Cyberwarfare is a reality and the question is not so much 'if' it will happen, but 'when'. Europe in general, and Belgium in particular, are investing significant human, technological and financial resources to deploy their cyber security 2.0 strategy. Alexandre D'Hondt of the Ministry of Defence explains.
What does cyberwarfare mean?
Alexandre D'Hondt, Captain-Commander in Cyber Defence: "Just like traditional warfare, it is a set of actions in cyberspace aimed at providing an advantage to a belligerent or a party involved closely or remotely in a conflict or the preparation of a conflict, for example by neutralising or by taking control of essential systems, but also by collecting information or even by manipulating the information it uses.
It therefore entails mainly espionage, sabotage or manipulation of information, usually by states but also by state-sponsored, hardened groups. The range of cyber threats is broader however and also includes (to be systematically prefixed with 'cyber', of course) terrorism, organised crime, hacktivism, isolated hackers or insiders.
In terms of cyber warfare, the trend is towards system sabotage software ("wipers"), distributed denial of service ("DDoS") attacks and fake news.
Is Belgium a potential target?
"More than ever, especially given the presence of NATO and the European institutions in Brussels. The impact could be great if one of these organisations were to be infiltrated via cyberspace, because it opens the doors to an inter-allied environment. This is why computer networks are well compartmentalised under the supervision of cohorts of cyber security experts.
The same applies to the Defence Headquarters, which is also located in Brussels. In general, there are multiple high-value targets in Belgium because of its international position and its involvement in international organisations, making the country a prime target."
What are the possible targeted sectors?
"The targeted sectors can range from power plants to food suppliers to the medical world, but also, and far from least, network service providers.
In a world where every organisation is increasingly reliant on IT (e.g. through the massive use of email or file sharing), cyberwarfare can affect any sector as long as there is an effect on the other party that can provide an advantage.
Cyberwarfare has become an integral part of hybrid warfare scenarios. The disinformation that certain actors engage in via social networks, in order to influence an election process, for example, is particularly worth mentioning."
Which sectors are the most vulnerable?
"Some recent events (the attack on the CHWaPi in January 2021 or on Vivalia in May 2022) show that medical institutions are still regularly and successfully targeted by cybercrime (with ransomware, i.e. software used to encrypt data and then a ransom is demanded to recover them), which tends to show their vulnerability to actors involved in Cyberwarfare.
It is easy to imagine the consequences of a military action resulting in many casualties (as is the case in Ukraine at present) combined with the neutralisation of the IT services of hospitals in the vicinity of the action.
According to some studies, the sectors most affected by cyberattacks at present are the medical, technology and telecommunications, financial and energy sectors.
Recent events have shown that, even before the invasion began, several sectors in Ukraine had already been targeted. This includes denial of service attacks on government, banking and media sites as early as February 2022, sabotage software targeting members of the government, but also attacks on the drug supply chain.
Today, many sectors have already equipped themselves with cyber capabilities to protect their IT infrastructures, but some areas are still lagging. This of course still depends on the investments they make in cyber security, which has become essential for the smooth running of organisations."
"The actors in cyberspace who pose threats are by definition characterised by their motivation and capabilities."
Who are the possible enemies?
"The most likely enemies are the great powers fighting for hegemony (such as Russia and China). They are mainly engaged in disinformation and cyberespionage. In the war in Ukraine, groups identified as belonging to Russia are trying to sabotage critical infrastructure and facilities such as power plants and to steal information that may be useful for conducting military operations.
But due account must be taken of the fact that because access to information has become so easy on the internet, small groups (especially terrorists or hacktivists) can cause significant effects by using knowledge that is openly and immediately available.
The actors in cyberspace who pose threats are by definition characterised by their motivation and capabilities. Major powers will be motivated by long-term dominance and will devote a lot of resources to that end, possibly using specialised groups that will cover their tracks (cyber mercenaries), while cyber criminals will seek to affect vulnerable sectors that can provide them with quick financial gain without bothering to remain discreet."
Efforts to strengthen our resilience
What measures are already being taken to combat cyber warfare?
"The number of cyber personnel has in general increased significantly in recent years in many sectors. Various actions at the national level combine efforts to increase our cyber resilience.
The Belgian Cyber Security Centre (CCB) is recruiting experts to bolster its capacity to respond to national crises. The Cyber Security Coalition undertakes various initiatives to share expertise and connect the worlds of industry, academia and government.
Defence is in turn honing its image as a major cyber player in Belgium. Cybersecurity is also a priority for the current legislature as well as for our Minister for Defence, as stipulated in the policy orientation note 2022, which affirms the will to strengthen our country's cyber defence capabilities.
In concrete terms, a Cyber project team has been set up to create a Cyber Command by the end of 2022, to strengthen the cyber intelligence capabilities of the General Intelligence and Security Services (SGRS) and to initiate a technological innovation policy geared to establishing links with Belgian industry in order to develop and acquire the necessary capabilities.
The SGRS is also an important player in the Belgian government's Cybersecurity 2.0 strategy led by the BAC. It performs various tasks relating to cyberwarfare by collecting information and sharing intelligence on the cyberthreat, by participating in national crisis management and by making its expertise available to its partners.
Defence is also a member of the Board of Directors of the Cooperative Cyber Defence Centre of Excellence (CCDCoE), NATO's leading cyber defence centre of excellence, which conducts specialist research, produces courses and organises international exercises."
What measures are envisaged in the future?
"We see in the news with the war in Ukraine that disinformation or sabotage actions can be combined with actions on the ground.
Furthermore, several studies show that a large proportion of successful cyberattacks start by exploiting the human factor, i.e. by fooling users (who are often easier to approach than systems that are already locked). In addition to strengthening our IT infrastructure (which requires armies of experts), there are many actions to be pursued in educating users so that they do not fall prey to attackers and thus become entry points into their organisations.
At the national level, the CCB orchestrates cyber awareness campaigns focusing mainly on cyber hygiene, i.e. the adoption of healthy behaviour in cyberspace.
The Cyber Security Coalition organises workgroups for the exchange of knowledge in cyber awareness and in other areas of cybersecurity.
For its part, Defence continues to invest in its own cyber capabilities, as well as those for civilian and military use. These "Dual Use Civ/Mil" capabilities, as they are known, can be employed in coordination with the BAC in the event of a national crisis. The investments in the Cyber capabilities are aimed at developing knowledge, stimulating innovation and improving the monitoring of cyber threats for the benefit of Belgian society.
These investments will be made under strategic partnerships with civilian companies. The Cyber Command, which will be created at the end of 2022 within the Intelligence and Security Staff (ACOS-IS) and will count several hundred people, will assume its missions according to 4 pillars: the protection of its IT environment (Protect), the reaction to cyber-attacks (Defend), the collection of information in cyberspace (Collect) and the use of offensive cyber means and resources (Fight)."
Reaction of Minister of Defence Ludivine Dedonder:
"Cyber is ubiquitous and an important part of our society and national security. With the creation of our Cyber Component, Defence wishes to take the lead in cyber security for our country. Defence has in-house expertise that it will formalise and expand to create a fully-fledged Cyber Component to protect our critical systems and infrastructure from potential intruders and hackers.
We will invest heavily in our cyber defence in the coming years and will favour strategic partnerships with other players in the field in order to ensure the broadest possible coverage in cyber security.
With the adoption of the Intelligence Service Act on 7 July 2022, our cyber experts will also have the possibility to react to cyber attacks against non-military targets, by repelling the attack and possibly responding with a counter-attack within a strict legal framework. In this way, Defence is once again putting its knowledge and resources at the service of our national security."
Are there any agreements at European/global level to combat cyberwarfare?
"In 2016, the NATO member countries ratified the 'Cyberpledge' which reinforces Article 5 of collective defence also for cyberattacks (i.e. a cyberattack against a member of the Alliance constitutes an attack against all its members and therefore authorises them to come to the aid of this collective defence).
Since 2004, Europe has had ENISA, the European Cyber Security Agency, to provide expertise and assistance to member countries. Although generally focused on cyber security, events in recent years have tended to direct attention to cyber warfare.
Belgium participates in various projects that are part of cooperation agreements at European or other multinational levels, such as the Malware Information Sharing Platform (MISP) group, which aims to share information on cyberthreats such as actively used hacking techniques or indicators of system compromise. As a member of the CCDCoE Board,
Defence is contributing to the development of the Tallinn Manual, which aims to establish a collection of legal texts defining the rules of international law and armed conflict in terms of cyber warfare."
"Cybersecurity is now recognised as a shared responsibility that necessarily involves cooperation by and between the public and private sectors."
Is there any cooperation between the public and private sectors?
"Generally speaking, cybersecurity is now recognised as a shared responsibility that necessarily involves cooperation by and between the public and private sectors, particularly because industry provides a large majority of the IT products that make up our cyberspace.
An innovation network is currently being set up at NATO level through the recent Defence Innovation Accelerator for the North Atlantic (DIANA) investment fund, which currently includes various Belgian research centres (e.g. Trail de Charleroi, a consortium of research centres specialising in artificial intelligence).
From the point of view of public-private cooperation, the Cyber Security Coalition, which has been in place for several years, constitutes a forum for exchange between the private sector, the academic world and the public authorities, making it possible to broach cybersecurity problems in a very broad manner and to work for sharing information and raising awareness in all sectors so as to bolster our cybersecurity resilience. In addition,
Defence, through its Cyber Project Team, is developing innovation and academic research initiatives to address its specific needs."
Is there any form of consultation/cooperation at European level in the fight against cyberwarfare?
"The European Cyber Security Centre (ENISA) has a cyber strategy with seven objectives, the third of which is to foster Europe-wide cooperation in the event of massive cyberattacks.
This strategy is not only geared towards cyber warfare, but of course also contributes to the fight. The invasion of Ukraine has just shown how essential it is for this strategy to be put in place. In the face of the growing cyberthreat, a common resilience policy is needed.
Europe has undertaken various projects in which Belgium participates, such as the EU Cyber Academia and Innovation Hub (CAIH) project, which aims to create a network of training and research centres, or the Cyber Defence Training & Exercise, Coordination and Support Platform (CD TEXP), which aims to coordinate cyber defence exercises, within the framework of permanent structured cooperation (PESCO)."
CV of Alexandre D'Hondt, M.Eng.
Alexandre D'Hondt, M.Eng. has been working in cybersecurity for Defence since 2013. He led a team for several years in vulnerability assessment, penetration testing and security audits.
He is currently managing the security assets interconnecting the internal Defence network and the Internet, including firewall, VPN, DLP and other technologies.