NATO cyber defense center fights tide of hacking attempts
MONS, Belgium (Reuters) - Crouched behind banks of computer screens flashing data, NATO analysts try to stay ahead of millions of suspected attempts to hack the Western alliance's computer networks, as cyber defense moves to the center of NATO operations.
NATO's cyber defense nerve center, operating from the alliance's operational headquarters at Mons in southern Belgium, monitors potential attacks on NATO computer systems installed at 55 locations around the world.
"Our intrusion detection systems handle something like 147 million suspicious events every day," director Ian West told reporters during a visit to NATO's computer incident response capability technical center on Wednesday.
Attacks on NATO's systems range from hacking, attempts to implant malicious software and so-called denial of service attacks where a computer is bombarded with so much data that it collapses.
NATO analysts dealt with around 2,500 confirmed serious attacks on its computers last year, West said.
In an era where weapon systems and military operations increasingly depend on computers, there is a risk that hacking attacks could have fatal consequences for the alliance.
"The worst case scenario of a cyber attack for us could be loss of life ... If intelligence doesn't get through about an ambush, if notification doesn't get through about a security situation, then our troops' lives are at risk," West said.
Some attacks against NATO's computer networks have been successful, he said, although he declined to say whether hackers had succeeded in stealing confidential data.
The threats come from hacking activists, criminals and "hostile nation states", although West declined to say which countries are suspected.
In May, the Pentagon said China was using espionage to acquire technology to fuel its military modernization, for the first time accusing the Chinese of trying to break into U.S. defense computer networks. Beijing denied the allegation.
China hit back after fugitive spy agency contractor Edward Snowden leaked details of U.S. cyber spying, accusing Washington of hypocrisy.
Analysts among the cyber defense centre's 130-strong staff from 15 nations say the attacks on NATO defense systems are growing in number and sophistication.
"The majority of the attacks are conducted by 'spear phishing' emails," said Andrzej Dereszowski, a Polish engineer at the center, referring to attempts by hackers to get hold of passwords or other confidential information by posing as a legitimate organization.
"They try to entice the user to follow the links (in emails) by pretending to be from a legitimate source or even using another compromised organization to actually send emails from a real person from that organization," he said.
In the case of a serious hacking attempt, the centre's analysts will analyze malicious code used and try to find who is behind the attempt, West said.
If it needs help from police, NATO may tip off the country concerned, but it will not go after the hacker itself, he says. NATO's remit in the cyber area is purely defensive, not offensive.
NATO was alerted to the threat of cyber attacks in 2007, when Estonia's Internet network was paralyzed by an electronic attack that Estonia blamed on Russia.
Since then, NATO has given a much higher priority to cyber defense. NATO ministers agreed at a Brussels meeting last month to strengthen the organization's cyber defenses.
The alliance is beefing up the capabilities of the Mons cyber defense center, including creating rapid reaction teams to help protect NATO's own computer systems and an around-the-clock response to incidents.
(Editing by Robin Pomeroy)