|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/roger.dnai/2008book/ |
Upload File : |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/Templates/2008template.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<!-- InstanceBeginEditable name="doctitle" -->
<title>CSDR 2008: Dealing with Cyber-Attacks: A Global Challenge?</title>
<!-- InstanceEndEditable -->
<link rel="stylesheet" href="/2002Book/emx_nav_right.css" type="text/css">
<link rel="stylesheet" href="/css/rome08.css" type="text/css" />
<style type="text/css">
<!--
.style5 {font-weight: bold;
color: #000000;
font-family: Arial, Helvetica, sans-serif;
font-size: large;
}
.style7 {font-size: 2px}
.style8 {font-family: Arial, Helvetica, sans-serif}
.style17 {
font-size: x-small;
font-weight: bold;
}
.style18 {font-size: x-small}
.style217 {font-family: Verdana, Arial, Helvetica, sans-serif}
.style219 {font-style: normal; font-weight: normal; font-family: Verdana, Arial, Helvetica, sans-serif; }
.style19 {font-size: 11px}
.style20 {
color: #006699;
font-size: large;
}
.style21 {font-size: small}
.style22 {font-family: Arial, Helvetica, sans-serif; font-size: small; }
-->
</style>
<style type="text/css">
<!--
.style23 {font-size: medium}
.style24 {font-size: large}
.style25 {
color: #006699;
font-weight: bold;
font-style: italic;
}
.style26 {
color: #006699;
font-size: medium;
font-weight: bold;
}
.style27 {
color: #006699;
font-size: medium;
}
.style293 {
font-size: large;
color: black;
}
-->
</style>
<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->
</head>
<body>
<!-- Start of StatCounter Code -->
<script type="text/javascript">
var sc_project=3086157;
var sc_invisible=0;
var sc_partition=27;
var sc_security="33bf0688";
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script><noscript><div class="statcounter"><a class="statcounter" href="http://www.statcounter.com/"><img class="statcounter" src="http://c28.statcounter.com/3086157/0/33bf0688/0/" alt="free website hit counter" /></a></div></noscript>
<!-- End of StatCounter Code -->
<div class="skipLinks">skip to: <a href="#content">page content</a> | <a href="../book2007TEST/2002Book/pageNav">links on this page</a> | <a href="#globalNav">site navigation</a> | <a href="#siteInfo">footer (site information)</a> </div>
<div id="masthead">
<div id="globalNav" style="margin-top:15px;"> <div id="globalLink">
<a href="/index.html" id="gl1" class="glink"><span class="style18"><span class="style19">Home</span></span></a><a href="/index.html#about" class="glink"><span class="style18"><span class="style19">Contact Us</span></span></a><a href="/2008book/joulwan.html" id="gl2" class="glink"><span class="style18"><span class="style19">Rome '08</span></span></a><a href="/2007book/joulwan07" id="gl2" class="glink"><span class="style18"><span class="style19">Paris '07</span></span></a><a href="/2006book/jung.htm" id="gl2" class="glink"><span class="style18"><span class="style19">Berlin '06</span></span></a><a href="/2005book/alliotmarie.htm" id="gl2" class="glink"><span class="style18"><span class="style19">Paris '05</span></span></a><a href="/2004book/PeterStruckKeynote.htm" id="gl3" class="glink"><span class="style18"><span class="style19">Berlin '04</span></span></a><a href="/moscow03/weissingerbaylon.htm" id="gl4" class="glink"><span class="style18"><span class="style19">Moscow '03</span></span></a><a href="/berlin02/scharping.htm" id="gl5" class="glink"><span class="style18"><span class="style19">Berlin '02</span></span></a><a href="/2001Book/workshop2001.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Helsinger '01</span></span></a><a href="/2000Book/workshop2000.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Berlin '00</span></span></a><a href="/99Book/workshop1999.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Budapest '99</span></span></a><a href="/98Book/workshop98.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Vienna '98</span></span></a><a href="/97Book/workshop97.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Prague '97</span></span></a><a href="/96Book/Workshop96.htm" id="gl7" class="glink"><span class="style18"><span class="style19">Warsaw '96</span></span></a>
<a href="/95Book/95Workshop.htm" id="gl8" class="glink"><span class="style18"><span class="style19">Dresden '95</span></span></a></div>
</div>
</div>
<div id="pagecell1" style="top:65px;">
<div id="breadCrumb" style="text-align:center;">
<img src="/images/header.gif" alt="Center for Strageic Decision Research: Celebrating over 25 years of international dialogue. International workshop on global security." width="618" height="99" style="padding:20px 10px;" />
</div>
<div id="pageNav">
<div id="sectionLinks">
<p align="center" class="style17">Table of Contents<br>
25th International Workshop - Rome '08</p>
<p align="center" class="style17">
<a href="/2008book/weissinger-preface.html">Preface- Dr. Roger<br>Weissinger-Baylon<br>Workshop Chairman<br></a>
<a href="/2008book/weissinger-overview.html">Workshop Chairman's Overview - Dr. Roger Weissinger-Baylon</a>
<a href="/2008book/joulwan.html">Opening Dinner Debate - <br>General George Joulwan<br>Former SACEUR</a>
<p>
<p align="center" class="style17">Part One<p>
<p align="center" class="style17">
<a href="/2008book/la-russa.html">Italian Defense Minister<br />
Ignazio La Russa
</a>
<a href="/2008book/browne.html">British Defense Minister<br />
The Rt Hon Des Browne
</a>
<a href="/2008book/gonul.html">Turkish Defense Minister<br />
Vecdi G�n�l
</a>
<a href="/2008book/di-paola.html">NATO Military Committee Chairman<br />
Admiral Giampaolo Di Paola
</a>
<a href="/2008book/zappata.html">Admiral Luciano Zappata<br />
Dep Supreme Allied
Commander Transformation
</a>
<a href="/2008book/camporini.html">Italian Chief of Defense<br />
General Vincenzo Camporini
</a>
<a href="/2008book/zappa.html">Alenia Aeronautica Chairman<br />
Dr. Giorgio Zappa
</a>
<br>Part Two<br>
<p align="center" class="style17">
<a href="/2008book/baramidze.html">Georgian Vice Prime Minister<br />
Giorgi Baramidze
</a>
<a href="/2008book/chizhov.html">Russian Amb to EU<br />
Vladimir Chizhov
</a>
<br>Part Three<br>
<p align="center" class="style17">
<a href="/2008book/eldon.html">British Amb to NATO<br />
Stewart Eldon
</a>
<a href="/2008book/akram.html">Pakistan's Amb to U.N.<br />
Munir Akram
</a>
<a href="/2008book/de-la-sabliere.html">French Amb to Italy<br />
Jean-Marc de la Sabli�re
</a>
<a href="/2008book/tkeshelashvili.html">Georgian Foreign Minister<br />
Eka Tkeshelashvili
</a>
<a href="/2008book/stefanini.html">Italian Amb to NATO<br />
Stefano Stefanini
</a>
<a href="/2008book/buzhinsky.html">Lt Gen Evgeniy Buzhinsky<br />
Russian Min of Defense
</a>
<a href="/2008book/winid.html">Polish Amb to NATO<br />
Boguslaw Winid
</a>
<br>Part Four<br>
<p align="center" class="style17">
<a href="/2008book/tegnelia.html">DTRA Director<br />
Dr. James Tegnelia
</a>
<a href="/2008book/rood.html">U.S. Under Sec of State<br />
John Rood
</a>
<a href="/2008book/joseph.html">Former Under Sec of State<br />
Amb Robert Joseph</a>
<a href="/2008book/berdennikov.html">Russian Amb-at-large<br />
Grigory V. Berdennikov
</a>
<a href="/2008book/benkert.html">U.S. Asst Sec of Defense<br />
Joseph Benkert
</a>
<a href="/2008book/flory.html">NATO Asst Sec Gen<br />
Peter Flory
</a>
<a href="/2008book/sedivy.html">NATO Asst Sec Gen<br />
Jiri Sedivy
</a>
<a href="/2008book/pfirter.html">OPCW Dir Gen<br />
Amb Rogelio Pfirter
</a>
<br>Part Five<br>
<p align="center" class="style17">
<a href="/2008book/lather.html">SHAPE Chief of Staff<br />
General Karl-Heinz Lather
</a>
<a href="/2008book/fitzgerald.html">Admiral Mark. P. Fitzgerald
<br />
Allied Joint Force Command Naples
</a>
<a href="/2008book/ildem.html">Turkish Amb to NATO<br />
Tacan Ildem
</a>
<a href="/2008book/schuwirth.html">Fmr SHAPE Chief of Staff<br />
General Rainer Schuwirth
</a>
<a href="/2008book/acosta.html">Global Impact CEO<br />
Ms. Renee Acosta
</a>
<a href="/2008book/soligan.html">Lt Gen James Soligan<br />
Allied Command-Transformation
</a>
<a href="/2008book/bagnall.html">Former UK Vice Chief of Defense Staff<br />
ACM Sir Anthony Bagnall
</a>
<br>Part Six
<p align="center" class="style17">
<a href="/2008book/volkman.html">U.S. Dir of Internat. Coop.<br />
Alfred Volkman
</a>
<a href="/2008book/tozzi.html">Major General Claudio Tozzi<br />
Italian Defense Ministry
</a>
<a href="/2008book/homberg.html">EADS Senior Vice Pres<br />
Thomas Homberg
</a>
<a href="/2008book/shephard.html">Northrop Grumman VP<br />
Mr. Timothy Shephard
</a>
<a href="/2008book/buckley.html">Thales Senior VP<br />
Dr. Edgar Buckley
</a>
<a href="/2008book/harris.html">Lockheed Martin Global Pres.<br />
Dr. Scott A. Harris
</a>
<a href="/2008book/schneider.html">AFCEA CEO<br />
Kent Schneider
</a>
<a href="/2008book/patterson.html">Mr. David Patterson<br />
Univ of Tennessee
</a>
<p align="center" class="style17">Part Seven
<p align="center" class="style17" style="margin-bottom: 0;">
<a href="/2008book/grimes.html">U.S. Asst Sec of Def<br />
Hon. John G. Grimes
</a>
<a href="/2008book/lentz.html">U.S. Dep Asst Sec of Def<br />
Robert Lentz
</a>
<a href="/2008book/aaviksoo.html">Estonian Defense Minister<br />
Jaak Aaviksoo
</a>
<a href="/2008book/bloechl.html">Microsoft, Managing Dir.<br />
Tim Bloechl
</a>
<a href="/2008book/wolf.html">Lt Gen Ulrich Wolf<br />
NATO CIS Service Agency Dir
</a>
<a href="/2008book/monteforte.html">Italian Milrep to NATO<br />
Vice Adm Ferdinando Sanfelice di Monteforte
</a>
<a href="/2008book/lintonen.html">Finnish Amb to UN<br />
Kirsti Lintonen
</a>
<a href="/2008book/silvestri.html">Dr. Stefano Silvestri<br />
Istituto Affari Internazionali
</a>
<a href="/2008book/yousfi.html">Algerian Amb to UN<br />
Youcef Yousfi
</a>
<a href="/2008book/karem.html">Egyptian Amb to EU<br />
Mahmoud Karem
</a>
<a href="/2008book/tarasyuk.html">Former Ukrainian Foreign Minister<br />
Borys Tarasyuk
</a>
</div>
</div>
<div id="content">
<div class="story">
<h2 class="workshop_year">Rome '08 Workshop</h2>
<!-- InstanceBeginEditable name="Main Content" -->
<h1>
Dealing with Cyber-Attacks: A Global Challenge? </h1>
<h2 style="margin-bottom: 0;">
His Excellency Jaak Aaviksoo</h2>
<h2 style="margin-top: 0; margin-bottom: 0;"><B>Estonian Defense Minister </B></h2>
<p align="center" style="margin-top: 0; margin-bottom: 0;"><img src="images/aaviksoo.png" alt="His Excellency Jaak Aaviksoo" width="114" height="139"></p>
<p style="margin-top: 0;">
A little more than 10 years ago I lived much more of an academic than a
political life. I was asked by the then-government to join in as a non-political
cabinet member and to become the minister for education and research. One
of the projects I launched was computerizing and networking all Estonian
schools, so that every school boy and girl would have access to the Internet.
Some critics said that there were not only good things on the Internet
but bad ones as well, but I was reluctant to believe that this would be
a major threat. The project was completed by 1999, which was pretty early
on both a European and a global scale. Now I am responsible for fighting
all the threats that can come from the Internet, which come along with
all the good things. </p>
<p>
I am going to share my views on this subject with slightly more of a political
than a technical or a defense-related emphasis. Before doing so, however,
I would like to reflect on the things that I have heard during the last
three days and also give a bit of background on my presentation. </p>
<h2>HOW GLOBAL IS THE THREAT OF CYBER-ATTACKS? </h2>
<p>
Throughout our deliberations I have been asking how global our threat assessments
are. Haven’t our perceptions been limited to the Euro-Atlantic space? The
answer to that question is up in the air, but my asking it is appropriate,
because, as was said at the beginning of this workshop, the meaning of
the word security is “having no fear,” and fear is much more a subconscious
feeling than the result of some rational argument. I think a lot of what
we do in defense, at least on the political level, is very much related
to our perception of threats, to what our fears are based upon, and that
some of the problems we face in global as well as regional security and
defense policies are sometimes diversions of these perceptions. We perceive
the threats differently—some as real, some as less real—and that creates
a number of problems and misunderstandings. </p>
<p>
In that regard, and with the somewhat Euro-Atlantic perception of global
threats, it was very enlightening to listen to the contributions of Munir
Akram from Pakistan and a number of other people who gave some insights
into how they feel and what their perceptions of the threats are—maybe
not the global threats but the very real national and regional threats.
If we could create a network of those threats and have a map of the perceptions
of those threats, we might be more successful in solving at least some
of them. </p>
<p>
I do believe that cyber-threats are generically global, and it is thus
very appropriate to address this threat in a workshop on global security.
Cyber-threats can emerge from anywhere in the world, and they can hit you
in milliseconds anywhere in the world. It is hard to imagine something
more global than cyber-threats; if you use a computer or a PDA such threats
will address you directly, but cyber-attacks can influence you in indirect
ways as well. And again perception is important; some of us may be annoyed
when a large amount of spam mail or viruses invades our systems or we have
a program that will not start, and some of us may have countrywide networks
go down. </p>
<h2>ADDRESSING THE DIVERGENCE IN THREAT PERCEPTION </h2>
<p>
As we learned in Estonia, and as some other countries have learned, both
government and non-government institutions can come under unfriendly attacks
with different objectives. If we ask, “What is the national perception
of a possible cyber- threat?” Will there be a coherent understanding of
the extent to which such a threat is shared by different agencies and government
offices? I think the picture would be blurred, which is characteristic
of the modern security environment at large. This divergence in threat
perception is the biggest problem I see. If you ask defense or foreign
affairs professionals where they feel national security threats lie and
compare their answer to that of ordinary politicians and their constituents,
you will see quite a large gap. I don’t think we will be able to address
all of the problems unless we can bridge that gap. </p>
<p>
Do we lack the resources to implement the Comprehensive Approach, whether
or not everybody agrees to exactly what it is? No, we do not. I believe
there are enough resources in the hands of the international community
to follow the Comprehensive Approach. Therefore, can’t we raise enough
resources to solve some security-related issues? Don’t we have enough resources?
I think we do despite the fact that there are small gaps, because these
can be breached provided the political will is there. In a way, the further
we go from our borders, the greater the problem becomes, because we cannot
consolidate political will. This inability, I believe, is directly related
to the fact that we perceive the threats differently, within countries,
between countries, in the Euro-Atlantic space, and across the Atlantic.
And that is one of the reasons why we have not been able to perform as
well as we might wish. </p>
<p>
That is also why, when I was asked, “Minister, do you think that the gap
between the words and the deeds of President Karzai regarding corruption
is greater or smaller than the gap between the words and deeds of the international
community on a comprehensive and coordinated approach?” I failed to give
a good answer. I gave an answer as a politician, but I was not satisfied
with it. The need to concentrate political will applies to a number of
modern security issues, including cyber-defense. One of our major problems
is trying to achieve this concentration in order to breach the perception
gap and to decide how big a threat cyber-attacks truly are. </p>
<p>
Are cyber-threats global threats? Yes, they are—there is no doubt. Are
they real or imaginary? I believe that they will be real threats in the
next several years to come, with a medium-level threat probability. Are
we united in our perception of these threats? Regarding the military, politicians,
and administrations internationally, the most probable answer is not yet. </p>
<h2>OUR VULNERABILITY TO AND THE EFFECTS OF CYBER-THREATS </h2>
<p>
How vulnerable are we to these threats? As has been said twice at this
conference, an interesting characteristic of the Internet is that the democratic
international community believes that the Internet provides open access
to information, that it is the best instrument for undermining totalitarian
systems, and that some countries have not only put limitations on but even
plan to punish people who make use of the Internet. That is all true. But
I think that all governments have not been able to efficiently use the
possibilities the Internet offers against totalitarian regimes that use
thousands of Internet sites to successfully spread their ideologies. So
we must keep this fundamentally asymmetric characteristic of the Internet
in mind whenever we address the question of how vulnerable we are. </p>
<p>
Is it probable that threats from the Internet can cause casualties or kinetic
effects? There is a very low probability of this. I know that several staged
attacks have taken place to try to hack into some critical infrastructure,
but they have usually failed at an early stage. In addition, the threat
of an infrastructure being put out of order for considerable amounts of
time so that the economy and social or public order is affected is low
to medium. </p>
<p>
Where I think we are more vulnerable is the integrity of our information
systems. Most probably, our classified information systems are much better
protected than large public or semi-public information systems, but when
you think about how many people rely on public information systems in their
decision making, it is a serious threat that could have an enormous impact.
We need to remember that cyber-threats can have great effects on the hearts
and minds of our people. Their ability to spread terror or at least to
destabilize was efficiently proved in Estonia more than a year ago, and
I estimate that there is a medium to high probability that the same kind
of thing will happen again in the near future. Even more probable, however,
is encountering the ongoing ideological pressure of totalitarian regimes
whenever you spend 30 minutes looking at what is on the Internet. </p>
<h2>COOPERATING AGAINST CYBER-THREATS </h2>
<p>
Now let me talk a bit from a somewhat political point of view. After the
attacks in Estonia, my country started to compile a national cyber-defense
strategy. This involves technology that we can develop and use to invent
more complicated systems and critical infrastructures, which is a national
responsibility on the political level. But I think we have to do more in
the area of legislation on both the national and international levels.
The fact that we have the Council of Europe Conventional Cyber Crime document,
which has been ratified by a little less than 40 countries, is clearly
a great step forward, but it is insufficient, not only in coverage but
in depth of penetration. Nevertheless, I invite all countries to move ahead
with that concept since territorial coverage is of fundamental importance. </p>
<p>
In the area of international cooperation, there clearly has not been enough;
whenever you want to disrupt a cyber-attack, you immediately run into activities
that have to have international support, and if the legal framework is
not in place, we have problems. Even if friendly help is provided there
is always the possibility of infringing on third-party interest. In that
respect I am glad that we recently signed a memorandum of understanding
to start a cooperative Cyber-Defense Center of Excellence, which should
be fully operational by the end of 2008. It is very much in line with NATO’s
cyber- defense policy that states that cyber-defense is first and foremost
a national responsibility and that, secondly, cooperative cyber-defense
builds on national capabilities. </p>
<p>
If we want to solve the problems of cyber-security, then we have to speak
about the policing of cyber-space. What do we mean by this? Whenever there
is policing, individual rights are infringed upon, and this is always a
high-profile political issue. So how can we enforce traffic rules? Can
we impose hardware and software on the Internet? What should the proportions
be regarding the expenditure limits of private companies and private individuals
compared to public security interest? And who is responsible for enforcing
the rules? What are legitimate means for counter-attacking even when we
are able to identify the possible intruder? Since most attacks are globally
distributed, there is a legitimacy problem. To what extent will we be willing
to tolerate infringement of national rules when there is a possible target
in a third country? And last, as is usual in crime prevention, do we develop
only reactive measures or do we devise and develop active cyber-crime prevention
measures, including intelligence and other means? </p>
<h2>CONCLUDING REMARKS </h2>
<p>
There are a lot of politically sensitive issues up in the air. Some of
them are being solved on national levels and a few on the international
level. But clearly there must be a lot more political engagement and discussion
to build on public awareness of the seriousness of cyber-threats. That
is why I am making it my mission to share my experience with cyber-attacks
after being a strong proponent of a free Internet for many years before
that event. I am still a proponent of a free Internet, there is no doubt
about that, but I have seen the problems and I want to make the international
public aware that we need to do something with that wonderful instrument
if we want the Internet to be the friendly Internet. </p>
<!-- InstanceEndEditable --></div>
</div>
<div class="style8" id="siteInfo"> <a href="#">Top of page </a> | <a href="../index.html">Home</a> | ©2009
Center for Strategic Decision Research</div>
</div>
<br>
</body>
<!-- InstanceEnd --></html>