July 25, 2024

SHARE |

NATO Confronts Rising Cyber Threats

AP Photo/Haven Daley

During the 75th Anniversary NATO Summit on July 10 in Washington, D.C., NATO leaders announced the establishment of the NATO Integrated Cyber Defence Centre (NICC) at Supreme Headquarters Allied Powers Europe (SHAPE) in Mons, Belgium. This new cybersecurity hub will inform NATO military commanders about potential threats and vulnerabilities in cyberspace that could affect NATO's operations. The initiative responds to a significant increase in cyberattacks, particularly from state-backed groups following Russia’s full-scale invasion of Ukraine in early 2022. These attacks have targeted NATO's infrastructure and technology, aiming to weaken the alliance's unity and resilience while also attempting to cripple essential warfighting functions.

Russia has emerged as one of the primary cyber aggressors against NATO member countries, as notorious Kremlin-backed groups, including APT29 (Cozy Bear), and APT44 (Sandworm), have intensified their activities, establishing cyber operations as a crucial element of Russia's broader strategy against Ukraine and NATO allies. Cyber operations and disinformation efforts have long served as a pillar of Russian hybrid warfare doctrine.

APT29, linked to the Russian Foreign Intelligence Service (SVR) and notorious for its 2015-2016 infiltration of the U.S. Democratic National Committee, has recently stepped up attacks on political groups, think tanks, NGOs, technology firms, and government agencies. Last month, APT29 hacked TeamViewer, a major remote access software provider used extensively in the United States, the United Kingdom, and Canada. The hackers copied data such as names, corporate contact information, and encrypted passwords, likely aiming to access TeamViewer's sensitive client systems, sparking serious concerns about espionage and data theft. APT29 is also suspected in the compromise of Microsoft executive email accounts earlier this year, a phishing campaign against German political parties in February, and ongoing efforts to infiltrate the cloud accounts of various NATO government agencies and tech companies.

APT44, associated with Russian military intelligence (GRU), has also ramped up its operations. In the spring of 2024, APT44 targeted nearly twenty infrastructural facilities in Ukraine, disrupting energy, water, and heating supplies across ten regions. The attacks coincided with extensive Russian missile strikes on Ukraine's critical infrastructure, forcing scheduled power outages and allowing the Kremlin to gather intelligence forming part of a battle damage assessment while simultaneously planning further attacks.

In collaboration with the hacker group Cyber Army of Russia Reborn, APT44 also executed a series of cyberattacks on water and wastewater facilities across the United States and the European Union, including a January cyberattack on a water facility in Texas that caused a water tank to overflow, and a March attack targeting a French hydroelectric power station. These attacks have demonstrated the increasing capability and willingness of Russian cyber groups to disrupt NATO critical infrastructure, posing a significant threat to public safety and national security.

However, the cyber threat landscape against NATO is not confined to Russia. Actors from China and other countries, like Iran, though on a smaller scale, have also been implicated in cyber espionage and other ‘gray zone’ activities against NATO countries. The 75th Anniversary NATO Summit marked a significant shift, with NATO directly blaming China for “malicious cyber and hybrid activities, including disinformation” targeting the United States and Europe. Furthermore, on July 9, the United States, along with six allies, including Canada and the United Kingdom, accused hacking groups linked to China’s Ministry of State Security of stealing government and commercial secrets. However, China has strongly condemned these allegations.

NATO’s strong statement reflects the growing concern over cyber-attacks from China on key member countries in recent years. In March, the UK accused China of orchestrating a significant cyber hack targeting British parliamentarians and voter data, allegedly conducted by the state-affiliated group APT31. This reconnaissance activity focused on UK parliamentarians critical of Beijing, attempting to access sensitive information on members of parliament and data concerning approximately 40 million voters. The UK's National Cyber Security Centre concluded that the Chinese entity had successfully compromised the UK Electoral Commission's systems.

Furthermore, on January 31, the United States announced it had dismantled an ongoing Volt Typhoon operation, in which Chinese hackers gained control of hundreds of small office and home internet routers in the U.S. These routers were used to conceal the group's activities and launch attacks on critical infrastructure systems, including water treatment plants, the electrical grid, and transportation systems. In February 2024, FBI Director Christopher Wray testified before the U.S. House of Representatives, stating that this group had been targeting systems across the United States and Guam. Director Wray highlighted that the hackers were not only stealing sensitive data but also targeting infrastructure vital to civilian life, potentially to use as leverage during future crises. As great power competition intensifies, NATO faces a dual challenge of countering rising cyber threats and deterring military aggression, including potential Russian actions against Eastern European members, to safeguard regional security and civilian infrastructure.

Moreover, the recent outages caused by a misconfigured software update at Crowdstrike, affecting around 8.5 million users of Microsoft Windows devices worldwide, have underscored the alarming vulnerability of seemingly well-protected critical infrastructure. The incident, which disrupted services across various sectors, including air travel and healthcare, has not only demonstrated the potential scale of impact from such vulnerabilities but also prompted warnings from Crowdstrike about exploitation by malicious actors. Moreover, as states pursue the capabilities of emerging technologies, such as quantum computing, there is an increased risk to critical infrastructure.

The U.S. Cybersecurity and Infrastructure Agency (CISA) has warned about the not-to-distant threat of quantum computing that can break public key encryption algorithms used to protect business transactions, secure communications, digital signatures, and customer and civilian information, posing a significant threat to critical infrastructure. In light of these escalating threats, and as the global population becomes increasingly interconnected and reliant on the internet, NATO urgently needs to bolster its defense posture against cyberattacks. Establishing the NATO Intelligence and Cyber Command is a pivotal step. However, as a leading security provider in the Euro-Atlantic region, NATO has a monumental task ahead. It is yet to be seen how quickly it will be able to foster strategic coordination among its member states and with the private sector, a crucial step to maintain its edge in cyberspace and secure critical infrastructure.