The Cooperative Cyber Defense Center of Excellence (CCDCOE) opened in May 2008 in Tallinn, Estonia, to assist NATO with technical, legal and policy issues associated with dealing with cyberwarfare incidents. The 20-person center includes civilian analyst Kenneth Geers, who works for the U.S. Navy's Naval Criminal Investigative Services. Geers, who has been with the center for about a year and a half, spoke about CCDCOE's mission on the opening day of the organization's first-ever Conference on Cyber Warfare on Wednesday.
IDGNS: There seem to be a lot of people from the U.S. here at the conference. Why is that?
Geers: I don't want to say we [the U.S.] are necessarily squared away, but the U.S. has been doing this for a while. If you look at the major exercises -- the cybersecurity exercises done in the mid-'90s -- I think the U.S. is definitely looked at as a leader in this field.
IDGNS: What do you do at CCDCOE?
Geers: I'm trying to look at how to do cyberdefense better and cybersecurity from an analytical perspective. I'm not a coder. Basically, I'm an analyst in a cybersecurity shop. That looks a lot like trying to articulate this problem to decision makers and managers and readers whether they're in the national security community or outside. This event is a good example of, I think, a contribution that is largely for everyone.
IDGNS: Could you describe what the CCDCOE is doing on the legal and policy sides?
Geers: Our next conference in September will be specifically cyberlaw. Government and militaries and intelligence organizations can't by law do anything that has not been approved and told they can do. Cyber is a challenging environment because it's relatively new. It's relatively mysterious. You can't see it. It's one of those intangible things. For lawyers I think as well as everyone else, the cybersecurity challenge to a certain extent goes back to things that the center I think is going to be quite good at, which are definitions and concepts. Nobody can even decide what a computer network attack is, and it's nice to look at it from a national security perspective.
IDGNS: You mentioned that NATO had given the center 50 tasks to do. What are those?
Geers: I think there were 19 that basically were evaluated by the center to help describe our 2009 program of work. Now we've just received 30 that we should consider for our 2010/2011 program of work. And I can describe them generally. Those fall into at least three categories. One is concept, strategy and doctrine development and clarification. This conference is a great example of that.
We're trying to make progress on understanding the discipline and clarifying it for decision makers, policy makers, lawyers and militaries as well. Another big set of them are tech support. Operational elements within militaries and production networks within business -- they don't have time usually for the kind of work that we might do at the center -- it would be more like a university would do.
IDGNS: What kind of educational courses will CCDCOE offer eventually?
Geers: Over the past year we ran a cyberdefense exercise in a lab network just to show students attack and defense basics. This was between university students in Estonia and Sweden. They got together over the weekend and learned how to build and configure systems for attack and defense. It was the kind of thing the center is going to be good at, which is basic foundational education and training.
IDGNS: How much do offensive cyberwarfare capabilities enter into the formula of having a good defense?
Geers: One of the nice things about the center is that we're not operational. We can explore these concepts. NATO doesn't staff us, they don't pay salaries and they don't direct us to do anything they ask us for research support. So that means at a conference like this a paper that someone wanted to present on how to exploit or how to turn off your adversaries military before you go to war would be entirely appropriate concept to discuss. This is an open environment that is academic in nature.
IDGNS: What about countries outside of NATO? You said someone was coming from Russia to the conference. What about these countries that are consistently named as hotbeds for cyberattacks? Any interest from China?
Geers: I tried to advertise the conference a bit. Next year I think we will have more success in that area. We had a submission from the Far East, but only one. We have a presenter from India. I think it's going to take another year or two for the conference to become well known around the world and in the Far East in particular.