Karl Ngo, Research Analyst, had the pleasure of interviewing Chelsey Slack, Deputy Head of the Cyber Defence Section at NATO Headquarters, who previously worked at Global Affairs Canada. Chelsey earned a Master’s Degree of Philosophy in International Relations from the University of Cambridge, and an undergraduate degree in Political Science and History form the University of Ottawa. In Part 2 of this interview, she emphasizes international and regional cooperation, and stresses the imperative role played by private citizens.
NATO recently held its biggest cyber defence exercise – Cyber Coalition. What is the importance of holding these kinds of exercises?
NATO’s flagship cyber defence exercise – Cyber Coalition – took place in Estonia this past November. In its 10th edition, the exercise brought together more than 700 participants from 25 Allied countries, as well as partner countries, the European Union, industry, and academia.
The Cyber Coalition exercise tests and trains cyber defenders from across the Alliance in their ability to defend NATO and national networks. This year’s scenario included defending against malicious software, or ‘malware’ and tackling challenges that involved social media as part of a hybrid warfare context. It also reflected a growing trend towards attacks on mobile phones, including personal accounts and devices.
Exercises are key to enhancing the way NATO and its Allies work together, and with their partners on cyber defence. Not only do exercises help to improve NATO and Allies’ abilities to defend their networks, but also their ability to coordinate and share information in the case of a cyber-attack. Put simply, exercises help NATO and its Allies and partners to be better prepared for the reality of the cyber threats they face.
Given the prevalence of our highly tech-centered lifestyle, is there a role that citizens should play in safeguarding their information and protecting themselves from cyber threats and attacks?
Cyber defence is as much about people as it is about technology. A company or a government can deploy the most sophisticated technology, but if it hasn’t got the right people trained to operate and interact with this technology, then the investment could be for nothing. This highlights the importance of cyber awareness and education. According to one report from the United Kingdom, around 80% of cyber-attacks are the result of poor habits of users. This includes basic cyber hygiene such as password management and ensuring your computer has the latest security updates, among others. Getting the fundamentals right might not be the most exciting topic, but it forms the basis of good cyber defence. It is an essential role that the individual user can play to help build a more cyber-aware and cyber-secure ecosystem.
How important is it for NATO to cooperate with other countries, as well as international or regional organizations?
In a recent speech, NATO’s Deputy Secretary General, Rose Gottemoeller, highlighted that ‘cyber defence is a team sport’. The very essence of NATO is anchored in the notion that more can be achieved when working together. This is why NATO places a priority on building partnerships with other countries, industry and academia, and other international organizations. This engagement is tailored, meaning that NATO’s cooperation with partners is developed according to shared values, mutual benefit, and common approaches to cyber defence.
NATO partners with more than 40 countries around the world – spanning from Morocco to Mongolia – for activities related to training, education, exercises and multi-year research projects, to highlight a few practical examples. NATO also works with other international organizations such as the United Nations, the Organization for Security and Cooperation in Europe (OSCE) and the European Union.
Steps have been taken in the last year to deepen engagement with the European Union, notably in the areas of information exchange, training, research, and exercises. While not all NATO Allies, including Canada, are members of the European Union, the evolving cyber threat landscape, as demonstrated by the global cyber incidents WannaCry and NotPetya, represents a shared security challenge for all. What have we been trying to achieve through intensified cooperation with the European Union? In 2016, a first of its kind Technical Arrangement was signed between the two incident response communities, or ‘computer emergency response teams’ of NATO and the European Union. Put simply, information exchange, including in real-time, is being enhanced so that both organizations are better informed and better protected against cyber-attacks. Cooperation has also been deepened on exercises so that we are better prepared to tackle cyber threats together. As an example, during NATO’s recent Cyber Coalition exercise, cyber experts from the European Union were full participants for the first time, taking part in the planning and conduct of the exercise.
Finally, NATO is part of a broader international community, which is truly multi-stakeholder in nature. While NATO does not set norms, NATO Allies follow and support efforts to build a more transparent and stable cyberspace. To this end, NATO supports the development of norms of responsible state behaviour in cyberspace and confidence building measures being carried out in other fora such as the United Nations Group of Governmental Experts (UN GGE) and the Organization for Security and Cooperation in Europe (OSCE). Ultimately, we all stand to benefit from a norms-based, predictable, and secure global cyberspace.
What about the private sector? Can you elaborate on the importance of including the private sector in the pursuit of cyber security? What tools does NATO have at its disposal to work with industry to prevent cyber-attacks?
Cyberspace is a unique domain in that it is non-state actors – for example, the private sector – who develop, own, and operate the vast majority of networks worldwide. They are often the front-line of defence against cyber-attacks, and they provide the innovation from driverless cars to artificial intelligence. If they develop better products, with security by design, our task of cyber defence becomes much easier. NATO’s cooperation with industry is not new – in fact, it dates back several decades. However, recognizing the specificity of cyberspace, in 2014 NATO Allies launched the NATO Industry Cyber Partnership. This partnership represents a two-way street: a vehicle to cultivate closer ties between NATO, its Allies and its partners in industry and academia.
NATO is enhancing its cooperation with industry and academia, including through information and analysis sharing, training, and exercises. NATO’s Communication and Information Agency has signed a number of industry partnership agreements to enhance information sharing and improve situational awareness. Industry is also part of NATO’s Malware Information Sharing Platform. During the WannaCry incident in May 2017, Allies and industry partners came together quickly and the information that was exchanged as a result was crucial for getting the most up-to-date picture of the complex events that were unfolding. Moreover, this continuous interaction with industry helps to warn against and mitigate cyber-attacks against NATO and NATO Allies. Finally, the NATO Industry Cyber Partnership helps industry to understand some of NATO’s future cyber defence requirements, while NATO receives valuable insight as to the latest cutting edge technological solutions available on the market. So it really is a win-win relationship.
Could you share with us some reflections on your personal experience working at NATO?
In 2010, I arrived to NATO Headquarters in Brussels after completing my studies at the University of Ottawa and working for a period of time at Global Affairs Canada. Upon arriving at NATO, I was struck by its dynamic nature with people from across Allied countries working together on issues from operations in Afghanistan to tackling less conventional topics such as counter-terrorism and energy security. It is truly impressive to see NATO Allies come to the negotiating table and take decisions together on a diverse set of complex issues to ensure the Alliance is adapting to meet the security needs of the more than 1 billion citizens in the Euro-Atlantic area. It has been a truly fascinating experience so far, and one from which I hope many more Canadians will also have the opportunity to pursue as part of their studies or professional career
Chelsey Slack is Deputy Head of the Cyber Defence Section at NATO Headquarters. Previously, she worked at Global Affairs Canada. Chelsey earned a Master’s Degree of Philosophy in International Relations from the University of Cambridge, and an undergraduate degree in political science and history from the University of Ottawa. For this article, she is writing in a purely personal capacity. Any views expressed reflect those solely of the author and do not represent those of, nor should they be attributed to any organisation.
Disclaimer: Any views or opinions expressed in articles are solely those of the authors
and do not necessarily represent the views of the NATO Association of Canada.