Development of cyber defence capabilities in co-operation with the Minnesota National Guard

The objective of the “Summer Cyber School“ was enhanced risk management capabilities of the Ministry of Defence and the Croatian Armed Forces staff and of the key security subjects in the Republic of Croatia. The School comprised a series of lectures demonstrating the offensive capabilities […]

The objective of the “Summer Cyber School“ was enhanced risk management capabilities of the Ministry of Defence and the Croatian Armed Forces staff and of the key security subjects in the Republic of Croatia. The School comprised a series of lectures demonstrating the offensive capabilities of cyber attackers and their mindset, as a way to facilitate the assesment and risk assessment

The Communications and Information Systems Directorate of the General Staff of the Croatian Armed Forces, in co-operation with the Minnesota National Guard and the University of Zagreb and Split organised the “Summer Cyber School“, held in the “Kovčanje“ Barracks in Mali Lošinj from 19-25 July 2015. The symposium was attended by the members of the Ministry of Defence and of the Croatian Armed Forces, alongside the representatives of the Office of the National Security Council, of the Information Systems Security Bureau, of the Croatian National Computer Emergency Response Team, of the Croatian Personal Data Protection Agency, of the Ministry of the Interior and of the Minnesota National Guard. The objective of the “Summer Cyber School“ was enhanced risk management capabilities of the Ministry of Defence and the Croatian Armed Forces staff and of the key security subjects in the Republic of Croatia. The symposium was intended for senior management staff responsible for cyber defence in the Republic of Croatia, to enable them acquire new notions on methods, theories, models and techniques for risk assessment and implementation of security strategies.
The Symposium was opened by Colonel Jasenko Krovinović, the Head of the Communications and Information Systems Directorate of the General Staff of the Croatian Armed Forces, who emphasised the importance of the development of the cyber defence capability, of perception of new threats, the exchange of experiences and constant learning in the implementation of cyber defence as well of the interdepartmental co-operation and the participation of the academic community in the capability development. Colonel Krovinović extended special appreciation to Major General Richard Nash for the contribution to the development of civil-military co-operation in cyber defence.
The communications and information systems have in the past period been the fastest developing and changing techological system in the history.
Due to the shortness of their lifecycles (from the planning, introduction, implementation and withdrawal from use), they are seldom tested or not tested at all. Developed countries rely on them in the management of the business processes. The expansion of Internet and the  growing interrelatedness of CIS systems without detailed security testing constitutes a global security threat.
Curbing of the impact of the threat on CIS systems through various activities and measures is known as cyber-security.
A series of lectures that have been delivered aimed to demonstrate the offensive capabilities of cyber attackers and their mindset, as a way to facilitate the assesment and risk assessment..
The bilateral co-operation with the Minnesota National Guard and the University of Minnesota in cyber-defence will be continued in 2016, through symposia whereby the members of the Croatian Armed Forces and the key cyber security subjects will continue developing the defence capabilities in today’s higly dinamic cyber environment.


Interview – Brian Isle, University of Minnesota

Brian Isle is a senior fellow of the University of Minnesota’s Technology Leadership Institute (TLI).
He has tought courses in the graduate studies in technology security since their inception in 2010. Professor Isle emphasises the private sector needs a new generation of security experts with broader education in the security domain, who will have the competence to work as corporate security, information security and IT managers. It is of central importance in the cyber domain, characterised by rapid  changes and the lack of managing skills of the practitioners, as a result of the former educational programme design.
 
What are Your impressions from the Summer Cyber School?
This is my second time here and I really like it. The scenery itself if beautiful, and I dare to say that it is one of the most beautiful conference sites that I have been to; and I have really visited a plenty of them, because I like to teach and assist corporations and organisations.
The Croatians that I have met are very hospitable, and I noticed that the hosts appreciate my colleague’s and my attendance, as well as the attendance by Croatian lecturers. I think everybody is working on establishing a co-operative environment, which is indeed the direction in which the Summer Cyber School is going to develop. 
The event and the engagement of resources from Split, Zagreb and Varaždin have enabled the scholars and the representatives of government bodies to meet and discuss various subjects.
A special benefit for the staff of the Ministry of Defence and other government bodies is the opportunity to broaden their thinking through co-operation with the academic community.  The personnel of the similar organisations, such as the military, the police and the security services, often tend to display similar thinking patterns, and the events of the kind enable them to broaden their views and consequently improve their performance
What I suggest for the future are definitely more workshops as the opportnities for the participants to share their experiences and for the experts to discuss the challenges met in their worl. The attendance by experts from various government bodies and the discussions on the directions of development, the needs and the technical issues would be added value of the Summer Cyber School 

This years’ symposium focus has been on risk assessment and management. What is Your opinion on the choice of the subjects?
I am expert in the issues of vulnerability and risk, as well as for Red Teaming methodology so I enjoyed listening to the lectures. I think we have covered a wide spectrum of subjects, from the view of the security from the management angle, to thoroughly presented  risk management and the awareness-rising lecture by D.Sc. Groš on the risk assessment-related mistakes. 

What is Your opinion of the ongoing bilateral co-operation?
The University of Minnesota joined the activity upon the invitation by Major General, and I am impressed by the way the members of the Minnesota National Guard pass on their experience and knowledge on to the Croatian colleagues and acquire new knowledge that they transfer to their nationals upon return. The Croatian military is very hospitable, making us feel at home here, which is absolutly positive.

Have you agreed further co-operation with the University of Zagreb?
I talked to all lecturers to familiarise myself with their scope of work, what they need in order to effectuate programmes and what goals have they set for the co-operation with the University of Minnesota. I also took the opportunity to present our goals in turn, so we have drafted a short list of  potential co-operation programmes, such as short courses, exchange of students and lecturers etc. I am meeting the Vice-rector for Science of the University of Zagreb to discuss the co-operation possibilities with him. I prefer to start with small steps in order to test the communication and the information share, and eventually to agree on the exchange of students and lecturers and eventually by sustainable co-operation between the universities in Croatia and the University of Minnesota.

What aspect would you single out?
I appreciate the Croatian hosting of an event of the kind, and for two consecutive years while planning a long-term partnership building. It is a commendable job and I also think a long-term benefit for your organisation and its goals as well as for the individual employees. I approve of your decision to gather the key staff from different organisations to join the efforts toward the common goal.


 Jelena Taradi, Ministry of the Interior, Croatia

As the cyber security has outgrown the initial technical framework to include social segments at all levels, effective networking of all relevant subjects dealing with the cyber incidents has become highly important. This makes the Summer Cyber School, organised as it is, an excellent tool for the upgrade of the communication among the various bodies whose specific responsibility at the national level includes prevention, new technologies development and dealing with the incidents which do occur and their impact. Therefore I believe it is important to continue the interagency co-operation of the kind, as a crucial condition to effectively deal wth cyber threats.


 Tibor Kulscar, the Croatian National Computer Emergency Response Team

The Croatian National Computer Emergency Response Team, established within the CARNet (Croatian Research and Research Network) in conformity with the Information Security Act, is assigned with management of incidents in public information systems in Croatia and has an ongoing co-operation with the Croatian Ministry of Defence, primarily wit the preparation and conduct of the International Military Exercise Cyber Coalition.
The past years have seen a progress of cyber defence technical competencies of the Croatian Armed Forces and other government bodies, but the legal framework and procedures still allow improvements, primarily as the National Cyber Security Strategy, as a joint effort of the government bodies and the academic community to increase the security of cyber space in Croatia. The Summer Cyber School offers the opportunity for closer communication among the staffs of the government bodies relevant for cyber security and their respective responsibilities  and for the transfer of experience from the members of the Minnesota National Guard and the University of Minnesota.


 D. Sc. Stjepan Groš, Associate Professor, Faculty of Electronic Engineering

I suggest two answers as to the importance of the role of the academic community in cyber defence capability building. Firstly, it is impotant that all possible contibutors be included in the acquisition and maintenance of the capabilities, and I mean not only the academic community and the military, but different companies and other government institutions as well. tke i druge državne institucije.
A more precise answer comes from the very mission of the academic community and that entails the education and research. The academic community is responsible for educating new expert staff – engineers and doctoral students, and for the maintenance of the competencies of the existing staff. The education should be based on the research which should be recognisable both at the national and international levels. It is a highly significant role of the academic community, which has to include the military and other relevant subjects. There has to be a strong bond enabling the exchange of information, co-work and anything that could optimise the use of the restricted resources.


D.Sc. Tonimir Kišasondi, Faculty of Organisation and IT (Varaždin)

The Summer Cyber School has presented extensive expert material, providing excellent and subject-relevant insight for anybody interested in new trends related to threat analysis and security system upgrade. The lectures are very interesting and up-to-date, delivered by internationally renowned scholars. The colleagues from the University of Minnesota and the officers of the Minnesota National Guard have demonstrated an interesting approach, experience and methods related to cyber defence and we in Croatia highly appreciate the opportunity to  learn abouth them.
It is very difficult to develop effective security systems without the exchange of information on actual threats, case analyses and experience from the experts. The exchange of experience and of best practices is of vital importance as the attackers continuosly develop new ways to bypass the protection and to compromise systems; the point of cyber defence is to act preventively and to develop the systems so as to take the new attack characteristics into consideration. We need to know what we are defending from to be able to to develop effective security systems. The contribution from the academic community consists in the traiing, the transfer of knowledge and expertise though education and lab work, or by providing research and development expertise, through co-operation of research laboratories and defence community.


Frankie Orr, Chief Warrant Officer Rank 3, National Guard Minnesota

This is the fourth year of the bilateral co-operation between Croatia and Minnesota. Although there are challenges awaiting, a lot has been done, the cyber defence capabilities in the two states have been upgraded significantly, the credit for which I a confident goes to the military co-operation. The biggest contribution to the development of cyber defence capabilities consists in NCOs and young officers, such as 1st Lieutenant Murat, who delivered an excellent lecture in network forensics that he attended last year. It is an indicator of the development of the capability through continuous co-operation, which should be continued and further upgraded. Our co-operation has been continued through the Summer Cyber School engaging the lecturers from the University of Minnesota, the University of Zagreb and the University of Split, the representatives of the Ministry of Defence and the Croatian Armed Forces and interdepartmental bodies. It is the interdepartmental co-operation that has offered a wider understanding of the challenges we meet in defending our communication networks.


Author: Major Tihomir Tomac
Photo archives of the CIS Directorate