Cyber Security and Emerging Threats Touraj Riazi

Know The CCDCOE: Interview with Director Col. Jaak Tarien

Touraj Riazi had the privilege of interviewing Col. Jaak Tarien, Director of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). The interview concentrates on the functions of the CCDCOE and how they enhance the Alliance’s cybersecurity. Canada is currently in the process of joining the CCDCOE.

Q: Describe the activities of the CCDCOE and how they support NATO members.

A widespread misconception about the Centre is that we are an Operational Centre guarding NATO networks. The CCDCOE is not designed to conduct real-time operations. None of the 25 Centres of Excellence (COE) in NATO are part of the NATO command structure and we are not recipients of NATO´s common funding. The COE are voluntary organizations established by nations and accredited by NATO in order to provide subject matter experts and strengthen their capabilities in that field. NATO COE´s can only be established by a NATO member nation, although upon approval by the Steering Committee, Partner nations may also become members.

The activities of the CCDCOE can therefore be said to resemble that of a think-tank. That is the best way to describe ourselves. As a NATO accredited organization, our activities cover research, training and exercises. Each year, our member nations and NATO command structures request us to conduct research on specific subjects. We conduct the research once our Steering Committee approves a request.  

Our training portfolio comprises 17 courses per year (the number varies per year) on cyber matters ranging from very technical level courses to highly strategic level courses like the Executive Cyber Seminar. Other courses include Critical Infrastructure Protection, International Law and Cyber Operations Planning. These courses are mostly taught biannually—in the spring and fall. Attendance is free to all CCDCOE member nations, but availabilities are limited.

The training portfolio offers significant benefits to members. Undertaking one week of similar courses (assuming they are even available) in the commercial sector could cost over 5000 euros. These courses are free for the Centre’s member nations. The CCDCOE’s concern is providing quality services to its members because it is they who finance the Centre via its personnel, contributions and budget. When space is available, individuals from NATO staff and structure have participated in the Centre’s courses too. 

The CCDCOE is also involved in multiple annual exercises. Locked Shields and Crossed Swords are the two exercises we conduct on our own. Information about each exercise is available on the Centre’s website and other mediums like Youtube.

Locked Shields has grown to become the largest technical live fire cyber defence exercise in the world. There were over 1500 participants in 2019. 23 teams from all member nations participate as the defensive teams by logging on to the game network from their own stations. Those teams are normally national CERTs (Computer Emergency Response Teams) or military CERTs, which represent the highest qualified cyber defenders the nation has. These conditions ensure the Centre fields realistic exercises.

Fielding these large exercises at the cyber range provided by the Estonian Defence Forces for NATO and the CCDCOE brings together a congregation of Estonian and other nearby nations, alongside cyber volunteers and cyber community members. The Centre’s industrial partners are also critical components of our exercises. Partners like Siemens incorporate their real-world products into our cyber exercises by allowing them to be attacked and defended.

As part of the exercises, the Centre also creates a fictional nation with a realistic network. For a realistic training experience, we not only create the game-net, which is a natural part of every cyber exercise; but, with the help of, for example, Siemens, we have simulated very realistic power grids with real hardware and software provided by Siemens. This design genuinely reflects how Siemens would wire a city power grid.

Our Korean partners have also provided water purification stations, a telecom operator Elisa has set up a special 4G broadband network and Bittium, the military grade mobile phone maker, contributes their communications equipment. Because several industrial partners incorporate very real technologies into the Centre’s exercises, realism consequently becomes a defining quality of the CCDCOE’s exercise environment. Locked Shields has gained such high international recognition for this reason.

The Centre also contributes to NATO’s military cyber defence exercises by bringing cyber injects into the scenario. We support Cyber Coalition too, NATO’s largest cyber exercise which is held every year in December, here in Estonia.

Q: What conception of the future does the Centre have and would it expand its range of engagements?

Since 2018, the Centre has been assigned responsibility for identifying and coordinating education and training solutions in the field of cyber defence operations for all NATO bodies across the Alliance. It is our job to analyse the level of cyber education and training in NATO structures and recommend improvements and solutions.

The Centre’s membership is also currently expanding. Canada is halfway through the technical stages of its accession process.  We are excited to have Canada join the Centre and possibly provide additional reinforcement to the Centre´s training and analysis capabilities.

The CCDCOE is also seeking to involve a greater number of defence industry partners in our technical exercises. Most partnerships begin from the bottom-up. After initial contact is generated, possibly through engineers and specialists from various organizations who are in contact with their colleagues, it rises through the chain of command and is ultimately decided upon by the leadership.

We have currently submitted an idea through the government of one company and negotiations regarding how the CCDCOE can field the very exciting defence system in question are now starting. The system will hopefully be fielded as part of Locked Shields’ 2020 exercise.

The cyber world is also growing. When the Centre was founded 12 years ago, it was a significant source of brain power in military cyber and only comprised 25 people from 7 nations. Today, we have grown to over 60 staff members from 25 nations. However, national cyber command structures have also grown at an exponential rate. Even a small nation like Estonia has over 300 people in its cyber command. Consequently, our strength lies in our multinational connections and our network of partnerships with industry, academia and other sectors.

A significant concern within the cyber domain is that nations do not share the most sensitive yet vital data. The Centre consequently strives to be a hub of cooperation and encourages nations to expand upon their sharing of data in order to enhance the Alliance’s security. The CCDCOE also attempts to serve as the ‘leveller of playing ground’. There exists a disparity across the Alliance as it concerns the cyber and military cyber domain. Some nations are far more advanced than others. We are advancing the good of the Alliance by assisting those nations whose capabilities are not as developed as those of other members.

Nine nations have already declared they are willing to contribute their cyber effects (the NATO term for a country’s cyber capabilities) to NATO’s operational disposal if called upon. This mechanism facilitates managing the differing capabilities of different countries. It represents a very high-level political decision taken at the NATO summit in 2018.

From 2008 onwards, we initiated an important dialogue on whether a cyberattack is to be considered an attack on national sovereignty that could potentially trigger NATO`s collective defence obligations through Article 5. After many years, NATO declared in 2014 that Article 5 could indeed be triggered by a cyberattack.

As of this January, the Centre has been conducting technical cyber exercises that train offensive cyber tactics for defensive purposes for six consecutive years. Nevertheless, until recently, many NATO nations considered it to be a taboo topic. In 2018, NATO declared its readiness to integrate into Alliance operations and missions some of its members` cyber effects.

The CCDCOE has continuously questioned comfort zones and occasionally assisted in equalizing capabilities between Alliance members. I think we have been successful in forcing the debate on issues that are sensitive but necessary. For instance, by renouncing the use of offensive cyber capabilities, we endow our adversary with the exclusive use of that capability.

Q: What does your day consist of and what are challenges that confront you as the Director?

The leader’s job involves ensuring that individuals possess the required resources and conditions to conduct a mission. I have 25 bosses. These are the 25 member nations and I work for them. They submit requests for us to support their objectives through our activities. Naturally, the Centre has its own vision of how it wants to develop and at our recent Steering Committee meeting, all member nations approved our next five-year development plan. My task entails ensuring that our resources meet the mission requirement.

It is also exciting to work with over two dozen different nations and numerous institutions, including but not limited to military defence institutions. Encountering different cultures and understandings is common and I think this really enriches the Centre. Accommodating a greater diversity of perspectives produces better outcomes across the entire Alliance.  

Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.