NATO SPS ATC “STRENGTH” – 2ND WORKING DAY HIGHLIGHTS (28.09.2021)
The second block of the ATC addressed hybrid threats via cyberspace posed by state actors. The states’ methods of abusing cyberspace in combining military and non-military as well as covert and overt means including the propaganda during the deployment of irregular armed groups and use of regular forces. Special focus was given to methods of disinformation, cyber-attacks, economic pressure caused by cyberspace activities, cyber diplomatic activities, and methods of (ab)use of modern technologies in achieving strategic ends. During this block of the ATC, trainees are provided with the mechanisms used by the state and non-state actors to develop the advanced hybrid threats as well as the latest efforts and best practices to counter hybrid-based threats via cyberspace.
The 2nd working day started with an excellent lecture by Mr. Jason Weisman, an Advisor on Security and Defence, Foreign Affairs and Counter-Terrorism in the European Parliament, who acquainted the ATC Trainees with the definitions, the EU Policy and the NATO Policy and pointed on the oversights in practicing both. Furthermore, he stressed out what has been done so far as to complement EU and NATO policies, highlighting the short-term and the long-term measurements as a necessity that needs to be addressed.
Prof. Dr. Predrag Pale, the designer of “Computer Forensics” and “Forensics of Digital Documents” courses, teaching them at the University of Zagreb both in Croatian and English, the establisher of the Center for information Security (www.CIS.hr) which raises awareness and educates the general and professional public in information security, Croatia, numerated the beneficiaries of the cyber-attacks and throw a light upon the proactive countering – physically locate and attack the attackers – without excluding the state tools that provide information on the very emerging and promptly solving these problems, specifically focusing on the active search of vulnerable systems and called upon reporting them all to CERT undoubtedly, and additionally motivating training and exercise as well as games and competition in the respective field.
Mr. Nikolcho Panov, an Information security professional with more than 20 years of experience in helping organizations to improve their security posture and comply with international standards and regulations, Germany, has provided a detailed and current comparative disclosure on the Frameworks and the Standards from his own personal experience. This comparative overview of VAIT, ISO/IEC 27001, NIST Cyber Security framework, CIS Controls and TISAX & VAIT providing the ATC Trainees with abundant information on the advantages and the disadvantages of each of them.
Dr. Andrea Zapparoli Manzoni, an Executive Director at Crowdfense Limited (UAE), in his lecture warned that we face tremendous risks as a society as unfolding the 0-Day Markets contribute to the development of hybrid threats via cyberspace as enablers and force multipliers stating that ’’there is no 0-Day Market’’. Explaining, furthermore, that the 0-day type of exploit is dangerous and unaware. While practically encouraging hacking at 0-Day Markets, he called upon embracing the skills, prospects, and approach the hackers closely, i.e., include talented people and talk to them as to solve the conflict of interest as a halfway to decriminalization.
Ms. Klorenta Janushi Pashaj, President of Women4Cyber Albania, who launched Women4Cyber North Macedonia as a trademark of W4C Foundation Brussels, brought forward an extensive and comprehensive analysis of the problems that the cross-region faces while fighting radicalization and violent extremism pointing that extremist groups keep their online connections and the very process of recruitment happens through the media, notifying that the illegal content has not been removed from the net. The solution provided includes strengthening the capacities, building relevant institutions and improvement of the strategic communications and the legal framework and mechanism.
Another great speaker and unique topic, Mr. Ritesh Kotak, in 2018 selected by Harvard University’s Kennedy School of Government for their Emerging Leaders Executive Program. He has dedicated his working career to exploring how technology could be used to co-create public safety and trust between our communities and public institutions, currently in the private sector where he worked with different Fortune 500 Tech companies on global projects related to Cyber Security, Investigations and Next-Generation IoT applications for Smart Cities projects, Canada, talked about how swiftly we have turned to hybrid events and are exposed to hybrid threats, considering the pandemics. And once again, was another participant stressing the importance of the Cyber Emergency Response Team (CERT), pointing to the concerns that the Internet of Things brings along as weaponization, privacy, intelligence gathering, digital forensics and most importantly the talented shortage in cyber security. He concluded the second day with the recommendation – to think outside the box – in order to find the proper solution.