Information Brief

Cyber in Europe
MAJ William Frost
SG18C
20170417

UNCLASSIFIED
 Purpose

• To provide the class with a brief overview of the Cyber

environment in Europe.

UNCLASSIFIED
 Outline

• Organizations
• Governance
• Threat – Activities / Actors
• Symposiums / Exercises
• Collaboration
• Article 5

UNCLASSIFIED
 References

• http://www.5sigcmd.army.mil/Units/RCC/
• https://www.enisa.europa.eu/
• http://www.nicp.nato.int/
• https://ccdcoe.org
• http://www.osce.org/cyber-ict-security
• ENISA Threat Landscape Report 2016 (JAN 2017)

UNCLASSIFIED
 Organizations

• 5th Regional Cyber Center – Wiesbaden Germany (5th Signal Command)

– Operate, manage, administer and defend the Army portion of the European Theater
Global Information Grid (GIG) to deliver seamless C4IM capabilities in support of
all European Theater Army organizations. Coordinates with EUCOM, AFRICOM
TNCCs. Takes direction from Army GNOSC (NETCOM). Coordinates NetOps functions
laterally with DISA, Navy, Air Force and Marine Corps. Project enterprise services and
the theater network common operational picture to 7th ARMY OCP and deployed tactical
forces.

UNCLASSIFIED
 Organizations

• North Atlantic Treaty Organization Communications and Information

Agency (NCIA) – Brussels, Belgium

• The NCI Agency, Directorate Infrastructure Services (DIS) is responsible to

the NCI Agency to strengthen the Alliance through connecting its forces. The
DIS delivers secure, coherent, cost effective and interoperable
communications and information systems in support of consultation,
command and control and enabling intelligence, surveillance and
reconnaissance capabilities, for NATO, where and when required.
• The NATO Computer Incident Response Capability (NCIRC) protects
NATO’s own networks by providing centralized and round-the-clock
cyber defense support to the various NATO sites. This capability is
expected to evolve on a continual basis, to maintain pace with the rapidly
changing threat and technology environment.

UNCLASSIFIED
 Organizations

• NATO Cooperative Cyber Defense Center of Excellence (CCD COE) –

Tallinn, Estonia
– Our mission is to enhance the capability, cooperation and information sharing among NATO,
NATO nations and partners in cyber defense by virtue of education, research and development,
lessons learned and consultation. The heart of the Center is a diverse group of experts –
researchers, analysts, trainers, educators – from 20 nations.
– As of 2017, Belgium, the Czech Republic, Estonia, France, Germany, Greece, Hungary, Italy,
Latvia, Lithuania, the Netherlands, Poland, Slovakia, Spain, Turkey, the United Kingdom and the
United States are signed on as Sponsoring Nations of the NATO CCD COE. Austria and Finland
have become Contributing Participants and Sweden is well on its way of doing the same. The
Centre is staffed and financed by member nations and is not part of NATO’s military command
or force structure.

UNCLASSIFIED
 Organizations

• European Union Agency for Network and Information Security (ENISA)

– Athens, Greece

‘Securing Europe’s Information Society’

The mission of ENISA is to contribute to securing Europe’s information society by

raising “awareness of network and information security and to develop and promote a
culture, of network and information security in society for the benefit of citizens, consumers,
enterprises and public sector organizations in the Union”

UNCLASSIFIED
 Organizations

• Organization for Security and Co-operation in Europe (OSCE) Cyber /

ICT Security – Vienna, Austria
– The OSCE Secretariat’s Transnational Threats Department assists participating States in their
endeavors to enhance cyber/ICT security through a four-pronged approach to global cyber stability
between States:
1. Enhance transparency, co-operation, and stability between States in cyberspace through
confidence-building measures (CBMs)
2. Develop acceptable norms of state behavior in cyberspace and clarify how international law
applies in this domain
3. Enhance international co-operation
4. Build national/international capacities to deal with cyber challenges.

UNCLASSIFIED
 Organizations

• Europol European Cybercrime Center (EC3) – Vienna, Austria

– Europol set up the European Cybercrime Centre (EC3) in 2013 to strengthen the law enforcement
response to cybercrime in the EU and thus to help protect European citizens, businesses and
governments from online crime.
– EC3 focuses on cybercrimes that:
• are committed by organized crime groups, particularly those generating large criminal profits,
such as online fraud;
• seriously harm victims, such as online child sexual exploitation;
• impact critical infrastructure and information systems in the EU, including cyber attacks.

UNCLASSIFIED
 Governance

• Tallinn Manual on the International Law Applicable to Cyber Warfare

– The Tallinn Manual 2.0 is the most comprehensive analysis of how existing international law
applies to cyberspace. The 2017 edition covers a full spectrum of international law as applicable
to cyber operations, ranging from peacetime legal regimes to the law of armed conflict. The
analysis of a wide array of international law principles and regimes that regulate events in cyber
space includes principles of general international law, such as the sovereignty and the various
bases for the exercise of jurisdiction. The law of state responsibility, which includes the legal
standards for attribution, is examined at length. Additionally, numerous specialized regimes of
international law, including human rights law, air and space law, the law of the sea, and diplomatic
and consular law are examined within the context of cyber operations.

UNCLASSIFIED
 Governance

• NATO policy on Cyber Defense

• Cyber Defense Pledge
• The NIS Directive
• Technical Arrangement between NATO and EU on Cyber Defense
• NATO and Finland sign a Political Framework Arrangement on cyber defense
cooperation
• Approximately 30 organizations have signed the Coordinated Vulnerability
Disclosure Manifesto, in which they declare to support the principle of having
a point of contact to report IT vulnerabilities to.

UNCLASSIFIED
Threat Activity

UNCLASSIFIED
Threat Activity

UNCLASSIFIED
Threat Activity

UNCLASSIFIED
Threat Actors

UNCLASSIFIED
 Symposiums and Training

• Cyber Conflict (CyCon) – Conference

• Cyber Coalition – Exercise
• Locked Shields - Exercise
• Crossed Swords - Exercise
• NIAS – Conference
• Cyber Europe - Exercise

UNCLASSIFIED
 Recent Collaboration

• NATO trains Iraqis on Cyber Defense

• The German military, or Bundeswehr, has launched a new
Cyber and Information Space Command (CIS).

UNCLASSIFIED
 Article 5

• NATO acknowledges Cyber as a warfighting domain.

• In 2014 Wales Summit (para. 72), NATO governments made clear that
cyberattacks could trigger collective self-defense under Article 5 and
explained that a decision to invoke NATO’s collective defense obligations
would occur “on a case-by-case basis.”
• NATO’s Deputy Supreme Allied Commander Europe, General Sir Adrian
Bradshaw, has reportedly suggested that NATO may consider Russian
interference in upcoming European elections as an attack triggering collective
defense measures

UNCLASSIFIED
Questions

UNCLASSIFIED
Conclusion

UNCLASSIFIED