Home  /  BALTIC AMBER Magazine  /  IT'S ALL CONNECTED CYBER THE COMMAND THAT CONNECTS ALL THE OTHER COMMANDS

Clutching a hand-held radio, crouched over a grid-lined, plastic-coated paper map that is folded over the bonnet of a matte green British Army LandRover, a Sergeant coordinates the search for Danish “enemy” soldiers, hiding somewhere in the Tapa training area, Estonia. Then the Sergeant makes a decision.

“Get the bird up,” he instructs a soldier holding a small, rather unimpressive black case. As the drone is taken out of its box, Electronic Warfare (EW) experts report on their findings.

This is a high-tech game of hide-and-seek, with the attackers using state-of-the-art equipment to locate the adversary. Likewise, the camouflaged defenders put immense effort into minimising the emittance of any heat- or digital signatures that might give the game away. No smartphones here. Even the warm engine of an armoured personnel carrier can be hidden if you have the right kind of camouflage netting.

This is the sort of exercise that takes place regularly, involving the three NATO enhanced Forward Presence (eFP) Battlegroup Estonia militaries – British, Danish and French – as well as the Estonian Defence Forces (EDF). Operating as a multinational force gives the units an opportunity to train together as well as to compare technologies and techniques, exchange knowledge and learn to work in an environment they may one day be called upon to fight in.

A UK soldier sends up a drone to search for red team troops during an exercise in Tapa, Estonia, home to NATO’s eFP Battlegroup Estonia.
Photo by UK MOD © Crown copyright 2022

EXERCISES, CYBER-STYLE

About 100 kilometres away from Tapa, in a building packed with computer gear, these field exercises are taken to another level using software codes to defend against aggression in cyber space. CR14, a foundation established by Estonia’s Ministry of Defence (MoD), provides a digital multiverse, based on more than 10 years of military-grade cyber range experience in cybersecurity training, exercises, testing, validation and experimentation.

As Allar Vallaots, head of Cyber Ranges at CR14, explains, the digital environment provides the agility and speed which cyber warriors need to improve and improvise – and it’s ok to lose if it enhances learning.

“We can stop, rewind and start over again. We can monitor progress and have a better learning experience. We have automated tools that we have developed ourselves. We are constantly looking into new technologies,” Vallaots says.

At the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), Carry Kangur works year-round to prepare and run two massive annual exercises, Locked Shields and Crossed Swords. As head of cyber exercises at the centre, he works with officials of NATO and like-minded countries to design exercises that allow several thousand experts to hone their skills and network across borders.

In the 2022 Locked Shields exercise, more than 2,000 participants from 32 countries took part in an exercise using around 5,500 virtualised systems that were subject to more than 8,000 live-fire attacks. The teams take on the role of national cyber-Rapid Reaction Teams that are deployed to assist a fictional country in handling a large-scale cyber incident with all its implications.

The annual exercises focus both on the kind of large-scale infrastructure attacks that several European countries have experienced in past years as well as the use of cyber in more-conventional warfare. In addition, the Crossed Swords has focused on integrating kinetics and cyber operations.

“In the past two or three years we have been pivoting toward other elements such a Special Forces, land forces, military police,” says Kangur. “Our main aim is to include many forces who might need to work with cyber in an operational sense.”

Learning from Ukraine

The Russian invasion of Ukraine is arguably the first major conflict involving large-scale cyber operations. In fact, an hour before Russian tanks and missiles crossed into Ukraine, Russian government hackers launched destructive “wiper” malware against ViaSat modems and routers, effectively erasing them. In the process, they disrupted Ukrainan military communications as well as thousands of civilian routers in Europe and 5,800 windmills in Germany.

“The conflict in Ukraine shows us how warfare is constantly evolving,” says Colonel Dai Bevan, Commander of eFP Battlegroup Estonia. “The Ukrainians are learning lessons – and giving lessons! – and are constantly refining their techniques and procedures. We need to learn from the conflict so that we have an edge over the adversary.”

“Russia’s coordinated and destructive cyberattack before the invasion of Ukraine shows that cyberattacks are used actively and strategically in modern-day warfare, even if the threat and consequences of a cyberattack are not always visible for the public,” the Danish defence minister, Morten Bødskov, said in a statement.

“When countries send code into battle, their weapons move at the speed of light,” notes Microsoft President Brad Smith. “The internet’s global pathways mean that cyber activities erase much of the longstanding protection provided by borders, walls, and oceans. And the internet itself, unlike land, sea, and the air, is a human creation that relies on a combination of public and private- sector ownership, operation, and protection.”

Smith argues that the lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defences against the full range of cyber destructive, espionage, and influence operations.

Despite this, experts say, the offensive Russian cyber-attacks at the start of the conflict were incapable of overwhelming Ukrainian defences. One expert says the Russians appear not to have had a cyber-plan integrated into their broader campaign planning.

“This may be the most important lesson for cyber warfare from Ukraine: preparation and planning on how to integrate cyber operations with other modes of attack to achieve maximum effect makes cyberattacks useful,” writes James Andrew Lewis, Senior Vice President and Director, Strategic Technologies Program, in a Center for Strategic and International Studies (CSIS) article.

A UK soldier observes the feed from a drone during an exercise in Estonia. 
Photo by UK MOD © Crown copyright 2022

UK soldiers use a traditional map and colour pens during an exercise in Tapa, Estonia, involving the use of drones and other technologies to locate troops that have taken cover somewhere in nearby forests. Photo by UK MOD © Crown copyright 2022

Command integration

Integration – between national militaries and across the domains – is a key objective for all eFP battlegroups on along NATO’s North Eastern flank. Recognition by Alliance members that adding massively to the forces that are already deployed in Eastern Europe is not viable has led to a defence posture that will increasingly rely on highly integrated forces, some of which have a forward presence and others that can be moved rapidly when needed.

“Interoperability makes us greater than the sum of our parts and it sits at the heart of reinforcement,” says Commander Dai Bevan. “We invest in interoperability daily and there are three sides to it: Human, procedural and technical. It involves understanding of how we work together. It involves assets that move. It involves transferring voice and data communications as quickly as possible in a secure fashion,” he says.

“NATO is a defensive alliance and the first moves would be made by the adversary,” says Brigadier-General Jaak Tarien who commanded the Estonian Air Force for six years and was Director of the CCDCOE before leaving for the reserves in 2022. “They would choose the weak points to attack. That tells us we need to be proficient in every domain so we can prevail in a conflict. We shouldn’t look vulnerable in any domain.”

At Estonia’s MoD, cyber expert Anett Numa agrees and emphasises the role of cyber.

“Interoperability is very important between the five commands. Whether it is land, air, sea or space – cyber just goes through them all. I wouldn’t like to rank the commands in terms of importance but I would encourage everybody to consider the impact of cyber warfare in the future.”

EW and cyber

Electronic Warfare has long been an integral part of waging war. Increasingly, digital technologies are enhancing EW capabilities, extending them and creating new ways to produce the disruptive effects previously confined to the use of the electromagnetic spectrum.

“The demarcation between EW and cyber has not been fully thrashed out in doctrine,” says an electronic warfare specialist. “For example, most radio systems are digital, so is it cyber to target a particular piece of radio equipment? More and more, we think of cyber as referring to efforts that have a secondary effect, meaning that anything more nuanced than a simple jam would be cyber.”

As battlefield use of cyber evolves, so does the use of cyber in the wider Information Environment (IE). There, both militaries and society at large depend on cyber-reliant infrastructure companies to keep homes warm in winter, the water running, electricity on and the phones connected. In that environment everyone has a mobile phone, most people use social media and at least the older generation watches traditional television.

Cyber expert Dr. Adrian Venables, Senior Researcher at the Tallinn University of Technology, argues that western governments – and militaries – need to focus on the information environment, because they are vulnerable there.

“We can build more tanks and more advanced aircraft,” he says. “But in the information environment, we are more vulnerable than our adversaries because of our open societies and democratic culture.”

Examples abound.

Troops, most of whom are young and internet-savvy, use connected mobile phones, making them vulnerable to cyber-espionage and targeting.

NATO militaries rely on civilian infrastructure and any disruption can seriously affect battle-effectiveness. Profit-driven companies may not have the same incentives to pay the costs involved in eliminating, rather than minimising, potential disruption.

As European societies move to 5G technology, including to facilitate shipment of goods and automate road transport, NATO needs to keep pace to ensure rapid transport of equipment across countries and modes of transportation.

Closed information societies can easily restrict channels of information and overwhelm media content with propaganda. Western democracies, however, are loath to restrict the free flow of information or to resort to disinformation.

“For NATO countries, the defenders are the heroes,” says Venables. “They have to be 100% secure all the time; the attackers only have to be successful once.”

Cyber and the law

Cyber warfare can have deeply consequential legal implications. A wartime attack against civilian infrastructure would in most instances violate the Geneva Conventions, which form the bulk of International Humanitarian Law (IHL). Outside of war, there is a huge grey area where even destructive cyber-attacks may not be thought to amount to a declaration of war.

In one way, cyber has an advantage for the attacker in that attribution can be difficult or next to impossible.

“When you have a tank burning or aircraft shot down or person captured, it is clear physical evidence,” says Tarien. “If you tell the public that we have 92 percent confidence that a virus was launched by a particular unit and the Russians say no, then our own people are not convinced. There is that difficulty of intangibility so people may dismiss it in their minds.”

This “intangibility” of cyber operations has enabled attackers to cause enormous harm, yet avoid culpability. For NATO, this can create uncertainty in terms of Article 5 of NATO’s founding treaty, the crucial declaration that an attack on one is an attack on all.

The MoD’s Numa says Estonia would like more clarity as to what amounts to an attack covered by the Article.

“We need to articulate better what is within scope of Article 5,” she says. “It is now up to every member of NATO to decide the level of the incidents and their impact to determine whether the Article should be applied.”

The old-fashioned way

Back in the Tapa training area, the British Sergeant isn’t happy with the information he gets from the drone or through electronic detection. The Danes appear to have covered their tracks well and they are adept at hiding without reverting to use of communications technology to coordinate their movements. Even their 30-tonne Piranha 5s seem to be invisible.

The sergeant makes up his mind. He turns around, muttering “Let me go have a look, the old-fashioned way.” Then he mounts a rugged, camouflaged four-wheeler and disappears into the woods.