US & UK Preform Joint Cybersecurity Exercises in Expectation of Attack
July 5, 2013
In the UK, British soldiers in the reserves will be allocated to a cyber-unit. This is expected to boost participatory numbers, as the Territorial Army is being rebranded as the Army Reserve (AR).
The UK government is expected to invest €1.8 billion over the next decade to the AR.
Phillip Hammond, defense secretary for the UK, explained that this new employment for reservists is “challenging”; however the UK’s military forces are dependent on new stratagem and capabilities as the evolution of war continues into the digital age.
Another €40 million for equipment for reservists will be given by the UK government with up-grades to entitlements, vacations and pensions; as well as overall compensation.
Within the next 2 years, reservists can expect monies owed to them to accrue during training with a “signing bonus” added to encourage participation.
Private sector corporations who hire reservists will be compensated with €500 monthly when those employees are deployed for service.
Conversely, corporations who discriminate against reservists will be penalized with legal action from the UK government.
Hammond said : “The job we are asking our reservists to do is changing. The way we organize and train them will also have to change.”
Reservists are regularly discriminated against by employers because they are called away for service which prevents them from getting promotions.
In December of 2012, Francis Maude, cabinet office minister for the Ministry of Defense (MoD) announced that computer experts would assist the UK military forces in the creation of the UK Cyber Security Strategy (CSS) in order to “harness and attract the talents of the cyber security specialists that are needed for critical areas of work.”
In addition it was said that there would be a Cyber Reserve Force (CRF).
Jarno Limnell, director of cybersecurity said: “To succeed in the cyber domain is not merely a question of defense; it is also about prevention, in order to reduce the effectiveness of an adversary’s cyber-attack. Creating cyber defense capabilities and resilience are fairly easy. But they are not enough. Deterrence is also needed, that is, the capabilities and policies to convince others not to launch a cyber-attack against you.”
Maude elaborated that: “The Services will engage additional experts to support their work in defending against the growth in cyber threats. These will be supporting roles to the Joint Cyber Units across the full spectrum of cyber and information assurance capability.”
The US version is the United States Cyber Command (CYBERCOM) led by General Keith Alexander.
CYBERCOM “plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.”
The branches of CYBERCOM are:
• Army Cyber Command
• Naval Fleet Cyber Command
• Air Forces Cyber Command
• Marine Corps Cyber Command
According to Alexander: “My own view is that the only way to counteract both criminal and espionage activity online is to be proactive. If the U.S. is taking a formal approach to this, then that has to be a good thing. The Chinese are viewed as the source of a great many attacks on western infrastructure and just recently, the U.S. electrical grid. If that is determined to be an organized attack, I would want to go and take down the source of those attacks. The only problem is that the Internet, by its very nature, has no borders and if the U.S. takes on the mantle of the world’s police; that might not go down so well.”
CYBERCOM collaborates with many factions of the Military Industrial Complex (MIC) such as the Department of Defense (DoD) and the Department of Homeland Security (DHS).
In 2011, William Lynn, deputy defense secretary, described the relationship as: “We have, within Cyber Command, a full spectrum of capabilities, but the thrust of the strategy is defensive. The strategy rests on five pillars, he said: treat cyber as a domain; employ more active defenses; support the Department of Homeland Security in protecting critical infrastructure networks; practice collective defense with allies and international partners; and reduce the advantages attackers have on the Internet.
The European Union and the US preformed Joint Cybersecurity exercises (JCE) two years ago to collaborate on hacker attacks to “critical infrastructure”.
Considered a “stress test”, this effort was designed to “tackle new threats to the global networks upon which the security and prosperity of our free societies increasingly depend.”
At the Cyber Atlantic Roundtable meeting held in November 2011, the European Network and Information Security Agency (ENISA) and the DHS collaborated to use cybersecurity agencies in the detraction of advanced persistent threats (APTs) and attacks on supervisory control and data acquisition (SCADA) which are tied to utilities infrastructure.
Graeme Cooper, public affairs spokesperson for ENISA said: “We have two scenarios to look at what would happen in the event of a cyber-crisis. The first involves the extraction of sensitive information from EU member states’ IT security agencies, and the second looks at a systemic attack on a power infrastructure.”
Last year, another “stress test” was conducted by ENISA with participants from private sector tech corporations as well as financial institutions, internet service providers (ISPs) and eGovernment.
These exercises were designed to:
• Test effectiveness and scalability of existing mechanisms, procedures and information flow for public authorities’ cooperation in Europe
• Explore the cooperation between public and private stakeholders in Europe
• Identify gaps and challenges on how large scale cyber incidents could be handled more effectively in Europe