7th NATO Asia-Pacific Dialogue
PUBLISHED: October 18, 2017
NATO partners across the globe remain crucial to NATO's goal of creating a more secure world. In particular, NATO's partners in the Asia-Pacific region, including Japan, South Korea, Australia, and New Zealand, are vital to crafting a stable and peaceful environment. Threats from North Korea and disputes in the South China Sea continue to present a dilemma for NATO Allies and partners. As such, dialogue among affected nations is integral to the success of freedom and security in the region. The annual NATO Asia-Pacific Dialogue is a platform to discuss trends and future concerns, as well as opportunities for closer collaboration among NATO and its regional partners. At the 7th NATO Asia-Pacific Dialogue on October 16-17th, the panel discussion "Creating Predictability in Asian and European Security Dynamics” and a subsequent dinner took place at the Atlantic Treaty Association, in partnership with the Public Diplomacy Division at NATO. The panel discussion included distinguished guest NATO Deputy Secretary General Rose Gottemoeller, as well as experts from the region, Professor Robert Patman, Professor Shen Dingli, and Professor Matake Kamiya, as well as Atlantic Treaty Association's own Secretary General, Jason Wiseman. The key highlights of the panel discussion focused on closer European and Asian cooperation, seeking to further the information sharing and best practices that occur today. Deputy Secretary General Gottemoeller stated the importance of the NATO Asia-Pacific joint effort, "In an interconnected world, the risk of instability and conflict in the Asia-Pacific region is a potential challenge not only to the region itself, but to stability worldwide." NATO's continued commitment to world peace includes the Asia-Pacific region and that commitment was reaffirmed in this year's dialogue. The agenda for the evening can be found below. Photos from the event are available here.       7th NATO-Asia / Pacific Dialogue 2017 Monday, 16th October 2017 Atlantic Treaty Association (ATA) Quartier Prince Albert, Rue des Petits Carmes 20 Brussels / Belgium Agenda    18:15 hrs  Registration and Welcome Cocktail               18:45 hrs             Welcome Remarks   The Honorable Rose E. Gottemoeller   Deputy Secretary General, NATO      19:00 hrs          Panel Discussion “Creating Predictability in Asian and European Security Dynamics”        Moderator:         Mr. Jason Wiseman          Secretary General, Atlantic Treaty Association          Panelists:            The Honorable Rose E. Gottemoeller           Deputy Secretary General, NATO            Prof. Matake Kamiya           National Defense Academy, Ministry of Defense, Japan            Prof. Shen Dingli           Vice Dean of the Institute of International Affairs, Fudan University            Prof. Robert Patman              Head of Department of Politics, University of Otago, New Zealand                               20:00 hrs                                     Followed by Dinner Reception  
By: ATA Admin
Towards a More-Capable Alliance Via Industrial Leadership
PUBLISHED: October 17, 2017
On October 16th, militaries, NATO officials, experts and professionals from the defense and industry sectors gathered to discuss the future of the transatlantic relationship and NATO adaptation to the new security environment. As technology advances and industries become more involved in defense, it is essential to open a dialogue for increased cooperation and information sharing. This particular discussion sought to unpack the continued trend of advanced technologies' impact on the defense sector. As part of the GLOBSEC NATO Adaptation Initiative (GNAI), the focus of talks was the emerging threats NATO Allies face in the future security environment. As the GNAI explores these different challenges, discourse surrounding the adaptation of NATO capabilities aids government, defense, and industry sectors in developing key strategies for security and prepares them for the future of defense. Hosted by the Atlantic Treaty Association and the GLOBSEC Policy Institute, this discussion brought together representatives from governments, defense agencies, and industry firms. Their dedication to collaboration was crucial to the success of the discussions, as their experiences and passions promoted productive and candid dialogue. The importance of these cross-sector conversations are unparalleled in the path to increased cooperation. The agenda for the event is seen below. Photos can be found here. Program   11.55     ARRIVAL OF PARTICIPANTS     12.00     APERITIF (SALLE GRENADIERS)     12.45     WELCOME ADDRESS     Mr. Jason WISEMAN Secretary General, Atlantic Treaty Association     12.50   KEY NOTE ADDRESS   Mr. Robert VASS President and Founder of GLOBSEC   13.00   TOPIC OF DISCUSSION   NATO’s ongoing adaptation rests on the combined efforts of the wider Alliance and transatlantic defence industry. At the same time, a wide spectrum of economic sectors – from information and communication technologies to critical infrastructure – are increasingly being shaped by advances in cloud computing, artificial intelligence and more. Which are the key defence sector shaping trends in advanced technologies? How will these trends impact NATO’s future adaptation? Indeed, how has the global defence sector contributed to the development of advanced technologies?   MODERATOR     Mr. Brooks TIGNER Chief Policy Analyst, SECURITY EUROPE     SPEAKERS     General (Retd) John R. ALLEN Former Commander of International Security Assistance Force, Distinguished Fellow at Brookings   Mr. Ernest J HEROLD Deputy Assistant Secretary General, NATO Defence Investment Division   Mr Amir HUSAIN Founder and CEO of Spark Cognition Inc.   REMARKS     Lt. Col. (Retd) Peter NILSSON Deputy Head of SAAB Market Area Europa and the Vice President for Strategy & Business Development for Saab Europe   13.30   Q/A SESSION     14.15   CONCLUSION
By: ATA Admin
Analyzing the Islamic State's Weapons Capability: What Weapons Does It Use and Where Does It Get Them?
PUBLISHED: March 28, 2017
The Islamic State has been severely weakened in recent months due to advances made by Iraqi forces, Shi’ite militias, Kurdish fighters, and the US-led coalition. Through gruelling battles over its strongholds, ISIS has not only suffered the loss of land and personnel, but it has also lost access to key sources of revenue and has simultaneously seen its online presence diminish. Still, the group’s advanced weapons capability makes it a constant threat to those who do not subscribe to its apocalyptic worldview. In order to neutralize the military threat posed by ISIS, it is first necessary to investigate its weapons capability and the sources of its weaponry. Since its rebranding in 2013 and its campaigns to control major cities in Iraq and Syria the following year, ISIS has acquired a diversified arsenal of weapons. The group acquired these weapons by defeating US-armed Iraqi and Kurdish forces, stealing chemical weapons from dictators’ stockpiles in the region, trafficking materiel into ISIS-controlled territory, and developing its own weapons production factories. These methods of acquiring weapons allowed ISIS not only to use arms similar to those used by other terrorist groups, but also to manufacture military grade munitions that rival those of nation-states. Like many other non-state armed groups before it, ISIS has a preference for assault rifles, and its militants’ preferred weapon has been the AK-47. During its early periods of operation, the group used concealable and transportable weapons, such as shoulder-fired missiles, likely because its members were conducting stealth operations to gain control of territory in a relatively short period of time. ISIS seized most of Anbar Province in January 2014 and proceeded to seize control of Mosul, forcing government troops to abandon the city. As the group continued to expand its territory in northern and western Iraq as well as in Syria, it gained control of the weapons and military vehicles left behind by Iraqi and Syrian forces and rebels. Among these were: approximately 55 Soviet-era tanks, six Soviet BRDM-2 amphibious armoured vehicles, two Soviet MT-LB amphibious auxiliary armoured vehicles, 20 Soviet BMP-1 infantry fighting vehicles, three Soviet 2S1 Gvozdika self-propelled artillery, a fleet of US-built Humvees, B-10 and M40 recoilless rifles, RPG-7s, and a variety of multiple-rocket launchers, howitzers, field guns, anti-aircraft guns, man-portable air-defense systems, antitank missiles, and even Blackhawk helicopters and fighter jets. ISIS also established complex trafficking routes that allow illicit arms and ammunition to enter the country. The group purchased weapons from military personnel, gunrunners and other militant groups in Turkey, Qatar, Lebanon, Syria, Iraq, Saudi Arabia, and Jordan, all of whom help the group bring the weapons into the country undetected. Turkey serves as a key international transit point, and reports indicate that weapons from Croatia have entered ISIS-controlled territory through its Turkish border. ISIS’ black market activity, however, has primarily focused on ammunition. An investigation conducted by the UK-based Conflict Armament Research organization determined that ISIS uses ammunition originating from 21 countries, of which most were manufactured in China, the Soviet Union/Russian Federation, and the US. Ammunition from Serbia, Sudan, North Korea, Hungary, and Kyrgyzstan has also been found in ISIS territory, indicating that the group’s network structure and transnational trafficking channels allow it to receive arms and supplies from a variety of global sources. Furthermore, Iranian-manufactured ammunition was found in ISIS’ weapons caches, potentially violating a 2006 United Nations Security Council Resolution prohibiting Iran from exporting ammunition. ISIS’ weapons capability surpasses that of other jihadist terrorist groups not only because of its seizure of military grade weapons, but also its adeptness in manufacturing its own armaments. In November 2016, investigation teams in recently liberated areas of Mosul uncovered six ISIS factories in which rockets, shells, and mortars were manufactured. According to the team’s report, “The degree of organization, quality control, and inventory management indicates a complex, centrally controlled industrial production system.” The standardized practices adopted by the group resemble those of conventional militaries and have allowed it to produce tens of thousands of rockets and mortars, demonstrating that the Islamic State’s weapons production capacity may indeed be similar to that of a nation-state. With multiple sources of weapons and ammunition, one may ask what can be done to degrade ISIS’ weapons capability. Firstly, Iraqi, Shi’ite, Kurdish, and allied forces must continue the push to regain territory in Iraq and Syria, as ISIS militants will be forced to leave weapons manufacturing plants and larger weapons behind. Secondly, Syria’s borders with Iraq and neighbouring countries must be fortified. The border between Turkey and Syria is of particular importance, as weapons and chemical warfare agents have been smuggled into Syria through its northern border. States around the world must also enhance oversight mechanisms to ensure that gunrunners and rogue military personnel are not exporting weapons and ammunition. Amnesty International has attributed ISIS’ vast arsenal of weapons to poor regulation and a lack of oversight of arms imports, irresponsible arms transfers, and lax controls over military stockpiles. In light of these points, coalition forces must be careful in selecting which militias they arm in the fight against ISIS and the extent to which they are arming them. Mechanisms must be put in place to keep the Iraqi military armed and in control of weapons stockpiles, while non-state groups are disarmed. However, disarming ISIS, as well as Iraq and Syria in general, is no easy order; with increased regional insecurity, the problem of weapons proliferation in Iraq and Syria will likely get worse before it gets better.
By: ATA Admin
Smart Homes and the Internet of Things
PUBLISHED: March 28, 2017
This is an excerpt from "Smart Homes and the Internet of Things" View the full article here  Security Challenges All systems can fail; there is no system without flaw. Engineers know this and adapt their work to be resilient against known and likely accidents and adversaries. Homes— smart or otherwise—are no different. But environmental hazards from software and connectivity pose distinct challenges for smart homes. All software code has flaws and connectivity increases exposure of these flaws to more hazardous and potentially hostile interactions. A study by the Carnegie Melon Software Engineering Institute suggests that the lower limit for commercial software may be one to seven flaws per one thousand lines of software code. However, the lines of code in each device continue to increase, as do the number of devices that constitute the systems of a smart home. The aggregate lines of code across all of our smart home devices are approaching hundreds or thousands of exposed, exploitable flaws if they do have not already surpass those levels. At the point where this technology has the potential to impact human life and public safety, a higher level of care and attention is warranted. Meeting the Security Challenges: Recommendations IoT device makers can demonstrate to potential buyers their commitment to building trustworthy devices. These signals create a competitive advantage over products and brands that do not pay equal attention to safety and security. Integrating safety and security of the connected software components throughout the design and manufacturing phases aligns incentives, placing the cost where it can be most effective, and ensures a consistent customer experience that meets their expectations. The following list includes many ideas already in practice for integrating security in design, as well as new ideas discussed among IoT stakeholders and identified here for more discussion. Security by design A published commitment to integrating security throughout the development, manufacturing, and deployment life cycle. Key elements, such as adversarial threat modeling, resilience testing, and reduced elective complexity, lower costs and shorten the timeline of securing IoT devices. Third party collaboration A published policy accepting help from willing allies acting in good faith, such as customers and security researchers, who find and report flaws. Failure investigation Record and review evidence of failures to identify and address root causes, while preserving customer privacy. Remote updates A secure, prompt, and agile response to security or other flaws greatly reduces support costs, increases consistency of experience, and allows feature improvements over time. Safe failure modes Protections to ensure that failed or manipulated components do not put safety at risk. For instance, preventing the spread of failures, making failures evident, and failing in a way that does not harm safety or privacy. Standalone Operation Document which specific features and benefits will continue to work without Internet access and chronicle negative impacts from compromised devices or cloud-based systems. The most proactive companies may find it less expensive to buy back obsolete devices, rather than continue to support them. Safe options and defaults Give owners clear guidance on why and how to configure devices to their own particular preferences, and ensure that defaults are reasonably safe and secure. Data protective measures Describe the protection of customer data against unwanted modification, removal, or disclosure, including how to safely remove data upon resale, loss, or theft of the device (or home). Informed consent for data use Describe the ways in which customer data is used or will be used, as well as methods for consumers to opt out. This includes change in ownership of the company, or sharing information with third-parties. Other good practices are emerging and will continue to develop over time as the smart home market matures. These recommendations are meant to work alongside, not to replace, practices already in place in the traditional manufacturing of consumer electronic goods. All consumers—even non-technical ones—can use consumer protection remedies and market forces. The effect of consumers’ actions can shape the decisions manufacturers make when bringing IoT devices to market. However, their effects may take some time to manifest, as the design cycle can be months or years for new devices. Early adopters and those more comfortable with technology can employ more technical safeguards in the short term, such as changing default passwords, updating firmware, and reviewing security and privacy settings. Though buyers who tend to be less familiar with technology should not be inadvertently exposed to risk.
By: ATA Admin
The ISIS wave that’s yet to come & how the EU can face it in 2017
PUBLISHED: March 7, 2017
Published on E!SHARP web page. 2017 is going to be a volatile year for combating terrorism around the globe. By this time last year, ISIS and its affiliates staged over 40 terrorist attacks in 9 different countries causing more than 500 casualties and at least 1200 wounded. So far in 2017 there has been an even bigger surge of ISIS attacks (mostly in ISIS held territory) amounting to over 85 attacks in 10 different countries causing more than 740 casualties. To make matters worse, this has been accompanied by a mounting offensive from different jihadist organizations in Pakistan, Somalia and parts of North Africa. Counter-Terrorism officials estimate that of the over 5000 Foreign Fighters (FF's) that went from Europe to Syria and Iraq, at least one third, or 1500 people, have already returned. As the Global Coalition Against Daesh is succeeding in further suffocating ISIS strongholds, many of the FF’s of European origins will try to return to EU territories this year to seek refuge and expand the theatre of jihadist activity in Europe. This is particularly concerning given the sensitive elections fast approaching in the Netherlands, France and Germany and the rise of anti-migrant and anti-establishment sentiment across European civil society. The concern of returning FF’s is magnified when considering the case of the Paris attacks. A brief analysis of the operatives from the ISIS network that staged the Paris attack displays the following: 4 operatives entered through Leros, Greece with fake IDs, two of which were already in a database: 1 was on an EU watch list; 1 had an open terrorism warrant on his head; 6 were wanted on international terror warrants; 1 was under police surveillance with wire taps and hidden cameras; 7 were on a terrorism watch list; 12 of them had been stopped, questioned and even arrested at some point during their back and forth travels from Syria; Attacks in Paris were coordinated and directed over the phone from Jihadists based in Belgium; Explosives used in the Paris attacks were made in Belgium; Salah Abdelslam, a Belgian national and the key suspect in the planning of the Paris attack, successfully evaded authorities for 4 months before being captured; 4 days after his arrest, a sophisticated terrorist attack was carried out in the Brussels Airport and metro station. Given that several members of the network were already known, having been listed in various databases, stronger coordination, information sharing and communication among European counter-terrorism officials could have prevented both attacks. Thus, European counter-terrorism officials must reorient their strategy and tactics to address the rise in suicide terrorism taking place across the globe. What Can Be Done? Any counter-terrorism strategy should be divided into two parts: counter-motivation and counter-operational capability. Even with the creation of a new EU Counter Terrorism Center at Europol in January 2016 and the approval of the Passenger Name Record (PNR) Directive, there are a number of actions to be launched at the national and EU level to strengthen Europe’s counter-terrorism strategy. On the counter-operational side the EU 28 can: Mandate that high value data collected by any national security agency is transmitted within 24 hours of recording to a central system and that it is permitted to cover non-EU nationals; Reinforce this with a shared database in the use of biotech that all EU border control services and Frontex have access to; Formulate joint investigation teams (JITs) with Europol that transfer best practices to national authorities; Stage regular joint training exercises and simulations with an emphasis on emergency preparedness and civil emergency response that involves all relevant agencies; Set a joint procurement fund (based on GDP proportionality) with the sole purpose of outfitting, modernizing and training counter-terrorism units. As for counter-motivation strategy, many things need doing here. For example, Member States should create, where they haven’t already: Independent civil society advisory boards to local and federal authorities in order to promote internal stability and shared values across society; All EU nations should legally classify ISIS as a terrorist group and criminalise membership in it or financial support to it – punishable in any Member State; All EU 28 should be setting up rehabilitation centres; The EU 28 should create a publicly accessible ‘No Visit List” that identifies ideological radicals who pose a threat to the security of a country and who will be prohibited from stepping foot in the EU; Along the same line, a database of those organisations whose charitable status has been removed due to links with terrorism should be publicly accessible as well; EU nations should ensure mandatory screening of citizens involved in public outreach, especially those engaged with “at-risk communities”; EU nations should set a specialised team of lawyers trained to prosecute terrorism cases, while judges selected to hear terrorism cases should have the background and training to preside over them. Adopting such recommendations would strengthen the existing counter-terrorism cooperation between EU Member States and incentivise reform in EU aspiring states. Most important, they would enhance the operational capabilities of EU agencies such as Europol and Eurojust to thwart terrorist recruitment, disrupt terrorist activity and apprehend the terrorist operatives themselves.
By: ATA Admin
The Role of the US Military in Defending Essential Infrastructure in a High End Cyber Conflict
PUBLISHED: February 7, 2017
The following is an excerpt. See the full text here. This paper analyzes cyber’s role in deterrence and defense—and specifically the military-civil nexus and the relationship between the Department of Defense (DoD), the civil agencies, and the key private operational cyber entities, in particular the Internet Service Providers (ISPs) and electric grid operators. The focus of the paper is on high-end conflict including actions by an advanced cyber adversary, whether state or non-state, and not on the “day-to-day” intrusions and attacks as regularly occur and are generally dealt with by governmental agencies and the private sector without military involvement. High-end conflict can be expected to include attacks within the United States homeland as well as in forward theaters. Last year, the Barack Obama administration issued PPD-41, “Cyber Incident Protection,” setting forth cyber security incident roles and missions for federal agencies but with no explicit reference to the Department of Defense. By contrast, the DoD Cyber Strategy provides that DoD will be prepared to “defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence.” Certainly, in a conflict where an adversary will utilize cyber as part of an overall military attack, the DoD will necessarily play a major operational role. This paper discusses what that role should entail. In a high-end conflict, the military will rely heavily on the availability of the telecommunication and electric grid networks, and those networks—including those abroad—will likely need assistance from the military to remain operationally effective. Understanding cross-sectoral dependencies and potential cascading effects from attacks will be crucial. Accordingly, to achieve deterrence and/or successful defense with respect to such a conflict or potential conflict situation, particularly against high-end cyber adversaries, the military, civil authorities, the ISPs, and grid operators will need to work closely together both prior to and during the conflict. This will be true both inside the United States and in the forward theaters where conflict is likely to occur. This paper is organized in two parts. The first, and more extensive section, focuses on requirements necessary inside the United States. The second discusses requirements for forward theaters, building on the analysis for the US territory and the authors’ previous paper “Cyber, Extended Deterrence, and NATO.” The broad conclusion of the paper is that effective planning and operations require two overlapping sets of requirements to be undertaken: • The military needs to develop a concept of operations that allows it to determine the required support from the ISPs and the electric grid in a high-end contingency (such as defense of the Baltics) and to provide the basis for a prioritized approach to cyber protection, resilience, and recovery of those networks. To prioritize mission-essential networks and industrial control systems that are critical for responding to regional crises, coordination with civil authorities, the ISPs, and electric grid operators both prior to and during a crisis will be necessary. • The civil authorities, the ISPs, and electric grid operators need to develop contingency planning to elucidate the type of assistance they are likely to need from the military to provide the protection, resilience, and recovery necessary to maintain adequate telecommunications and grid operations for the nation in the event of a high-end contingency. The grid and ISP operators have unique knowledge of their specific system architectures and restoration plans; therefore, they are the best experts to convey that information to the military so the military is ready to actively support their efforts both during an attack and for post-cyberattack restoration. Without this foreknowledge about the specific systems, DoD personnel who undertake to assist during a crisis would be ineffective and could in fact cause harm to the systems and contribute to other adverse consequences. To accomplish these objectives in the United States, six steps need to be undertaken: 1. First, contingency plans for military, civil authority, ISP, and electric grid operator interactions must be established for a high-end contingency through the use of an effective planning process supported by regular exercises and detailed playbooks that are routine in other emergency scenarios such as storms, fires, and earthquakes. 2. Second, clear chains of command for a high-end contingency need to be established between the civil authorities and the DoD and within the DoD itself, and an operational mechanism needs to be created to include the ISPs and the electric grid to allow prompt and responsive actions. To remedy existing disconnects between the DoD and other departments and to allow for proper interaction with the ISPs and grid operators in the context of a high-end contingency, Congress should consider creating a requirement for “unified cyber actions” along the lines of what the Goldwater-Nichols Act established for the DoD, requiring joint actions among the four services for war-fighting purposes. 3. Third, it is important to undertake actions in advance of a high-end attack to establish the greatest likelihood of effective protection, resilience, and recovery, as numerous analyses have determined that to generate desired results defenders cannot wait for the actual attack. Among other important steps prior to conflict, intrusions need to be blocked as much as possible; malware needs to be removed; and capabilities for maintaining data integrity, confidentiality, and availability need to be built and exercised. Critical to this effort is the use of a variety of adaptive resilience techniques, ranging from diversity and redundancy to moving target defenses and deception. All these resiliency features require development and implementation prior to conflict. Not all attacks can be protected against, but their effects can be mitigated if steps are taken in advance. DoD can utilize the knowledge generated in the defense of its own networks to assist defenders, and undertake research and development through the Defense Advanced Research Projects Agency and other DoD applied research and development activities to provide advanced capabilities. 4. Fourth, the roles of the National Mission Teams (NMTs), and the associated National Guard–supported teams, currently being established by Cyber Command to respond to cyberattacks of significant consequence, must be developed and clarified. NMTs and National Guard missions during an attack should be developed, specifying how they will interact with ISPs and grid operators. NMTs and the National Guard will not have the degree of expertise that ISP and grid operators have in their respective domains, but a combined effort utilizing exercises and modeling can establish tactics, techniques, and procedures for operating in a degraded environment. Additionally, NMTs and the National Guard should operate not only once a high-end attack has begun, but should help support actions prior to such an attack that will enhance protection, resilience, and recovery of the ISPs and the electric grid if an attack occurs. In addition to substantive planning, operational legal authorities must be clarified before an attack occurs. Moreover, a determination should be made whether the capabilities of the active force and the National Guard are sufficient or whether they need to be supplemented by private sector cyber security expertise, working under government direction and control in connection with high-end contingencies or in direct support to the ISPs and grid operators. For both conflict and restoration operations, such private sector skilled personnel may be necessary, especially if the NMTs and National Guard are needed to give direct support to DoD in a time of crisis. Any private sector personnel will need to be familiar with the specific operational technology networks, software applications, and protocols of the specific critical infrastructure. 5. Fifth, DoD should establish programs and funding to support resilience and recovery. The US government should leverage the Defense Production Act to ensure that readiness reserves in hardware and systems exist for critical infrastructure providers as they reconstitute/recover. The DoD could provide a contractual program for the purchase of key infrastructure components. Companies who participate could be further incentivized through payments and limited liability protection to provide greater levels of security to their industry supply chain and vendor management processes and to adopt best-practice secure engineering and better-engineered products. DoD funding could also support the Department of Energy efforts contemplated under the Strategic Transformer Reserve of the Fixing America’s Surface Transportation Act (FAST Act). 6. Sixth, offense will be a key element of effective operations. Prior to conflict, it will be important to undertake expanded “fusion” efforts, largely by civil authorities, to bring to bear intelligence, cyber, financial, law enforcement, and other capabilities to disrupt adversarial cyber planning and operations. Campaign planning should include courses of action to respond to so-called hybrid warfare, including cyber-enabled “flexible deterrent (and response) options,” so that commanders will have a full spectrum of options to utilize if the president determines it appropriate. In the event of conflict, cyber capabilities can be used against an adversary, targeting not only adversary cyber but also military capabilities such as sensors, communications, logistics, and military supporting infrastructures. In forward theaters, effective operations will require all of the foregoing to be undertaken including contingency planning; clear delineation of command chain; clarity on the role of cyber teams; identification of prior actions to enhance protection, resilience, and recovery; and use of offense. However, as the United States will be operating as part of an alliance or organized coalition, cyber requirements will have to be coordinated and undertaken with allies and coalition partners. Accordingly, in addition to the specifics noted above, three additional elements will be key: the United States should act as a “cyber framework nation” to help support national capabilities; operational partnerships should be created between and among the military, civil authorities, the ISPs, and grid operators in the host nation; and cyber tools should be part of the military war-fighting effort, to disrupt adversary cyber operations and military capabilities including sensors, communications, logistics, and war-supporting critical infrastructure. Franklin D. Kramer is a distinguished fellow and on the board at the Atlantic Council and a former assistant secretary of defense. Robert J. Butler is an adjunct fellow at the Center for a New American Security and served as the first US deputy assistant secretary of defense for cyber policy. Catherine Lotrionte is the director of the CyberProject in the School of Foreign Service at Georgetown University, former counsel to the President’s Foreign Intelligence Advisory Board, and former assistant general counsel at the Central Intelligence Agency. January 3, 2017
By: ATA Admin
To Get Revolutionary in Procurement, Get Radical on Requirements
PUBLISHED: February 7, 2017
What does the Trump Administration have in mind for military procurement? We have been debating that question here at the Atlantic Council for weeks and months now. One tack that many Republicans around Washington DC have been advising can be described as a Reaganesque build-up. As the new administration did in 1981, they recommend, just buy more of the the stuff that the last administration was already planning to buy. This has two advantages. First, it adds force structure, which pretty much has been the Trump promise. Second, as I will explain, it makes your numbers look good. What it doesn’t bring is Third-Offsetting change at prices that fit within a sensible budget. That will require a thorough rethinking of how the military goes about selecting weapons, and at the start of the process. If buying more of what you’re already buying is the plan, then much of the advice in Frank Kendall’s new memoir is apropos. The recently departed under secretary for acquisition, technology, and logistics (AT&L) released that book at an event last week at the CSIS. It’s mostly an anthology of his articles over the past six years in Defense AT&L, with bookends on how he arrived at the expressed views. For those who don’t read that magazine regularly, this collection-with-commentaries provides insight into the past administration’s strategies for military materiel. It’s easy to like Kendall’s up-front views on success in acquiring weapons as a simple process: (1) set reasonable requirements, (2) put professionals in charge, (3) give them the resources they need, and (4) provide strong incentives for success. As Blake Shelton would say, that’s backwoods legit. Kendall also acknowledges that doing all those simple things is often very challenging, and for reasons both good and bad. Consequently, high amongst his principles is the conviction that continuous improvement will be more effective than radical change. If you’re committed to that Reaganesque plan, that’s probably true. Just work continuously on improving the quality, timeliness, and total cost of the stuff flowing from those long production runs. That’s the second advantage of that more-of-the-same approach: your numbers will look good. Frankly, Kendall seems to view this as his salient accomplishment. “The five-year moving average of cost growth on our largest and highest-risk programs,” he wrote not long ago, “is at a thirty-year low.” The previous best had been attained in 1986—in the middle of the second Reagan Administration. The stories of gold-plated hammers were basically from the first term; by the mid-1980s, prices on those M1 tanks and F-16 fighter jets were pretty stable. But to take him literally, Kendall's boast is that things have been getting worse on his watch less quickly than on almost everyone else’s. That’s continuous, but as improvement, it’s not even incremental. It also does nothing for the long-term affordability of the force. I think that we should hope for better. What’s wrong? Start with Kendall’s task number one (1): set reasonable requirements. For decades, many of the defined requirements of the US armed forces have been entirely unreasonable. In the US system, sketching out what the forces need is a task for military officers, upstream from the responsibilities of the under secretariat for AT&L. Ensuring they make sense and don’t excessively overlap amongst the services is supposed to be the job of the Joint Requirements Oversight Council, which impanels the vice chairman of the joint chiefs and the vice chiefs of the individual services. However, in its 20-year history, the JROC has rarely seen a requirement it didn’t usher through the process with minimal change. It’s not that too many of the weapons requested would be built of unobtainium. Contractors can and have bent the laws of physics to bring the military’s dreams to fruition. That just costs lots of money, in development, production, and eventually and especially in logistics. Requirements-setting is the thus first step in design for manufacturing and supportability. It might not be in AT&L’s swim lane, but it can quickly empty the pool. Here’s just one example. Throughout the long counterinsurgent campaigns in Afghanistan and Iraq, the Army and the Marine Corps needed occasional air support. To flip an Israeli phrase, sometimes the guys with M-16s needed backing from the F-16s. Supersonic fighter jets, however, are overkill for almost all those missions—the Air Force, the Navy, and especially the Marines have been flying the wings off their very expensive and expensive to maintain aircraft. Couldn’t the military largely substitute for its high-performance jets some slower and cheaper ground-attack aircraft where sophisticated air defenses were not a problem? From Vietnam to Afghanistan, the long battle over the close air support demonstrates that the generals and admirals often allow expensive high-end warfighting priorities (e.g., F-104s, F-35s) to crowd out less expensive options (e.g., A-1s, A-10s). Afterwards, only the sophisticated stuff is available for the more permissive missions—at considerably greater cost. Our friend Dave Foster of Naval Air Systems Command describes this as delivering pizza with Ferraris. To extend the cost analogy to the highly trained corps of fighter pilots, one might as well have the Ferraris driven by supermodels. Choosing something other than the Ferrari isn’t really in the purview of the USD AT&L, at least not once that program is rolling. All that’s left to do is to keep its price from jumping more than it did under the last guy. Fortunately, some step-change is finally afoot. In response to a question after his talk on 18 January at the CSIS, Air Force Chief of Staff General David Goldfein strongly endorsed the idea in Senator John McCain’s recently released report for buying 300 “OA(X)” aircraft in the next few years. This sort-of successor to the A-10C is a concept widely discussed as possibly an AT-6 Texan II, possibly an A-29 Super Tucano, and just maybe a Textron Scorpion. (We’ll have more on this next week.) Building that case has taken years—far too long, indeed. Trump has often said that he wants a military “so big, powerful, and strong” that no one would dare attack Americans anywhere. Huge is beautiful, of course, but as I wrote back in November, perhaps “Less Reagan” is called for now. As our colleague Ben Fitzgerald of the CNAS said back then, sticking with existing plans could simply “buy the best military that we possibly could from the 1980s.” Sustaining powerful and strong over time requires technological innovation for much less money. Surfacing innovative and inexpensive ideas faster will require a new approach. Frank Kendall’s work as under secretary has been valuable, but it has concentrated on the middle range of the problem. In the long run, radically rethinking requirements requires radically rethinking the process of setting requirements. And that’s where the big money is to be found. James Hasik is a senior fellow at the Brent Scowcroft Center on International Security. January 21, 2017
By: ATA Admin
The Cybersecurity Conundrum
PUBLISHED: February 7, 2017
A quarter-century on, as whole new layers of a burgeoning digital economy like the Internet of Things (IoT) rest on it, the Internet faces an array of challenges from the Dark Side that its inventors never quite anticipated. Enhancing cybersecurity is critical not only to the viability of the Internet, but to the next wave of innovation and perhaps to the increasingly digitized global economy writ large. In his annual threat assessment to the Congress, Director of National Intelligence James Clapper argued that cybersecurity and the threats to networks are at the top of the list of US concerns. The need to trust technology is key to its viability, not least for the still emerging IoT, the linking of devices to other devices, with services operating on the Cloud. McKinsey projects the IoT to add $4 trillion to $11 trillion in value by 2025. As our dependence on connected technology rises, its security must be worthy of the trust placed in it. As the amount of software in life-critical systems increases, the number and severity of software flaws also increase. As connectivity increases in an era of Cloud computing, exposure to accidents and adversaries rises with it. If cars, homes, and even medical devices like pacemakers can be easily hacked, when public safety may be at risk, who will trust the IoT? Without trust, consumers will not buy these devices, eliminating financial gains as well as benefits such as safer cars, better medical devices, etc. Getting cybersecurity right would be an enormous enabling achievement. The San Bernardino iPhone case has exposed a tension between government and markets. Customer demand and corporate direction, in response to perceived law enforcement overreach on metadata, led to strong data protection which hides content from bulk collection and analysis. The FBI and DoJ were at odds with Apple, with the competing interests of consumer trust and protection against data theft, versus combatting terrorism, and systemic vulnerability in technology. This has exemplified an “us vs. them” mentality, often present in these conversations, which must be resolved. This reflects a fundamental tension between the need for law enforcement to investigate crimes and the need to protect privacy from law enforcement overreach. There appears no silver bullet on the horizon to resolve this – and there may not be one. To get beyond this situation, a dialogue including all stakeholders – insurers, customers, venture capital, lawyers – may be key. One example of such a process is the FDA approach of bringing in all stakeholders to discuss cybersecurity of medical devices with the aim of aligning interests of those stakeholders around the cybersecurity impacts to patient care and patient safety. Government needs to define a role that does not impede innovation and investment, yet sets the parameters of required outcomes and guidelines for attaining it. In addition to the FDA approach, another example of self-regulation, however imperfect at present, is the credit card industry adoption of the Data Security Standard to enhance cybersecurity. With the threat of legislation looming, the industry (after banks bore the cost of fraud) devised a solution to preserve trust in the credit card system. Consumers are most comfortable with a ‘walled garden’ of privacy; such as the software that is licensed and controlled for iPhone encryption. In the case of Apple, there is neat coincidence, as the security model also aligns with its business model. Many devices are following the Apple path with lockdown software, especially automakers. But this is not the case with the Android ecosystem, which tends to leave devices more open to adversaries. Where – or how --to find the right security model for the Internet of Things remains a matter of some debate. In any case, one important aspect of maintaining security levels is building in design features for resiliency like software updates, which allow a prompt, secure, and agile response to flaws once discovered. This also keeps down costs, compared with product recalls. It is important to connect the imperative of stopping incidents to the larger imperative of reducing risk to the ecosystem. Government procurement, a slow and tedious process, faces a particular challenge in the ability to understand risk when buying software or connected devices. Another issue of trust is in regard of the identity of users. If we cannot absolutely determine the identity of a user, who is allowed access and/or can make changes then the whole system is at risk. The complex systems involved in the IoT give this problem an urgency that industry needs to solve if there is to be ample trust of consumers to buy into the IoT. In a hospital operating room, passwords slow down care delivery and may cause harm, yet biometrics are frustrated by sterile gloves and masks. Authentication and identity will need to be rethought in a hyper-connected environment. The expansion of the digital economy means there are increasing numbers of access points and software versions for intruders. This complicates the challenge of building ample trust for users. One aspect of the IoT may provide part of the solution: the combination of AI and Big Data may provide the ability of accurate machine detection and analysis of intrusions and attacks. DARPA, the Pentagon agency that was instrumental in the invention of the Internet, has announced a new program to use AI to attain rapid attribution of the full range of hackers and cyberattacks. The great fear is that events may force the issue. If there is a cyber 9/11, Congress is likely to pass legislation focused entirely on the security end in ways that reduces space for innovation and investment. This underscores the need for a more technically literate policy environment, informed by consequences of too much, too little, or the wrong type of action. While regulating technology may stifle innovation, some role is necessary in the same way that restaurant kitchens are held to sanitary codes, to protect public health without impeding business. By preparing now, any eventual crisis of confidence can be met with the right policy response. Robert A. Manning is Resident Senior Fellow at the Atlantic Council’s Brent Scowcroft Center on International Security. May 13, 2016
By: ATA Admin
NATO Adaptation Initiative
PUBLISHED: January 1, 2017
In close cooperation and with strong contribution from ATA Vice-President, Prof. Julian Lindley-French, GLOBSEC launched the NATO Adaptation Initiative Report. The initiatives envisaged a series of policy papers which will address the nature of NATO’s adaptation and the challenges it must overcome if it is to remain a viable and credible alliance for the peace and stability in the transatlantic area.
By: ATA Admin
ATA Secretary General Remarks | Defense Investment Round Table
PUBLISHED: September 30, 2016
INTRODUCTORY REMARKS by ATA Secretary General During The Roundtable "FOLLOWING THE WARSAW SUMMIT DECLARATIONS – WHAT THIS MEANS FOR 2017", 29 September 2016 Welcome everyone to ATA HQ, it is indeed a pleasure to see so many friends and distinguished guests. Please rest assured that today’s engagement is under strict Chatham House Rule and that you are all encouraged to relax, eat while we talk, and take advantage of the time we have set aside for Q+A. For those of you who are not familiar, the Atlantic Treaty Association was founded in 1954 as a network of think-tanks and NGOs, working in 37 different countries to coordinate security and defense policy between the respective Ministries of Defense, Interior and Foreign Affairs along with NATO HQ. Our 5 key issues this year are Counter-Terrorism, Russia, Women in Security, Energy security and defense spending. In addition we work with 5 target audience, which are diplomats, academics, military, journalists and industry. Thus we are deeply honoured to be joined by you all here today. As dev.atahq.orgorks with many of the key policy-makers across the Alliance and its Partner nations, we want to use this opportunity to bring to your attention some of our key programs taking place over the next few months which include our ongoing ATA-NATO Alignment Meetings, our flagship Riga Conference in October, our upcoming NATO-EU engagement with MEPs and Commissioners in November along with our counter-terrorism programming in the Hashemite Kingdom of Jordan and our work alongside key EU + UK officials in Wilton Park taking place early next year. Now looking to what brings us all here today…. Last year, NATO’s European allies spent 253 billion USD on defence compared with a US spend of 618 billion. According to the 2 percent guideline, European countries should be spending an additional 100 billion USD annually on their militaries. While the current average defense budget is equivalent to around 1,43 percent of GDP. Now according to the Summit communique, 6 billion in additional spending is planned for 2016, demonstrating that the Alliance has turned a corner. The Baltic states pledged to make the biggest changes as Latvia’s budget will raise with nearly 60 per cent this year, while Lithuania will see a 35 per cent increase and Estonia 9 per cent. Moreover, this year’s host of the Summit, Poland, the main military power in Central Europe also pledged to raise its defence expenditure by 9 per cent. However, deployability remains a measure of the percentage of the forces a country can deploy, while sustainability measures how long they can keep them in the field. The lag between investments in military equipment and the ability of a country to deploy and sustain its troops means that even though NATO has begun to reverse years of defence cuts, it will take time for that spending to turn into the real time capabilities that we need. So where is the solution… To us it is simple, it depends on many of you who have joined us here today. NCI Agency General Manager stated: The Alliance has been able to maintain the technological edge over its adversaries for 67 years because of the innovative capacity of the private sector. Today’s technological change is driven by Industry and because of this, one of NATO’s most critical tasks is to engage industry in the policy making process to ensure they tap into the innovation and creativity that all of you here today bring to the Alliance. This is the core objective that brings us here today, for ATA to gather all relevant partners and new actors into the policy-making process. We do this because we believe that leaders of industries developing top-notch technologies are more relevant in the defense of our nations than at any point before. Working in close synergy with key officials like Liviu and Patrick enforces ATA’s role in providing a comfortable and informative setting where officials and industry can meet and share insights for common goals. NATO recognizes this, as the Warsaw Summit announced a larger investment in the Alliance’ deterrence and defence capabilities. Thus, in parallel with the Warsaw Summit was the NCI’s announcement of an additional 3 billion Euro investment in defence technology that will strengthen the Alliance’s cyber, air and missile defence and advance software capabilities, which is planned to happen between now and 2019. For the first time, since 2009, NATO’s overall defence expenditures have increased in 2016. In the two recent years, the majority of the members have halted or reversed decline in defence spending in real terms. And thereby the NATO alliance has taken one step further in ensuring that forces assigned to the Alliance are properly equipped and interoperable to undertake the full range of military missions that we will be deploying to in the future. A strong, innovative and strategic dialogue between NATO and the defence industry is essential to the future security and defence sector and ATA’s role in facilitating this will continue. I would like to thank you again, for participating in this roundtable, and taking part of what is key to a successful adaption for the NATO Alliance: cooperation with industries, cooperation with governments and cooperation with other relevant organisations. Thank you.
By: ATA Admin
NATO: The Enduring Alliance 2016
PUBLISHED: June 27, 2016
Abstract The bottom-line for the Warsaw Summit is this: effective NATO deterrence will only be established if NATO’s forward presence is in strength, reinforced by a properly enhanced NATO Response Force, which in turn is allied to a credible ability of Alliance forces to overcome Russia’s growing and impressive anti-access, area denial (A2/ AD) capability. And, that NATO forces are able to deploy in sufficient force and time to match Russian deployments. At present that is not the case. Indeed, it is still far from being the case. Full paper to the link below: NATO:THE ENDURING ALLIANCE 2016  
By: ATA Admin
Understanding suicide attacks and what this means for counter-terrorism officials
PUBLISHED: March 27, 2016
The year 2016 has been a volatile one for combating terrorism around the globe. In January alone there were at least 24 documented suicide bombings in nine different countries causing more than 404 casualties and at least 630 wounded. February saw a slight downturn with 18 documented suicide bombings, again nine countries, leading to over 169 casualties and some 670 wounded. Many take place in Islamic State (ISIS) held territory and West Africa, though attacks have been a constant threat to countries such as Turkey and Afghanistan. European counter-terrorism officials must reorient their strategy and tactics to address the rise in suicide terrorism taking place across the globe. Although modern suicide terrorism first appeared in the 1980s, it has expanded in its use and intensity ever since. The root causes of suicide bombings are embedded in their success at spreading fear and anxiety amongst a population – the strategy favoured by most terrorist organisations – and their ability to coerce political concessions from democratic states. Perhaps best put by Bruce Hoffman, director of Georetown University’s Center for Security Studies, the strategy of suicide attacks is a “rational conclusion” resulting from a terrorist organisation’s cost benefit analysis – i.e., rational for the following reasons. Suicide attacks are inexpensive and effective. On average they cost less than EUR 140 to mount, don’t require any escape plan and can kill up to four times as many people as other types of attacks. They are relatively easy to pull off, requiring only basic supplies such as pipes, batteries, wires, or fertiliser and be redirected at the last minute – the ultimate “smart bomb”. They also pose less risk of “compromising” the organisation since the intelligence goes up in smoke with the perpetrator. Moreover, suicide attacks guarantee valuable media coverage and by targeting places where large civilian populations regularly congregate, they create the impression that people aren’t safe anywhere. Understanding the tenets of this rationale opens the door to development of deterrent measures against terrorist networks such as pitching counter-arguments to potential suicide attackers. Promoting a religiously founded counter-argument among religious elites and civil society leaders, for example, would undercut the recruitment capabilities of jihadist-driven terrorist networks and disrupt the “tunnel vision” of a suicide attacker in the final stages of an attack. What needs to be done? There are a number of actions to be launched at national and EU level to strengthen Europe’s counter-terrorism strategy. Counter-terrorism strategy can be divided into two parts: counter-motivation and counter-operational capability. On the counter-operational side the EU28 should mandate that data is transmitted within 24 hours of recording to a central system and that it is permitted to cover non-EU nationals. They also need to build on the joint investigation teams (JITs) they lead with Europol in that there must be more regular joint training exercises and simulations. These should be expanded to include non-EU member states and rope in emergency response preparedness. As for counter-motivation strategy, many things need doing here. For example, the member should create, if they haven’t already, independent civil society advisory boards to local and federal authorities in order to promote internal stability and shared values across society. All EU nations should legally classify ISIS as a terrorist group and criminalise membership in it or financial support to it – punishable in any member state. The EU 28 should create a publically accessible ‘No Visit List” that identifies ideological radicals who pose a threat to the security of a country and who will be prohibited from stepping foot in the EU. Along the same line, a database of those organisations whose charitable status has been removed due to links with terrorism should be publically accessible as well. Elsewhere, the EU nations should ensure mandatory screening of citizens involved in public outreach, especially those engaged with “at-risk communities”. Specialised teams of lawyers are needed to prosecute terrorism cases, while judges selected to hear terrorism cases should have the background and training to preside over them. Adopting such recommendations would strengthen the existing counter-terrorism cooperation between EU member states and incentivise reform in EU aspiring states. Most important, they would enhance the operational capabilities of EU agencies such as Europol and Eurojust to thwart terrorist recruitment, disrupt terrorist activity and apprehend the terrorist operatives themselves. This article has been published in the March 2016 edition of Security Europe.
By: ATA Admin

Join the ATA newsletter!

The Atlantic Treaty Association (ATA) is an organization of 38 national chapters that, since 1954 has been conducting analyses, training, education, and information activities on foreign affairs and security issues relevant to the Atlantic Alliance. ATA draws together political leaders, diplomats, civilian and military officers, academics, economic actors as well as young professionals and students in an effort to further the values set forth in the North Atlantic Treaty.