Russian hackers breached the IT systems of the Danish Ministry of Defence (Forsvarsministeriet) last year as well as the year before, and thereby gained access to the emails of the employees of the Danish Ministry of Defence. Since such news emerge almost daily in both national and international mediums, the question of cyber-security is an increasingly important part of national security. The Hungarian Government has also taken steps towards cyber-security and the organisation of such training programs is the task of the National University of Public Service. The courses were started based on the information security law passed in 2013, and more than 150 public service executives, experts, contributors, and employees have successfully finished these programs since. The issues has also been taught and researched at the faculties of the university, and this academy is going to synchronise all the various resources in this field starting March.
During opening ceremony Csaba Krasznay – program director – has said that there are only a few people in Hungary, who have up-to-date information in this field. That is why the training programs that already exist at the University have to be developed and extended to include a wider array of public servants. It was also mentioned that there is knowledge transfer in this field on all faculties of NUPS and at all levels or tertiary education, from BA to PhD level. Cyber warfare and military IT systems defence is taught at the Faculty of Military Sciences and Officer Training, cybercrime and crime prevention is taught at the Faculty of Law Enforcement, the Faculty of International and European Studies deals with the international aspects while trainings are centred around information security at the Faculty of Political Sciences and Public Administration. According to Csaba Krasznay, the Faculty of Water Sciences, which became part of the University recently, can join the work as well, since water management and critical infrastructure all use many IT resources, so this field is a target of cyberattacks too.
Frigyes Janza (ret.) pol. major-general, who spoke at the event as well, warned the audience that it is not just an academic problem, but concerns the whole society and thus the training of the Academy has to be organised accordingly.
Csaba Krasznay supported this remark, and underlined that in practice the entire Hungarian society has to be prepared to fend off cyberattacks. It in the basic interest of everybody to use the Internet and IT services safely.
Prof. Dr. András Nemeslaki, head of the Institute of E-Government at the Faculty of Political Sciences and Public Administration, told the audience that cyber-security almost seems like a topic tailor-made for NUPS, since all training end research institutes are able to join the work. “Establishing the Academy is a really promising initiative. We can hopefully also broaden our international relations with this program too”, concluded professor Nemeslaki.
CyCon’s origin goes back to 2009 and has been enjoying the participation of 500 political and strategic decision-makers, high ranking military officers and cyber security experts each year. Similarly to other renowned conferences, CyCon also offers simultaneous presentations and round table discussions, so that participants could attend the discussions they most prefer in various topics. Day Zero of this year’s Cycon was a day of workshop when apart from the education of cyber defence and the management of cyber crises, the practical aspects of smart phones’ criminalistical examination was also on the agenda.
Nearly all participants of Day 1 focused on the possibility of NATO’s leaders declaring cyber sphere as the fifth dimension of warfare at the upcoming Warsaw Summit. Estonian President Toomas Hendrik Ilves stated his expectations regarding NATO’s decision in this matter, which was further emphasized by the words of Czech Defence Minister Martin Stropnicky who reminded that nations should be ready to develop their defence capabilities in the fifth dimension of warfare as well. Admiral Manfred Nielson, Deputy Supreme Allied Commander Transformation (DSACT) mentioned the significance of understanding and handling cyber sphere separately from the traditional four dimensions of warfare. Several high ranking military officers agreed that while cyber sphere is a novel area, it is not special or unique. There was also an agreement in that future military operations will utilize cyber sphere regardless of whether it will have become the fifth declared dimension of warfare or not. On the other hand, they considered the acceptance of cyber sphere as the fifth dimension important, in that it could advance the formation of NATO’s comprehensive cyber defence and cyber operations policy. Accordingly, the first day’s presentations also focused on force projection in cyber sphere, the defence of weapon systems, the state cyber activities, as well as the cyber threats related to air traffic.
Day of CyCon was hallmarked by the participation of such renowned experts as Thomas Rid, professor at King’s College London, Martin C. Libicki, professor and senior management scientist at RAND Graduate School, and Mikko Hypponen computer security expert, research director of F-Secure. The speakers highlighted the development of interactions between humans and machines from the 1940s, the role of information warfare in today’s conflicts, as well as the transformation of the capability of deterrence in the Internet’s world of no geographical boundaries. Libicki described cyber warfare along 5 characteristics with it being extremely volatile, unpredictable and not kinetic, difficult to interpret, and persistent phenomenon. Discussions after the presentations focused on the political changes related to cyber security, as well as on the Russian cyber operations, and the advantages and drawbacks of the Snowden-leakage.
Day 3 of CyCon provided an opportunity for participants to recap and discuss what they have learnt and experienced throughout the conference. The participants have concluded that several governments most likely misinterpret the definition of cyber power, and as a result focus too much on tactical achievements and do not deal with the long-term effects of operations. The increased role of short-term successes is also highlighted by the fact that instead of lasting cyber conflicts, the incidents are related to espionage or temporary disturbance of systems. Jan Neutze, Director of Cybersecurity at Microsoft, focused on the role of norms within cyber sphere, and compared the approached of government and industry, whereas David Sanger reminded that the arms race within cyber sphere sets a serious arms control and deterrence issue for humanity. The final presentation of CyCon2016 was held by Jaan Tallinn, founder of Skype, who mentioned that artificial intelligence may have negative consequences if humanity does not prepare itself for its utilization in time.
One of the most important lessons of the four-day conference was that challenges coming from cyber sphere cannot be ignored, as that would lead to lagging behind which could lead to national security challenges and threats already in the short-run. The management of these challenges, and the establishment of appropriate defences require efforts that government cannot display on its own but with the inclusion of industry and academia. Should NATO’s Warsaw Summit declare cyber sphere as the fifth dimension of warfare, it will initiate such changes within the Alliance that will be in relation to the cyber capabilities of all member states, including Hungary.
The notification of organisations (like CERT and CSIRT) specialised in managing cyber incidents, the identification of malware patterns, the immediate contacting of NATO institutions and the EUROPOL, investigation and the verification of the validity of IP addresses, etc. are just a few tasks that were simulated at the Cyber 9/12 Student Challenge in Geneva, Switzerland where groups consisting of Bachelor, Master and PhD students presented their solutions to the challenges of a cyber security crisis before a panel of internationally renowned experts on 7-8 April 2016.
The event was held for the second time by the Atlantic Council and the Geneva Centre for Security Policy and with the participation of 29 students coming from Finland, the United Kingdom, Sweden, Switzerland, the United States and Hungary. While the Student Challenge dates back to many years in the United States, the first such event in Europe was held in 2015, nevertheless, with increasing interest, as the number of participants has increased with one-third of last year’s participant numbers. The Student Challenge enjoyed the support of several leading companies in information and cyber security, who – in addition to the organisers – offered personal consultation opportunities and career advice to the groups.
The significance of the Cyber 9/12 Student Challenge lies within its comprehensive approach towards cyber security: performing in the simulation required knowledge in military, law enforcement, public administration and international affairs, just as in the area of technical solutions and political decision-making. The groups also had to know how to cope with the media, diplomatic relations and with regulations in international law.
The four faculties of NUPS were equally involved in the competition, as the Hungarian team of four (Martin Arany-Víró from the faculty of Law Enforcement, Annamária Beláz from the Faculty of Political Sciences and Public Administration, Judit Keczer from the Faculty of International and European Studies and Gábor Simon from the Faculty of Military Sciences and Officer Training) laid great emphasis in the various branches of public service reinforcing each-other.
After the pre-selections at NUPS, preparation for the event began in early February coordinated by Dániel Berzsenyi, head of the group from the Centre for Strategic and Defence Studies, and supported by Dr. Csaba Krasznay and Dr. Attila Kiss from the Faculty of Political Sciences and Public Administration. The preparation was held in the form of several presentations and consultations and the procession of a great amount of literature. In addition to their performance at the event, the participants from NUPS also had the opportunity for professional and personal networking with international experts of the field.
The National University of Public Service – in cooperation with the Hungarian Ministry of Foreign Affairs and Trade and the Ministry of Defence – organized and hosted an international course on cyber security and defence within the framework of the European Security and Defence College (ESDC) between 27-29 May 2015.
The course provided a thorough and up-to-date view on the nature of information society, on the threats from cyber space and on the theoretical and practical background of the preparation for cyber defence, with the main target group of the event being experts delegated by the ministries of EU member states, EU agencies and relevant institutions.
The organizers under Course Director Dr. Anna Molnár, associate professor at the Faculty of International and European Studies, have gathered an excellent team ranging from experts from EU member states, the European External Action Service (EEAS), the European Defence Agency (EDA) to representatives from the private sector. The event was opened by Dr. Péter Tálas, Dean of the Faculty of International and European Studies, followed by the keynote speech of Péter Siklósi, Deputy State Secretary for Defence Policy and Planning at the Ministry of Defence.
The course commenced with an overview of the basic definitions of cyber security and cyber defence, the main international processes in this field, the EU’s cyber security strategy, as well as the cyber security policies of some EU member states.
The second day began with the review of the development and current issues of European cyber diplomacy. A separate panel focused on the least developed dimension of cyber security: the legal frameworks of this field. Furthermore, the private sector was represented by Alastair Teare, CEO of Deloitte Central Europe and Lajos Antal, Head of Cyber Risk Services at Deloitte Central Europe. While the discussions revealed that nowadays cyberspace connects the world better than commerce, they also pointed out the differences between private and public sector in cyber security and noted that PPP structured development projects and investments in this field contain great challenges.
On the final day, participants received information and data about the extent of crime in cyber space (e.g. the damages cause in recent years are estimated to be more than EUR 310 billion). Last but not least, the military aspect of the EU’s Foreign and Security Policy and the EU-NATO cooperation in cyber security was reviewed.
The three-day course was closed with a ceremony where all participants received their course certificates containing the signature of Federica Mogherini, High Representative of the European Union for Foreign Affairs and Security Policy.