(by Jiří Šedivý, Chief Executive of the European Defence Agency)
EU Member States have been working on Computer Security Incident Response Teams (CSIRTs) and Computer Emergency Response Teams (CERTs) for many years. Both civilian and military CERTs were created in various formats, capacities and missions, and they are located in various parts of government structures.
While there has always been a lot of emphasis on dialogue and cooperation between civilian CERTs, their military counterparts have kept a much lower profile when it comes to cross-border interaction, which can be partially explained by their focus on national infrastructure and the classified or highly sensitive information they deal with. Even within most Member States, exchanges between military and civilian CERTs are rather scarce and/or limited in scope.
Against this backdrop, the defence community has repeatedly expressed the need to do more to boost dialogue and cooperation between national military emergency response teams in Europe. I fully share this view: the potential benefits of enhanced European cooperation and interoperability in this very sensitive domain are substantial. To allow for that in the most efficient way possible, information-sharing practices successfully used in civilian circles throughout Europe could and should also be extended to military CERTs and their operations. I admit, this is easier said than done Not only because this may conflict with the need to protect sensitive information but especially because this requires something very essential: mutual trust. The first thing must therefore be to focus on building this trust among military CERTs, step by step.
The European Defence Agency is happy to kick-start this process with a 3-day interactive conference dedicated to the European military CERT community, to be held on 19-21 January 2021 in Lille (France) in conjunction with the Forum International de la Cybersécurité (FIC).
The MilCERT Interoperability Conference (MIC2021) intends to provide a discussion forum on a wide range of information-sharing topics within the military CERT community and their stakeholders. The objective is to help the military CERT community get a better understanding of the challenges and opportunities related to military CERT cooperation, and also to lay the groundwork for improved information-sharing with their civil counterparts without undermining the strategic importance of classification. The results of the conference should trigger a series of follow-up events to further advance work on this important topic.
Due to the ongoing COVID-19 crisis, MIC2021 will not be a traditional conference: it will instead be interactive while, at the same time, offer practical exercises in a more classical conference format. In fact, it will be divided into two parts: one strategic and one more technical.
The strategic part will take place in-person in Lille at the premises of the FIC2021 event. It will include keynote speeches as part of the official FIC agenda as well as a number of separate panel discussions in closed sessions for a selected audience. The Estonian Minister of Defence, Mr. Jüri Luik, will be among the key speakers of this event.
The technical part will be held remotely from each participant’s home country, using a cloud infrastructure. It will consist of a live fire cyber exercise with specialists connecting from their base locations in EU Member States. The control room of the exercise will be located within the FIC facilities in Lille. It will provide military CERT incident responders with a highly realistic simulation environment where many aspects of information-sharing will be highlighted and tested through a play-through of simulated cyberattacks. Participation will only require a laptop and an Internet connection.
The technical track builds on EDA’s expertise in creating and executing exercises (e.g. Cyber Phalanx and Cyber Strategic Decision-Making Exercises) with industry support as well as on the Agency’s experience in organising online events, supported by sophisticated cloud infrastructure made available by a contractor. This part of the conference is expected to engage actively with the main actors of the community, namely the technical representatives in the military CERTs.
Under the current COVID-19 circumstances which impacted many training events leaving teams with just a few opportunities to train in live exercises, the MilCERT Interoperability Conference will provide Member States’ military CERTs with an excellent opportunity to remotely train and exercise, supported by a cutting-edge infrastructure, realistic scenarios and professional support teams. And above all: it will allow them to build mutual trust, for a more collaborative future.
- EncroChat: Deciphering of the End-to-End Encryption Service Used by Criminals Cybercrime
- Preserving Digital Footprints and Cyber Resilience: Training the Swiss Police Cybercrime
- Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior) Cybercrime