War takes place not only on the battlefield, but also in cyberspace. During the war in Ukraine, cyber-attacks on government services and critical infrastructure formed the prelude to the Russian invasion. But are Belgian institutions also potential targets? In our country, the CCB is keeping a watchful eye on the situation.
The Centre for Cybersecurity Belgium (CCB) is the national authority for cybersecurity. The organisation is responsible for the implementation of cyber security policy in our country: for citizens, companies, authorities and organisations of vital importance, such as transport, public health, energy and telecommunications. The CCB is under the direct authority of the Prime Minister.
What does the term 'cyber war' mean in the context of the CCB?
Miguel De Bruycker, managing director of the CCB: “We must look at the way escalation works. In peacetime, there is diplomatic consultation between countries. In practice, however, espionage can still take place. If tensions arise, we see, for example, the emergence of disinformation. If a conflict arises, economic measures and sabotage follow. The next step in the escalation leads to war, with nuclear war as the highest - and final - level on the scale. The digital aspect appears throughout all these phases, for example, in espionage and disinformation. In the evolution from conflict to war, cyber-attacks precede the 'traditional' attacks with weapons. The goal of cyber-attacks is to hit a country or destabilise its government. The cyber-attacks are mostly aimed at government institutions, the military, energy supply and telecommunications. This is also what we saw in the run-up to Russia's invasion of Ukraine. Only the Russian cyber-attacks were not particularly successful."
"A country that protects itself well against cybercrime is better able to protect itself against military cyber weapons as well".
The CCB's campaigns focus, among other things, on improving cybersecurity among citizens. How is that linked to those forms of cyber warfare you just described?
"A country that protects itself well against cybercrime is better able to protect itself against military cyber weapons. We have also seen this in Ukraine. The attacks in the run-up to the Russian invasion started with techniques from 'normal' cybercrime, such as the use of phishing to gain access to networks. Cyber-attacks in the context of war usually first target the government and the military. Then they try to disable communications and power supplies, to create fear among the population."
Is it possible to trace the origin of these attacks?
"Often not. Most attacks are anonymous. Attackers do not approach their target directly. They abuse other victims' systems to launch their attacks from there. At the same time, we know that every organisation prefers its own typical methods and tools. So, the way you are attacked does say something about who the attackers might be."
Are there any risks for our country in terms of cyberwar, for example in the context of the war in Ukraine?
"Some countries are taking tougher economic sanctions against Russia and are therefore facing more cyber-attacks. There are no indications that Belgium is a specific target in this respect. But there are obviously Belgian companies supplying Ukraine in one way or another."
"In the digital space, citizens must protect themselves. There is no such thing as a public cyberspace."
There is no public cyberspace
In the public sphere, it is the government that guarantees the safety of citizens, for example through police forces and the army. How does that happen in the digital world?
"That is an interesting question. It is indeed the government that protects the public sphere. It intervenes only to a very limited extent in private space, especially when things go wrong. In the digital space, citizens must protect themselves. There is no such thing as a public cyberspace."
How does the CCB help with this in concrete terms?
"Among other things, we are responsible for detection. We detect attacks and try to disrupt them. We also alert citizens and companies to the vulnerabilities in their systems and their behaviour. We want to make people aware of the dangers as much as possible. Our goal is to reduce the vulnerability of citizens and companies by focusing on both human and technical elements. The human aspect is very important. Compare it to driving a car. You can have a car that is very well secured, but if you drive at 200 km/h with your eyes closed, accidents will still happen. It's the same in the digital world. Technical security on its own is not enough. You also have to behave responsibly in cyberspace."
What does the CCB do to protect our critical infrastructure?
"We have an early warning system specifically for critical infrastructure. To be precise, we keep an overview of the threats that are out there. When there is a concrete threat, the system automatically sends out an alert. We are now going to broaden that approach so that we can deliver alerts to all companies in our country."
What if hackers did manage to penetrate, for example, critical infrastructure?
"In that case, the Cyber Emergency Response Team (CERT) takes immediate action. That is the operational service of the CCB. The CERT makes a diagnosis, stops the attack and takes the necessary protective measures. We can count on consultation within the European network of national organisations working on cybersecurity. In addition, the CCB is in direct dialogue with national defence. Not only to protect the digital branch of the army, but also to allow the army to make maximum efforts for the protection of the country."