Since its launch at CyCon 2019, the Cyber Law Toolkit has grown to become a go-to online resource for international law and cyber operations. Several States and international organizations have expressly relied on the Toolkit in developing their views and, in addition, it is used by thousands of users per month who access it to consult its comprehensive database of national positions on international law in cyberspace, its growing catalogue of hypothetical scenarios, or to learn more about the fundamental concepts of international law and how these apply in the cyber context.

For the project to remain relevant and sustainable, the Toolkit team seeks to obtain, in an interactive session, feedback and input from those who have contributed to the Toolkit in the past (for example, as authors or peer reviewers), as well as from those who have used or use the Toolkit in their professional or academic work, and wish to be involved in its further development. The session will focus, namely, on (i) topics for new scenarios, (ii) improvement of user experience, and (iii) new features to include in the Toolkit.

Meet and network in person with other members of the Cyber Law Toolkit community and have your say in the future of the Toolkit. The session will be run in an informal manner in accordance with the Chatham House rule.

The United States works closely with allies and partners in building traditional military warfighting capabilities, such as planes and missile systems that support airpower or tanks and artillery that support land power. We have taken a much more reserved approach to developing cyber capabilities in defensive and especially offensive capabilities.

This session will look at whether and how the US (and others) can improve allies’ and partners’ defensive cyber capabilities (this is more than just ‘hunt-forward ops’), and whether and how one could utilize private-sector partners in this effort. We will also examine how to approach ally/partner offensive cyber support and whether this should be ‘nuclear umbrella’ type of support or whether we should work to build and sustain ally/partner offensive cyber capacity. And if the US (or others) decide to work to build partner offensive capability, how should this be done? Is it a full ‘train-maintain-equip’ effort, or is it more of a legal/policy training effort with an emphasis on understanding unintended consequences and the development of rules of engagement? Finally, how should we integrate and employ offensive cyber forces? Does this provide a framework for response options against future attacks as happened in Albania, and if so, what will coalition command and control look like?

Over the past decade, social media platforms have become hotbeds for misinformation and propaganda. Various actors, including state and non-state entities, exploit these platforms to further their political, military, or economic agendas. The advent of generative AI has greatly exacerbated the scale, personalization, and targeting of these attacks.

In this session, we will confront the challenges posed by sophisticated generative AI applications that enable deception at scale through information attacks, fake personas, and large-scale tailored influence operations. For years, safety in obscurity shielded smaller language communities from the worst information attacks. However, the multilingual capabilities of large language models now render this safety-in-obscurity strategy ineffective. By 2023, these technologies have slipped through regulatory oversight, making it possible to run sophisticated models on individual desktop computers without ethical or safety constraints. This unchecked development has enabled the generation of manipulative and unethical material on an unprecedented scale, leaving us ill-equipped to confront the burgeoning challenges. Simultaneously, generative AI technology also presents vast opportunities. We will explore the possibilities for tracking adversaries’ actions online, summarizing extensive volumes of multimodal data, detecting anomalies, customizing communication strategies, and accelerating content production and dissemination.

More specifically, this session addresses: 1) the potential of the technology as it exists today; 2) the role of generative AI in creating and propagating fake content and manipulating public opinion; 3) the scope and impact of misinformation, propaganda, and fake personas on social media platforms; 4) the operational, privacy, and security concerns related to AI technologies in NATO communication strategies; 5) opportunities and potential applications for AI systems to counter misinformation and track adversaries’ actions online.

CY4GATE – Cyber Threat Hunting

When the cyber protections don’t work, Cyber Threat Hunting seems the only solution able to mintain the cyber resiliency of a critical asset, starting from an hypotesis (something bad could be in place), followed by an investigation (this is what is going bad), up to the definition of an effective detection and response strategy (I know how to find it and then run the right response). This process must be continously applied in an increasingly evolving borderless context, where also the lifecycle of a threat hunting process must be continuously aligned with the attacker’s timeframe.

A batch-processing oriented Data-lake approach for patterns identification can solve partially the need, but still remains the issue related to the huge computational power needed to remain on-time, that cannot be solved only by unlimitedly increasing resources.

We’ll then introduce a novel approach to Cyber Threat Hunting, supported by some on-field experimented use cases, based on a full behavioral approach powered by statistical and AI models that can be combined with dynamic CoAs (Course of Actions), that can be redefined in relationship with the received feedbacks, and deceptive approaches able to support further validations and recover the required timings.

Over the past years and months, the world has seen ransomware attacks with serious consequences targeting not only large companies but entire countries. In May 2022, Costa Rica declared a national emergency amid a series of attacks affecting nearly 30 public institutions and services, including tax collection, social security and customs. Is such a shift in scale becoming the new norm, and what is the reason for these escalations? How can the EU support partner countries through cyber capacity-building initiatives?

A ransomware attack against a country requires knowledge, skills and intelligence, which are usually possessed by operators with government background. This is a game with a lot at stake for both parties – the victim nation will do everything it can to catch the attackers, but if it fails, confidentiality, integrity, and availability are at risk. In the panel discussion, we will explore the possible motivation of attackers operating in the LAC region and address the options for nations to build resilience. The panellists will explain how the EU-funded Cyber Capacity Building projects and International Counter Ransomware Initiative can help countries to better combat cyberattacks and protect their digital societies.

Organized and moderated by EU CyberNet, the one-hour panel consists of cyber security specialists from Latin America, North America and Europe, who lift the lid on state-sponsored ransomware attacks and coordinated CCB potential.

In the past, most cyber conflict research relied on individual case studies of prominent incidents. While well-documented, a predominant focus on these outliers limits the public understanding of the overall threat landscape. Covering more than 1,800 effect-generating cyber operations reaching back to the year 2000, the European Repository of Cyber Incidents (EuRepoC) is seeking to narrow this data gap.

Evaluating more than 60 indicators to document the life cycle of cyber operations and the state responses they evoke, EuRepoC regularly contends with challenges involved in the systematic, continuous, and comprehensive classification of cyber incidents, especially posed by open-source reporting. Based on practical examples, the workshop will guide participants through an evaluation of the attack chain and strategic drivers of operations, questions of political responsibility, and efforts to impose costs on threat actors. Workshop discussions will provide a platform for sharing techniques to assess the impact of different cyber operations in light of incomplete and evolving public information.

Quick communication is essential in a cyber crisis. It can be incredibly difficult to achieve this at the national level where roles and responsibilities for crisis coordination are often split between government agencies, private sector operators and military bodies. The war in Ukraine has demonstrated that resilience and defence can be achieved when civil and commercial actors are seen as partners, which requires trust and understanding.

This workshop will explore how nations can embrace and enhance cyber exercises to build trust between key stakeholders in cyber defence and national security. This will involve exploring the barriers to effective responses to cyber crises. The first section of the workshop will pilot a strategic-level table-top exercise that allows participants to play out an unfolding cyber crisis scenario and invites them to test their decision-making skills and resource allocation to mitigate a cyber threat successfully. Invited experts will then offer insights on building a trusted ecosystem of actors for national cyber defence, followed by all participants having an opportunity to weigh in on national trust-building.

The workshop is open to all CyCon participants but we advise that registrants have some existing knowledge of or active interest in cyber exercises and national cyber crisis coordination.

Previous workshops in this series have focused on cyber exercises across NATO:
CyCon 2022 workshop summary report NATO Cyberspace Exercises: Moving Ahead
CyCon 2021 workshop summary report Cyber Exercises: A Vision for NATO and interim paper Trust in Cyber Exercises: A Vision for NATO

Facilitated by: Peter Barrett, Carnegie Mellon University; Peadar Charles Callaghan, Tallinn University; Dr Amy Ertan, Emerging Security Challenges Division, NATO Headquarters; Aurimas Kuprys; NATO CCDCOE; Toby Meyer, Carnegie Mellon University and Alan Sewell, Swedish Defence University.

Please note that anonymized notes will be taken throughout the workshop and may be used to inform future workshops, game design and publications. The game as developed will be available to participants and for use in the future.

How do you reach your audience with cybersecurity training? Designing practical and engaging training is challenging, but instead of death by powerpoint, flying chalk, or endless lectures, how about trying to gamify your training? A well-designed training exercise or game offers a hands on experience for the participant which engages the learner in a more active learning process. This in turn leads to better retention of lessons learned and application of the skills outside of the training context.

Participants will get the opportunity to design their first game-based learning exercise and leave the workshop with their own game prototype.

This workshop is open to all CyCon attendees no matter their experience with games or exercises.