Presentation of Khatuna Mshvidobadze, Senior Associate, Georgian Security Analysis Center, Georgian Foundation for Strategic and International Studies, Tbilisi
To the Conference
NATO and the New Strategic Concept: Romania's Priorities, Bucharest, Romania

Today, we discuss what should be in NATO’s new Strategic Concept, what should be considered real threats to the Alliance, how to prevent and respond to those threats and how to sustain stability and security accordingly.

In the 21st Century, we face new threats that are the 21st Century equivalent of armed attacks as conceived in 1949, and these might be as detrimental to our security as terrorism.

In the summer of 2008, Georgia was attacked by its northern neighbor not only conventionally by air, land and sea, but also via cyber space.

Cyber attacks are a form of warfare in the early 21st Century. High technology and online skills are now available for rent to malevolent governments, organized crime and terrorist organizations, and can potentially destabilize a country’s economy and crucial security infrastructure.

The Russian invasion of Georgia was to some extent preceded by a series of cyber attacks that developed into an integral part of the armed attack, fully ready as Russian tanks rolled into Georgia on August 7.

This is the stark reality:

• Russia fully coordinated its cyber attack with its land, sea and air attack—the wireheads were fully prepared as Russian tanks trundled into Georgia on August 7.
• The cyber attack was an integral part of the armed attack.
• Indeed, the cyber attack performed some missions that would heretofore have been assigned to aircraft or artillery.
• Analysis by the US Cyber Consequences Unit—an independent research institute—indicates that all the preparatory work was accomplished before the war—obviously the cyber war coordinators, in other words, the Russian government, were fully aware of the impending attack upon Georgia and its timing.
• The cyber attacks against Georgia represented improvements over the techniques used against Estonia in the spring of 2007.

Most of the attacks were of a type called Distributed Denial of Service attacks—DDOS. Cyber criminals take over bits of perhaps thousands of privately owned computer and lash them together into so-called botnets that then blast information at a target website. Imagine downloading the entire Windows XP operating system every 6 seconds! The target site is rendered unable to perform its intended service.

Most of the botnets used against Georgia had already been used for criminal activities. The Russian government was in cahoots with Russian organized crime!

Cyber attacks can be used to:

• Debilitate certain specific defense computers
• Create a sense of panic or demoralization among the population, and
• Prevent effective communication by the government

Another tool used was web postings of instructions to individuals with limited computer skills who could contribute to the cyber attack efforts. The web-site postings were so productive that forty-three targeted websites were effectively shut down or defaced, in addition to the eleven targeted by the botnets associated with organized crime.

Here is how it worked. The real ringleaders operate from a distance. There was a hierarchy to the agents involved:

• At the top, “soldiers”—professional planners, computer scientists and engineers. Experts and commentators have directly accused Moscow of sponsoring the attacks as their magnitude required the resources only a state-sponsor can provide.
• Next, “mercenaries”—criminal organizations paid to carry out certain elements of the attacks—there were strong signs implicating the Russian Business Network, a now defunct or disappeared criminal organization.
• Finally, there were “volunteers”—individuals with PC’s who were recruited through social networks to augment the attacks.

Make no mistake—many of the cyber attacks were so close in time to the corresponding military operations that there had to have been close coordination between people in the Russian military and the civilian cyber attackers.

When the cyber attacks began, they did not involve any mapping stage, but jumped to the sort of packets that were best suited to jamming websites under attack. This indicates that the attack script had to have been written in advance. Registering new domains and new websites were accomplished so soon that all the steps had to have been prepared in advance.

The Cyber attacks disrupted the Georgian Government’s information and communication efforts, financial transactions, Internet and cellular telephone connections for several days.

The era of cyber warfare has begun.

When the NATO Alliance was formed, cyber war was a thing for books or the cinema, but the Russian attack on Georgia now demonstrates that we are facing it in reality.

To be relevant to the new reality, NATO and its partner countries should concentrate more on establishing prevention mechanisms against cyber warfare.

NATO must now act.

The new NATO Strategic Concept must not only treat cyber warfare comprehensively, it must recognize that that this form of warfare can be an integral part of armed warfare, indeed it can substitute for artillery and air interdiction. Consequently, the Strategic Concept must recognize cyber warfare as a potential Article V event.

It follows that NATO must gather relevant intelligence, devise countermeasures and defenses, develop plans and programs and conduct exercises.

Finally, there must be greater funding, participation and support for the Cooperative Cyber Defence Centre of Excellence in Tallinn, including the participation of partner states such as Georgia that can contribute positively to the alliance’s efforts on cyber defense.

Thank you for your attention.