German Digital Army: 'We Need Norms of Behavior in Cyber Space' - Specialist

The German military is building a cyber mission force. The Bundeswehr emphasized the defensive character and said the goal is to protect networked systems. Sputnik discussed the rules of conduct in the cyber space with Pierluigi Paganini, the chief technology officer at CSE and member of the ENISA Threat Landscape Stakeholder Group.
Sputnik

Sputnik: Why in your view then is Germany setting up this cyber defense center now and what's prompted the move do you think?

Pierluigi Paganini: It is part of the cyber strategy of the German Government. And I believe that it is the response to the increasing number of cyberattacks that every day target businesses and the government organizations worldwide. The Bundswehr is intensifying its cyber defense efforts and to do this they need to train a new generation of soldiers that are able to identify and repel cyber threats.

READ MORE: Keyboard Warriors: Bundeswehr Set to Graduate Masters in Cybersecurity

Sputnik: Not only Germany but the United States and NATO as well are reportedly building a cyber mission force. How vulnerable are other states to hackers' attacks?

Pierluigi Paganini: You're right. Almost every government is building its cyber mission force and it is the response to the attacks launched by nation-state actors and also by certain criminal organizations. We're all potential targets of a cyberattack that could be launched in any time from everywhere and it is hard to attribute to a specific threat actor. In my opinion, the risk is that such kinds of forces are used for offensive purposes.

Sputnik: Now we're living in an increasing technological era and it appears that people and individuals are even more adepts now to getting over, getting around, getting on the computer systems from companies, states and organizations so how important is it for the states to be able to counter hack cyberattack? Is this something that needs to be done now?

Pierluigi Paganini: It is essential but it's very risky. We're approaching a so-called militarization of cyber space. Governments are launching cyber espionage and sabotage campaigns from the cyber space that is the same domain to where business and citizens operate every day. A cyber weapon developed by a nation-state actor could rapidly spread and cause severe damages to any entity. They can also run out of control with unpredictable consequences. The risks are enormous in my opinion and that's why we need mandatory norms of state behavior in the cyber space.

READ MORE: Moscow Concerned by UK's Pledge to Use Cyber Capabilities Against Russia

Sputnik: And what can be done to ensure that cyber defense capabilities aren't used as offensive warfare by the governments in the future, it's very disturbing, isn't it?

Pierluigi Paganini: The governments worldwide must assign and accept a set of norms for state behavior. These were our main topics and our main efforts during the past G7 Summit that was held in Italy. I'm one of the authors of these norms that in this phase are adjustable. We must share these norms with other governments that weren't present during the G7 works and it must be ensured that these norms would be mandatory in the future.

Sputnik: Why is this so difficult to determine the location from where the hackers are carrying out their attacks and do you think it will be possible in the future to determine their exact location?

Pierluigi Paganini: It's difficult because it's quite easy for threat actors to compromise system of a third-party entity such as a government or an organization and use its resources to launch a cyberattack. The most important aspect to attribute an attack to a specific threat actor is information sharing. This means that governments must share any information on cyberattacks and threat actors and this knowledge base is essential to rapidly identify and attribute the attack.

Sputnik: Obviously the last two years or so we've had lots of commentary about Russian hackers and bots attacking the American presidential election, Brexit, the Swedish election, the French election. Russia's attacked every election that's happened in the last two years.  What's your feeling about it? Do you think there's any credence in these reports or what's your general take on these attacks and where they've actually come from?

Pierluigi Paganini: I believe that almost every government is doing the same — Russian, Chinese government, North Korea, the US — almost every government is quite doing the same. We cannot forget for example what the Japanese did during the Arab Spring. Also in that case social media were used to fuel disorders in the countries. So probably my opinion is that we need rules of state behavior, we need to approach in a serious way the effect of any action of a government in the cyber space.

READ MORE: Comic Book for US Troops Predicting Russia's Victory in Cyber Warfare Released

Sputnik: Obviously as I mentioned before the technological age that we're living in is advancing rapidly now. What's your best advice and recommendation for even a standard company to try to protect their security systems with their computers, etc., for a strategy moving forward because it's essential now that they have the upmost protective systems implies, isn't it?

Pierluigi Paganini: There are two aspects that I want to highlight. First of all, the human factor. You have to consider that the most successful attacks are based on weakness in the human behavior. For this reason it's essential to spread awareness on cyber threats among the employees of any company. We need to use technology and the specific components only when we really need them. Imagine for example a mobile device and a mobile application that you can install on such kind of a device. We need to install all those applications that we really need. Any other application that we use or any other software that we use in our companies that we don't need could open the door to hackers.

The views of the speaker do not necessarily reflect those of Sputnik.

Discuss