Since 2010, the NATO Cyber Defense Centre of Excellence in Tallinn, Estonia has hosted the annual “Locked Shields” competition. Locked Shields takes the best and brightest operators of the digital realm and then separates them into opposing teams over a two day intensive battle. The “Blue Team”s are responsible for setting up and defending a secured network, while the “Red Team”’s are responsible for breaching its security (or, “hacking” it.)
This year’s “Locked Shields” will take place May 21-22, and include over 300 individuals from various countries throughout Europe. Last year’s 2014 teams included Estonia, Finland, NATO CIRC, Italy, Spain, Germany and the Netherlands, Turkey, Latvia and Czech Republic, Hungary, France, Poland, Austria and Lithuania. Using the internet, each team participated in the competition from within its own borders, further emphasizing the political connectivity of the digitally connected world. The competition was held in cooperation with other organizations including Estonian Information System’s Authority, Estonian Defence League’s Cyber Defence Unit, Estonian Defence Forces, and Finnish Defence Force. Ultimately, Poland was crowned the 2014 champion. A Senior Fellow at the NATO Cyber Defense Centre of Excellence, Jaan Priisalu, described the key to winning as “….keeping your networks within the exercise open and running…no one would like to live in a world where computer security takes priority over usability…”
The battle for secure networks has become increasingly difficult as the pace of technology growth exponentially increases. More recently, the hacking of the international technology giant Sony caused a fiery political debate over both the physical and political origins of the attack. The original claims that North Korea was responsible shifted to the breach perhaps being Russian in origin. The ability to track exactly who was responsible is extremely difficult; the internet has created a platform for dramatically increased anonymity. Publicly traded digital security companies like FireEye (NASDAQ: FEYE) have not only increased their earnings forecasts for the year, but their expectancy for customer demand as well after attacks similar to the one on Sony.
The United States government is also not immune to the battle for cyber security. It has recently been under criticism by the Chinese government who referred to it as hypocritical after the US accused China of extensive cyber security breaches when United States initiatives include programs like the controversial Prism program spying debacle. China believes that the United States has a new, dramatically increased ability to wage war in the 21st century with the digital realm.
In general, the discussion around government involvement in Cyber Security is quite varied. The current president of RSA, the company responsible for the world’s most widely used encryption algorithm, doesn’t believe that a stronger government role would be advantageous to decreasing future attacks. “The government is not the answer here… I’ve yet to see what is being asked to share by whom, for what purpose, to which parties, how will it be protected, how will it be used and then what is the value proposition back for sharing information…”, Amrit Yoran, President of RSA, stated.
By contrast, there are many who would like to see more action from the United States government. In a recent report from the Enterprise Strategy Group, a international business consultancy, 22% of critical infrastructure cybersecurity professionals actually think the United States government’s approach to cybersecurity is clear, while a remarkable 83% believe that they should be more active both in strategy and defense. Respondents supported a number of initiatives including increased cooperation and information sharing with the private sector, a black-list of poor performing security vendors, and enhanced legislation.
The NATO Cooperative Cyber Defense Centre of Excellence has several initiatives to promote international digital security. The centre hosts an annual conference, CyCon, which includes speakers, workshops, and papers from subject areas including the technical to legal, strategy, and policy (CyCon, 2015). This year’s CyCon topic is “Architectures in Cyberspace” that “asks what cyberspace is and will be in the coming years as well as what are its characteristics relevant for cyber security” (CyCon, 2015). It takes placeMay 26 to 29 in Tallinn, Estonia.
Other centre initiatives include workshops and courses, like the International Law of Cyber Operations law course this May, 2015, or the Botnet Mitigation Training in July, 2015.