace exploits and run different exploits based on various considerations. Against technically sophisticated targets where the chance of detection is high, FoxAcid would normally choose to run low-value exploits.
Not a Silver Bullet
While I argue that the NATO memorandum of understanding on offensive cyber operations in systems or networks based in allied territory can greatly help in promoting stability and enhancing confidence among allies, it is not a silver bullet. It can only reduce allied concerns rather than mitigate them. Military cyber organizations may still conduct effect-based operations in allied territory without consent, leading allies to assert that their sovereignty has been violated. And theres another crucial player involved. As Gen. Nakasone noted in the Joint Force Quarterly article, cyberspace is owned largely by the private sector. They deserve a seat at the table as well.
See the article here:
NATO Allies Need to Come to Terms With Offensive Cyber Operations - Lawfare
- NATO Protesters Receive 5- To 8-Year Prison Terms [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- NATO 3 get prison terms ranging from 5 to 8 years [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Nato News [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- NATO - New World Encyclopedia [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- NATO - State [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- NATO: Definition from Answers.com - Answers - The Most ... [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- NATO - Wikipedia, the free encyclopedia [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- European observers detained in Ukraine are branded 'Nato spies' - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Furious Russia Proposes Retaliation Against NATO Countries! - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Latvia: US troops arrive in Baltics for NATO drill - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- No NATO. May 2012. Archive. Chicago, Il - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Erkkio Tuomioja: "Nato suojaa Suomea meteoriiteilta". - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- US troops arrive in Latvia for NATO exercises: Baltic states concerned by Russian military threat - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Voglio andare a vivere a Laveno dove e' nato Pozzetto - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- OcaqTv - Rusiya NATO srhdini pozdu -- F-16-lar havaya qalxd - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Men of War Assault Squad Cold War Mod - NATO vs Warsaw Pact - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- US troops in Poland: American soldiers arrive for NATO exercises in response to Russia threat - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Ancona 23-04-14 PdCI - La crisi dell'Ucraina, la NATO e l'UE: pericoli di guerra e lotta x la Pace - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Eastermonday Peace ralley NATO Bchel germany 21.04.2014 - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- How to change Gear 2 Strap NATO no tool needed - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- CNN: NATO Scrambles Fighter Jets To Investigate Russian Bombers! - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- NATO to deploy recon flights over Poland [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Marine Le Pen: Vyvediem Franczsko z NATO - francztina, rutina - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Warum NATO/USA Russland einkreisen und erobern wollen - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- 5 NATO troops killed in Kandahar Afghanistan UK's helicopter crash - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- NATO troops killed in Afghanistan helicopter crash - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Prostittas priecjas par NATO karavriem Latvij - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Slovakia: NATO exercises in Central Europe - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- NATO - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- MV Bill - A Luz #PersianaBaixaMix (prod. DJ Nato pk) Part. @KmillaCdd - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- "NATO 3" individuals sentenced - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Conversation: NATO's Evolving Mission - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- NATO planes chase out Russian bombers - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- NATO military response 'almost unthinkable' [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- NATO supply trucks stuck in Pakistan - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- NATO News and Video - FOX News Topics - FOXNews.com [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- Poland: French Rafale fighter jets join NATO force - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- RAF Deploys Typhoon Jets To Bolster Nato Air Policing Mission - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- DatSyn News - USA And NATO Moving Closer To War With Russia - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- Germany: Pro-Russians rally against NATO in Frankfurt - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- Rasmussen: No need for NATO in Syria - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- BREAKING: UK Helicopter Crashes, 5 NATO Troops Dead in Afghanistan - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- NATO Jets Intercept Russian Nuclear Bombers in North Sea Region... - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- NATO exercise scenario: Naval response to invasion of allied country [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- April 28 2014 Breaking News NATO minesweepers set off on Baltic deployment - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- WW3 - Its Official, SYRIAN TERRORISTS trained by ISRAEL & NATO to cause VIOLENCE and TERRO - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- NATO forces serve world bankers: Analyst - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- NATO Fest 2014 - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- 2 NATO troops killed in attack in eastern Afghanistan - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- NATO Holds Largest Post Cold War Drill Near Russia's Borders - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- 65 years of NATO delivering democracy.in a full metal jacket - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- AZD FEAT NATO - FREESTYLE BPC - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- RAF Typhoons Arrive in Lithuania to Reinforce NATO Air Policing Mission - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- RAF Jets Respond To Ukraine Crisis 28.04.14 - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- NATO expansion to Ukraine will be grievous mistake for US - last US ambassador to USSR - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- Sunday 4/27/2014 - Tarpley Points Out Fake-OSCE Observers Are Actually NATO Military Officers - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- Helicopter crash kills 5 NATO troops in south Afghanistan - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- Are doctors lying to you? Russia and NATO, Google Doodles - DKNews with 8byte - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- i am NATO - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- AP Interview: Tymoshenko calls for NATO membership - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- STEFANO BORGONOVO:ATTACCANTE NATO IL DOCUMENTARIO - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- RAF Deploys Typhoon Jets To Bolster NATO Air Policing Mission [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- NATO opens second Baltic air base in Estonia with 4 Danish fighter jets amid Ukraine crisis [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- NATO triples fighter jets in Baltic countries - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Lithuania: US hands over NATO air patrol to UK - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Ukraine: Kerry announces more support from NATO towards coup - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- NATO Power Turkish Military Industry Made in Turkey in 5 Years - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Scoring Political Points? NATO bolsters forces in Eastern Europe - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Arctic Trucks Hilux Matte NATO - Best Tuning - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Putin: NATO Chief Rasmussen secretly taped, leaked meeting when he was Danish PM - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Russia Accuses NATO of 'Provocative' Actions - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Video: US deploys troops to Estonia - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- NATO & its future NAZI headquarters - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- OSCE team in Ukraine NATO spies: Analyst - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- NATO's soft war on Russia [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- NATO allies take over Baltic mission from Air Force [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- NATO official says Russia must now be viewed as more of an enemy than a partner [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- NATO official says Russia now an adversary [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- NATO official: Russian moves in Ukraine pose 'grave challenge' to global security system [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- North Atlantic Treaty Organization - The New York Times [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]