NATO cyber defence centre fights tide of hacking attempts
* Cyber defence moves to centre of NATO agenda
* Analysts detect millions of "suspicious events" each day
* Some attacks have been successful, centre's director says
By Adrian Croft
MONS, Belgium, July 10 (Reuters) - Crouched behind banks of computer screens flashing data, NATO analysts try to stay ahead of millions of suspected attempts to hack the Western alliance's computer networks, as cyber defence moves to the centre of NATO operations.
NATO's cyber defence nerve centre, operating from the alliance's operational headquarters at Mons in southern Belgium, monitors potential attacks on NATO computer systems installed at 55 locations around the world.
"Our intrusion detection systems handle something like 147 million suspicious events every day," director Ian West told reporters during a visit to NATO's computer incident response capability technical centre on Wednesday.
Attacks on NATO's systems range from hacking, attempts to implant malicious software and so-called denial of service attacks where a computer is bombarded with so much data that it collapses.
NATO analysts dealt with around 2,500 confirmed serious attacks on its computers last year, West said.
In an era where weapon systems and military operations increasingly depend on computers, there is a risk that hacking attacks could have fatal consequences for the alliance.
"The worst case scenario of a cyber attack for us could be loss of life ... If intelligence doesn't get through about an ambush, if notification doesn't get through about a security situation, then our troops' lives are at risk," West said.
Some attacks against NATO's computer networks have been successful, he said, although he declined to say whether hackers had succeeded in stealing confidential data.
The threats come from hacking activists, criminals and "hostile nation states", although West declined to say which countries are suspected.
In May, the Pentagon said China was using espionage to acquire technology to fuel its military modernisation, for the first time accusing the Chinese of trying to break into U.S. defence computer networks. Beijing denied the allegation.
China hit back after fugitive spy agency contractor Edward Snowden leaked details of U.S. cyber spying, accusing Washington of hypocrisy..
Analysts among the cyber defence centre's 130-strong staff from 15 nations say the attacks on NATO defence systems are growing in number and sophistication.
"The majority of the attacks are conducted by 'spear phishing' emails," said Andrzej Dereszowski, a Polish engineer at the centre, referring to attempts by hackers to get hold of passwords or other confidential information by posing as a legitimate organisation.
"They try to entice the user to follow the links (in emails) by pretending to be from a legitimate source or even using another compromised organisation to actually send emails from a real person from that organisation," he said.
In the case of a serious hacking attempt, the centre's analysts will analyse malicious code used and try to find who is behind the attempt, West said.
If it needs help from police, NATO may tip off the country concerned, but it will not go after the hacker itself, he says. NATO's remit in the cyber area is purely defensive, not offensive.
NATO was alerted to the threat of cyber attacks in 2007, when Estonia's Internet network was paralysed by an electronic attack that Estonia blamed on Russia.
Since then, NATO has given a much higher priority to cyber defence. NATO ministers agreed at a Brussels meeting last month to strengthen the organisation's cyber defences.
The alliance is beefing up the capabilities of the Mons cyber defence centre, including creating rapid reaction teams to help protect NATO's own computer systems and an around-the-clock response to incidents. (Editing by Robin Pomeroy)