Home  /  About us  /  Newsroom  /  NATO’s Cyber Defenders: Hacking, a way of life

01 10 2017

NATO's Cyber Defenders: Hacking, a way of life

Hacking is often seen as a danger to governments even to society, capable of causing chaos as we rely increasingly on digital data for our daily lives. But there are ethical hackers, and many of them work alongside organizations and companies constantly testing their defences to ensure that they are resilient enough to face cyberattacks.

Roberto Suggi Liverani was just five years old when he started playing with computers. He learned how to pick computers apart, how to code, and what began as child's play soon changed into a vocation. Making the jump to working in cyber security came naturally.

Roberto has been a professional ethical hacker for over a decade and most recently for the NCI Agency, protecting NATO's networks and applications.

"People like us who hack professionally are called white hats, to indicate that our work is to secure networks," Roberto explained.

"There are different groups. There are people working underground as black hats, there are people who are in between, 'grey hats' - sometimes they work with organizations or companies, sometimes they don't. Each of us at the Agency has a different background. In my case, it's a passion that has always been with me. And I taught myself many of the skills which I now use every day. In this field, experience and learning by doing is key, while academia does not always mirror the quick evolution of this industry. So after obtaining a scientific diploma, I began working as consultant. I was doing penetration testing for various customers in different industries, such as finance, banking, insurance and telecommunication, before joining NATO."

International team and unique skillset

The Agency's Cyber Security Capability Development team is located in two locations: Mons, Belgium and The Hague, Netherlands. Cyber Security testing, validation and configuration is conducted from Mons while Cyber Security innovation, planning and design takes place in The Hague.

Roberto works as a Senior Security Engineer for the Cyber Capability Validation cell based in Mons, which is made up of world-class security experts.

"This is the team to be if you never want to stop learning, hack and break stuff professionally. We have excellent people, like Vincent Hutsebaut, who came first in international CTF [Capture the Flag] hacking challenges - these are global challenges played by people all around in the world. If you score high points, it means you are very talented."

The Italian national and his talented colleagues are experts in defensive security, web application security, cyber defence exercises, network security and forensics. All of them also have a deep understanding of how malicious hackers operate.

Part of their work involves penetration testing, that is to say looking for weaknesses in systems and reverse-engineering, which is a technique to hack into a software so as to understand how it works.

The cell also tests NATO networks by red teaming - simulating cyber-attacks from adversaries during exercises.

NATOtmpAmps Cyber Defenders: Hacking, a way of life

Continuous security testing

With over 400 million cyber events processed by NATO Security Sensors daily in 2016, it's no surprise that our cyber defences need to be constantly checked and made stronger. A critical part of cyber security is to understand whether both in service systems and systems under development are appropriately protected. By assessing the strength of security mechanisms, improvements can be implemented before a vulnerability is exploited.

"What we do every day is we test everything before it gets deployed into NATO networks like software, everything that is used by NATO communities or NATO entities," Roberto said.

"It's necessary to have this team and exceptional skillset in-house. It's part of the life-cycle of software. As we speak, my two colleagues Diego Gianni and Francois-Xavier Stellamans have found vulnerabilities in two mainstream software products. We are very busy, we are so booked with tests that if you were to ask us today to test something, it would take place in [three or four months' time] because we are fully engaged."

This critical work brings the cell in contact with many authorities and entities across NATO and Member Nations.

"The Internet is a jungle"

Roberto and his colleagues have a unique understanding of the threats NATO faces and their possible disastrous consequences. Given the unique nature of NATO's business, the failure or the compromise of a critical system could possibly jeopardize a mission and endanger the lives of civilians and soldiers.

"[A hacker] can break the system, can make something not work… They can make it so that no one else can connect to a website, or they can get into the website, change content, compromise the database and steal information," he revealed.

"We work on testing very sensitive, very critical systems, like Air Command Control systems. We have to have a certain level of clearance to do this type of work. We have to make sure that these systems cannot be attacked easily or cannot go down in theatre or during a mission. They have to remain available. What we do is all defensive so we try to find vulnerabilities and help the developers fix them to make our software and products more secure and robust."

"The internet is like a jungle," he added. "Every day, every moment, there are always entities coming, new malicious hackers trying to get through, trying to get in. There is no face to the cyber attacker, you can be located anywhere, and in some countries you don't have any legal liability, so basically to me, we are always under attack."

Hacker Community

The Agency's cyber defenders are all active members of the wider cyber security community so their skills remain up to date and relevant.

"My colleagues and I are involved in the [cyber security] community. The community is a great way to exchange information techniques, discuss vulnerabilities. I presented at security conferences, like DEFCON, EUSecWest and Hack In The Box, where we exchange tips and tricks, produce security research. We publish articles from time to time, we also publish details of testing techniques, release scripts and tools. For instance, my colleague Filip Waeytens, one of the founders of Brucon [Hacking Security Conference in Belgium], has contributed to BackTrack, which is a collection of tools for ethical hackers. We are heavily involved in research. And when possible, we try to attend major security conferences where you can find fellow ethical hackers."