Visit to Microsoft Transparency Center in Brussels - 25 April 2017
PUBLISHED: December 2, 2017
On April 25 2017, a Norwegian delegation led by the ATA Senior Manager Alessandro Niglia, was hosted at Microsoft Transparency Center in Brussels. This occasion was assessed as a unique chance to know more about Microsoft strategy for the future and enhance the process of trust among the private and public sector
By: Atlantic Treaty Association
Smart Homes and the Internet of Things
PUBLISHED: March 28, 2017
This is an excerpt from "Smart Homes and the Internet of Things" View the full article here  Security Challenges All systems can fail; there is no system without flaw. Engineers know this and adapt their work to be resilient against known and likely accidents and adversaries. Homes— smart or otherwise—are no different. But environmental hazards from software and connectivity pose distinct challenges for smart homes. All software code has flaws and connectivity increases exposure of these flaws to more hazardous and potentially hostile interactions. A study by the Carnegie Melon Software Engineering Institute suggests that the lower limit for commercial software may be one to seven flaws per one thousand lines of software code. However, the lines of code in each device continue to increase, as do the number of devices that constitute the systems of a smart home. The aggregate lines of code across all of our smart home devices are approaching hundreds or thousands of exposed, exploitable flaws if they do have not already surpass those levels. At the point where this technology has the potential to impact human life and public safety, a higher level of care and attention is warranted. Meeting the Security Challenges: Recommendations IoT device makers can demonstrate to potential buyers their commitment to building trustworthy devices. These signals create a competitive advantage over products and brands that do not pay equal attention to safety and security. Integrating safety and security of the connected software components throughout the design and manufacturing phases aligns incentives, placing the cost where it can be most effective, and ensures a consistent customer experience that meets their expectations. The following list includes many ideas already in practice for integrating security in design, as well as new ideas discussed among IoT stakeholders and identified here for more discussion. Security by design A published commitment to integrating security throughout the development, manufacturing, and deployment life cycle. Key elements, such as adversarial threat modeling, resilience testing, and reduced elective complexity, lower costs and shorten the timeline of securing IoT devices. Third party collaboration A published policy accepting help from willing allies acting in good faith, such as customers and security researchers, who find and report flaws. Failure investigation Record and review evidence of failures to identify and address root causes, while preserving customer privacy. Remote updates A secure, prompt, and agile response to security or other flaws greatly reduces support costs, increases consistency of experience, and allows feature improvements over time. Safe failure modes Protections to ensure that failed or manipulated components do not put safety at risk. For instance, preventing the spread of failures, making failures evident, and failing in a way that does not harm safety or privacy. Standalone Operation Document which specific features and benefits will continue to work without Internet access and chronicle negative impacts from compromised devices or cloud-based systems. The most proactive companies may find it less expensive to buy back obsolete devices, rather than continue to support them. Safe options and defaults Give owners clear guidance on why and how to configure devices to their own particular preferences, and ensure that defaults are reasonably safe and secure. Data protective measures Describe the protection of customer data against unwanted modification, removal, or disclosure, including how to safely remove data upon resale, loss, or theft of the device (or home). Informed consent for data use Describe the ways in which customer data is used or will be used, as well as methods for consumers to opt out. This includes change in ownership of the company, or sharing information with third-parties. Other good practices are emerging and will continue to develop over time as the smart home market matures. These recommendations are meant to work alongside, not to replace, practices already in place in the traditional manufacturing of consumer electronic goods. All consumers—even non-technical ones—can use consumer protection remedies and market forces. The effect of consumers’ actions can shape the decisions manufacturers make when bringing IoT devices to market. However, their effects may take some time to manifest, as the design cycle can be months or years for new devices. Early adopters and those more comfortable with technology can employ more technical safeguards in the short term, such as changing default passwords, updating firmware, and reviewing security and privacy settings. Though buyers who tend to be less familiar with technology should not be inadvertently exposed to risk.
By: Atlantic Treaty Association
The Role of the US Military in Defending Essential Infrastructure in a High End Cyber Conflict
PUBLISHED: February 7, 2017
The following is an excerpt. See the full text here. This paper analyzes cyber’s role in deterrence and defense—and specifically the military-civil nexus and the relationship between the Department of Defense (DoD), the civil agencies, and the key private operational cyber entities, in particular the Internet Service Providers (ISPs) and electric grid operators. The focus of the paper is on high-end conflict including actions by an advanced cyber adversary, whether state or non-state, and not on the “day-to-day” intrusions and attacks as regularly occur and are generally dealt with by governmental agencies and the private sector without military involvement. High-end conflict can be expected to include attacks within the United States homeland as well as in forward theaters. Last year, the Barack Obama administration issued PPD-41, “Cyber Incident Protection,” setting forth cyber security incident roles and missions for federal agencies but with no explicit reference to the Department of Defense. By contrast, the DoD Cyber Strategy provides that DoD will be prepared to “defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence.” Certainly, in a conflict where an adversary will utilize cyber as part of an overall military attack, the DoD will necessarily play a major operational role. This paper discusses what that role should entail. In a high-end conflict, the military will rely heavily on the availability of the telecommunication and electric grid networks, and those networks—including those abroad—will likely need assistance from the military to remain operationally effective. Understanding cross-sectoral dependencies and potential cascading effects from attacks will be crucial. Accordingly, to achieve deterrence and/or successful defense with respect to such a conflict or potential conflict situation, particularly against high-end cyber adversaries, the military, civil authorities, the ISPs, and grid operators will need to work closely together both prior to and during the conflict. This will be true both inside the United States and in the forward theaters where conflict is likely to occur. This paper is organized in two parts. The first, and more extensive section, focuses on requirements necessary inside the United States. The second discusses requirements for forward theaters, building on the analysis for the US territory and the authors’ previous paper “Cyber, Extended Deterrence, and NATO.” The broad conclusion of the paper is that effective planning and operations require two overlapping sets of requirements to be undertaken: • The military needs to develop a concept of operations that allows it to determine the required support from the ISPs and the electric grid in a high-end contingency (such as defense of the Baltics) and to provide the basis for a prioritized approach to cyber protection, resilience, and recovery of those networks. To prioritize mission-essential networks and industrial control systems that are critical for responding to regional crises, coordination with civil authorities, the ISPs, and electric grid operators both prior to and during a crisis will be necessary. • The civil authorities, the ISPs, and electric grid operators need to develop contingency planning to elucidate the type of assistance they are likely to need from the military to provide the protection, resilience, and recovery necessary to maintain adequate telecommunications and grid operations for the nation in the event of a high-end contingency. The grid and ISP operators have unique knowledge of their specific system architectures and restoration plans; therefore, they are the best experts to convey that information to the military so the military is ready to actively support their efforts both during an attack and for post-cyberattack restoration. Without this foreknowledge about the specific systems, DoD personnel who undertake to assist during a crisis would be ineffective and could in fact cause harm to the systems and contribute to other adverse consequences. To accomplish these objectives in the United States, six steps need to be undertaken: 1. First, contingency plans for military, civil authority, ISP, and electric grid operator interactions must be established for a high-end contingency through the use of an effective planning process supported by regular exercises and detailed playbooks that are routine in other emergency scenarios such as storms, fires, and earthquakes. 2. Second, clear chains of command for a high-end contingency need to be established between the civil authorities and the DoD and within the DoD itself, and an operational mechanism needs to be created to include the ISPs and the electric grid to allow prompt and responsive actions. To remedy existing disconnects between the DoD and other departments and to allow for proper interaction with the ISPs and grid operators in the context of a high-end contingency, Congress should consider creating a requirement for “unified cyber actions” along the lines of what the Goldwater-Nichols Act established for the DoD, requiring joint actions among the four services for war-fighting purposes. 3. Third, it is important to undertake actions in advance of a high-end attack to establish the greatest likelihood of effective protection, resilience, and recovery, as numerous analyses have determined that to generate desired results defenders cannot wait for the actual attack. Among other important steps prior to conflict, intrusions need to be blocked as much as possible; malware needs to be removed; and capabilities for maintaining data integrity, confidentiality, and availability need to be built and exercised. Critical to this effort is the use of a variety of adaptive resilience techniques, ranging from diversity and redundancy to moving target defenses and deception. All these resiliency features require development and implementation prior to conflict. Not all attacks can be protected against, but their effects can be mitigated if steps are taken in advance. DoD can utilize the knowledge generated in the defense of its own networks to assist defenders, and undertake research and development through the Defense Advanced Research Projects Agency and other DoD applied research and development activities to provide advanced capabilities. 4. Fourth, the roles of the National Mission Teams (NMTs), and the associated National Guard–supported teams, currently being established by Cyber Command to respond to cyberattacks of significant consequence, must be developed and clarified. NMTs and National Guard missions during an attack should be developed, specifying how they will interact with ISPs and grid operators. NMTs and the National Guard will not have the degree of expertise that ISP and grid operators have in their respective domains, but a combined effort utilizing exercises and modeling can establish tactics, techniques, and procedures for operating in a degraded environment. Additionally, NMTs and the National Guard should operate not only once a high-end attack has begun, but should help support actions prior to such an attack that will enhance protection, resilience, and recovery of the ISPs and the electric grid if an attack occurs. In addition to substantive planning, operational legal authorities must be clarified before an attack occurs. Moreover, a determination should be made whether the capabilities of the active force and the National Guard are sufficient or whether they need to be supplemented by private sector cyber security expertise, working under government direction and control in connection with high-end contingencies or in direct support to the ISPs and grid operators. For both conflict and restoration operations, such private sector skilled personnel may be necessary, especially if the NMTs and National Guard are needed to give direct support to DoD in a time of crisis. Any private sector personnel will need to be familiar with the specific operational technology networks, software applications, and protocols of the specific critical infrastructure. 5. Fifth, DoD should establish programs and funding to support resilience and recovery. The US government should leverage the Defense Production Act to ensure that readiness reserves in hardware and systems exist for critical infrastructure providers as they reconstitute/recover. The DoD could provide a contractual program for the purchase of key infrastructure components. Companies who participate could be further incentivized through payments and limited liability protection to provide greater levels of security to their industry supply chain and vendor management processes and to adopt best-practice secure engineering and better-engineered products. DoD funding could also support the Department of Energy efforts contemplated under the Strategic Transformer Reserve of the Fixing America’s Surface Transportation Act (FAST Act). 6. Sixth, offense will be a key element of effective operations. Prior to conflict, it will be important to undertake expanded “fusion” efforts, largely by civil authorities, to bring to bear intelligence, cyber, financial, law enforcement, and other capabilities to disrupt adversarial cyber planning and operations. Campaign planning should include courses of action to respond to so-called hybrid warfare, including cyber-enabled “flexible deterrent (and response) options,” so that commanders will have a full spectrum of options to utilize if the president determines it appropriate. In the event of conflict, cyber capabilities can be used against an adversary, targeting not only adversary cyber but also military capabilities such as sensors, communications, logistics, and military supporting infrastructures. In forward theaters, effective operations will require all of the foregoing to be undertaken including contingency planning; clear delineation of command chain; clarity on the role of cyber teams; identification of prior actions to enhance protection, resilience, and recovery; and use of offense. However, as the United States will be operating as part of an alliance or organized coalition, cyber requirements will have to be coordinated and undertaken with allies and coalition partners. Accordingly, in addition to the specifics noted above, three additional elements will be key: the United States should act as a “cyber framework nation” to help support national capabilities; operational partnerships should be created between and among the military, civil authorities, the ISPs, and grid operators in the host nation; and cyber tools should be part of the military war-fighting effort, to disrupt adversary cyber operations and military capabilities including sensors, communications, logistics, and war-supporting critical infrastructure. Franklin D. Kramer is a distinguished fellow and on the board at the Atlantic Council and a former assistant secretary of defense. Robert J. Butler is an adjunct fellow at the Center for a New American Security and served as the first US deputy assistant secretary of defense for cyber policy. Catherine Lotrionte is the director of the CyberProject in the School of Foreign Service at Georgetown University, former counsel to the President’s Foreign Intelligence Advisory Board, and former assistant general counsel at the Central Intelligence Agency. January 3, 2017
By: Atlantic Treaty Association
The Cybersecurity Conundrum
PUBLISHED: February 7, 2017
A quarter-century on, as whole new layers of a burgeoning digital economy like the Internet of Things (IoT) rest on it, the Internet faces an array of challenges from the Dark Side that its inventors never quite anticipated. Enhancing cybersecurity is critical not only to the viability of the Internet, but to the next wave of innovation and perhaps to the increasingly digitized global economy writ large. In his annual threat assessment to the Congress, Director of National Intelligence James Clapper argued that cybersecurity and the threats to networks are at the top of the list of US concerns. The need to trust technology is key to its viability, not least for the still emerging IoT, the linking of devices to other devices, with services operating on the Cloud. McKinsey projects the IoT to add $4 trillion to $11 trillion in value by 2025. As our dependence on connected technology rises, its security must be worthy of the trust placed in it. As the amount of software in life-critical systems increases, the number and severity of software flaws also increase. As connectivity increases in an era of Cloud computing, exposure to accidents and adversaries rises with it. If cars, homes, and even medical devices like pacemakers can be easily hacked, when public safety may be at risk, who will trust the IoT? Without trust, consumers will not buy these devices, eliminating financial gains as well as benefits such as safer cars, better medical devices, etc. Getting cybersecurity right would be an enormous enabling achievement. The San Bernardino iPhone case has exposed a tension between government and markets. Customer demand and corporate direction, in response to perceived law enforcement overreach on metadata, led to strong data protection which hides content from bulk collection and analysis. The FBI and DoJ were at odds with Apple, with the competing interests of consumer trust and protection against data theft, versus combatting terrorism, and systemic vulnerability in technology. This has exemplified an “us vs. them” mentality, often present in these conversations, which must be resolved. This reflects a fundamental tension between the need for law enforcement to investigate crimes and the need to protect privacy from law enforcement overreach. There appears no silver bullet on the horizon to resolve this – and there may not be one. To get beyond this situation, a dialogue including all stakeholders – insurers, customers, venture capital, lawyers – may be key. One example of such a process is the FDA approach of bringing in all stakeholders to discuss cybersecurity of medical devices with the aim of aligning interests of those stakeholders around the cybersecurity impacts to patient care and patient safety. Government needs to define a role that does not impede innovation and investment, yet sets the parameters of required outcomes and guidelines for attaining it. In addition to the FDA approach, another example of self-regulation, however imperfect at present, is the credit card industry adoption of the Data Security Standard to enhance cybersecurity. With the threat of legislation looming, the industry (after banks bore the cost of fraud) devised a solution to preserve trust in the credit card system. Consumers are most comfortable with a ‘walled garden’ of privacy; such as the software that is licensed and controlled for iPhone encryption. In the case of Apple, there is neat coincidence, as the security model also aligns with its business model. Many devices are following the Apple path with lockdown software, especially automakers. But this is not the case with the Android ecosystem, which tends to leave devices more open to adversaries. Where – or how --to find the right security model for the Internet of Things remains a matter of some debate. In any case, one important aspect of maintaining security levels is building in design features for resiliency like software updates, which allow a prompt, secure, and agile response to flaws once discovered. This also keeps down costs, compared with product recalls. It is important to connect the imperative of stopping incidents to the larger imperative of reducing risk to the ecosystem. Government procurement, a slow and tedious process, faces a particular challenge in the ability to understand risk when buying software or connected devices. Another issue of trust is in regard of the identity of users. If we cannot absolutely determine the identity of a user, who is allowed access and/or can make changes then the whole system is at risk. The complex systems involved in the IoT give this problem an urgency that industry needs to solve if there is to be ample trust of consumers to buy into the IoT. In a hospital operating room, passwords slow down care delivery and may cause harm, yet biometrics are frustrated by sterile gloves and masks. Authentication and identity will need to be rethought in a hyper-connected environment. The expansion of the digital economy means there are increasing numbers of access points and software versions for intruders. This complicates the challenge of building ample trust for users. One aspect of the IoT may provide part of the solution: the combination of AI and Big Data may provide the ability of accurate machine detection and analysis of intrusions and attacks. DARPA, the Pentagon agency that was instrumental in the invention of the Internet, has announced a new program to use AI to attain rapid attribution of the full range of hackers and cyberattacks. The great fear is that events may force the issue. If there is a cyber 9/11, Congress is likely to pass legislation focused entirely on the security end in ways that reduces space for innovation and investment. This underscores the need for a more technically literate policy environment, informed by consequences of too much, too little, or the wrong type of action. While regulating technology may stifle innovation, some role is necessary in the same way that restaurant kitchens are held to sanitary codes, to protect public health without impeding business. By preparing now, any eventual crisis of confidence can be met with the right policy response. Robert A. Manning is Resident Senior Fellow at the Atlantic Council’s Brent Scowcroft Center on International Security. May 13, 2016
By: Atlantic Treaty Association

Join the ATA newsletter!

The Atlantic Treaty Association (ATA) is an organization of 38 national chapters that, since 1954 has been conducting analyses, training, education, and information activities on foreign affairs and security issues relevant to the Atlantic Alliance. ATA draws together political leaders, diplomats, civilian and military officers, academics, economic actors as well as young professionals and students in an effort to further the values set forth in the North Atlantic Treaty.