Cyberspace is the only manmade domain. In this domain, scores of things are extremely interconnected: it consists of the Internet, interdependent networks, the Internet of Things (IoT), and an innumerable quantity of related devices covering a myriad of different purposes. It offers the capability of remote actions such as assistance, maintenance, control, decision making, problem solving etc. All of this spells out why the possibility of attacking through a new kind of threat may arrive at any time from any part of the world. An attack can take place within routers, provider’s routers, personal computers, laptops, servers, printers, cameras, mobile devices, etc. The potential area for attack grows every day and, although cyber warfare is currently limited to information networks and network-attached systems, the situation could develop unpredictably. Thus, new technologies such as Quantum Computing, Blockchains, Artificial Intelligence, Big Data, Human Assisted Machine Learning and 5/6G will change our way of thinking not only about cyber defence, but also our approach to human life. To effectively react to these new threats, passive measures of defence (e.g. firewalls, intrusion detection systems, antivirus, antimalware, etc.) are important, but they must be complemented by active measures, such as: intelligence, network monitoring, red vs blue team assessment, threat hunting, adapting procedures to the threat, and lessons learned. It is necessary to adopt “in depth” defence, which is defence using layered and overlapping technologies to monitor, detect and defend networks and all their end-points. At the same time it is necessary to analyse the techniques and tactics used by adversaries, develop signatures and indicators of compromise that match the patterns that are unique to a particular attack. An attacker wants to gain access, remain in the system and execute his/her malicious code. Digital forensics is effective and helps a lot but it is time consuming; the solution comes with smart information triage to effectively guide defence. These complex topics, with the associated risks particularly to NATO and the EU, and the main challenges that need to be faced when conducting operations in or through cyberspace were discussed during the NATO Rapid Deployable Corps Italy (NRDC-ITA) International Cyber Seminar held online on 15th June 2022. The event saw the participation of academics, and military and civilian personnel working in the cyber domain and it stimulated some important discussions driven by real events from the current conflict in Ukraine used as case studies. In accordance with the seminar agenda, Mr. Mario BECCIA, Deputy Chief Information Officer for cybersecurity at NATO HQ, presented cyberspace domain challenges in the context of modern warfare; OF5 Julien MERMILLON, Head Operational Planning at NATO SHAPE Cyber Operations Centre (CyOC), discussed the challenges for planning and managing cyberspace operations at operational level; OF4 Fabio BIONDI, Cyber Ops Researcher at the NATO Cyberspace Centre of Excellence, addressed the common patterns detected within the adversary’s cyberspace operations; and Professor Stefano ZANERO, Polytechnic of Milan, presented a speech about cyberspace war through a series of retrospectives.
![](resources/uploads/1034/mrc04829-9kaGu1.jpg)
In the light of this fruitful event, it is worth recapping a few points to identify some takeaways and pave the way for the next edition. First of all, the seminar addressed the role of industry in the modern era. It was highlighted that although cyberspace is not fully owned, managed and governed by anyone, a large number of commercial entities have a primary role in it, with governments barely having loose control over them. The accelerated pace seen in the current conflict in Ukraine, where part of the targeting has been done with an Uber-like application for smartphones - that when compared to conventional systems and tools, although rudimentary, seems significantly quicker - stresses how the combination of the precision of new technologies (e.g. drones or smartphone applications) together with intelligence offer the possibility to exploit new capabilities and opportunities, generating a game changer in the military field that could also challenge the Alliance’s security. Another interesting topic was the unceasing development seen in sub-threshold activities. Sub-threshold activities are actions/operations in cyberspace that make it possible to achieve a perpetrator’s goal without triggering any armed response from the State/victim. However, although such activities are engineered to stay below the threshold of an armed conflict, they are considered to be “the noise” of cyberspace activities. Additionally, not only has there been a huge increase in the number of such activities, but also the frontier of such operations is always being pushed further. A third point worth mentioning is the critical importance that conducting Defensive Cyberspace Operations (DCO) retains, although NATO is working around the clock to develop its capabilities in the conduct of Offensive Cyberspace Operations (OCO). At present, DCOs are no longer pure defence of own networks but require, without doubt, a profound analysis of Mission Vital Infrastructure (MVI) and their dependencies on cyberspace. What seems to be an already well-addressed capacity ¬- the conduct of DCOs - actually comes with some difficulties due to the disproportionate ratio between the high demand for cyber assets and the low-density/availability of resources; moreover, this is exacerbated by the challenges encountered by operational commands that own the physical battlespace but not the virtual one.