Continuous security testing
With over 400 million cyber events processed by NATO Security Sensors daily in 2016, it's no surprise that our cyber defences need to be constantly checked and made stronger. A critical part of cyber security is to understand whether both in service systems and systems under development are appropriately protected. By assessing the strength of security mechanisms, improvements can be implemented before a vulnerability is exploited.
"What we do every day is we test everything before it gets deployed into NATO networks like software, everything that is used by NATO communities or NATO entities," Roberto said.
"It's necessary to have this team and exceptional skillset in-house. It's part of the life-cycle of software. As we speak, my two colleagues Diego Gianni and Francois-Xavier Stellamans have found vulnerabilities in two mainstream software products. We are very busy, we are so booked with tests that if you were to ask us today to test something, it would take place in [three or four months' time] because we are fully engaged."
This critical work brings the cell in contact with many authorities and entities across NATO and Member Nations.
"The Internet is a jungle"
Roberto and his colleagues have a unique understanding of the threats NATO faces and their possible disastrous consequences. Given the unique nature of NATO's business, the failure or the compromise of a critical system could possibly jeopardize a mission and endanger the lives of civilians and soldiers.
"[A hacker] can break the system, can make something not work… They can make it so that no one else can connect to a website, or they can get into the website, change content, compromise the database and steal information," he revealed.
"We work on testing very sensitive, very critical systems, like Air Command Control systems. We have to have a certain level of clearance to do this type of work. We have to make sure that these systems cannot be attacked easily or cannot go down in theatre or during a mission. They have to remain available. What we do is all defensive so we try to find vulnerabilities and help the developers fix them to make our software and products more secure and robust."
"The internet is like a jungle," he added. "Every day, every moment, there are always entities coming, new malicious hackers trying to get through, trying to get in. There is no face to the cyber attacker, you can be located anywhere, and in some countries you don't have any legal liability, so basically to me, we are always under attack."
Hacker Community
The Agency's cyber defenders are all active members of the wider cyber security community so their skills remain up to date and relevant.
"My colleagues and I are involved in the [cyber security] community. The community is a great way to exchange information techniques, discuss vulnerabilities. I presented at security conferences, like DEFCON, EUSecWest and Hack In The Box, where we exchange tips and tricks, produce security research. We publish articles from time to time, we also publish details of testing techniques, release scripts and tools. For instance, my colleague Filip Waeytens, one of the founders of Brucon [Hacking Security Conference in Belgium], has contributed to BackTrack, which is a collection of tools for ethical hackers. We are heavily involved in research. And when possible, we try to attend major security conferences where you can find fellow ethical hackers."