The CoESPU Magazine 1-2022

functions, image, or reputation), order to access or otherwise af- with relevant resources and per-

organizational assets, individuals, fect victims’ data, devices, sy- sonnel, accurate planning and

other organizations, or the Nation stems, and networks. The globa- coordination and frequent lin-

through an information system via lized nature of the Internet allows ks with private sector entities and

unauthorized access, destruction, these threat actors to be physical- organised crime groups (this is

disclosure, modification of infor- ly located anywhere in the world an additional factor in increa-

mation, and/or denial of service3. and still affect the security of in- sing the difficulties for attribution).

The threat definition once again formation of the target system(s)5. One of the most complex, sophi-

confirms that the Cyber perspective Cyber threat actors have a dif- sticated and dangerous “structu-

cannot be limited only to the “com- ferent gradient of capability and red” threat in use by state and sta-

puters’ world” and is required a new sophistication and may operate te-sponsored actors is defined as

approach to military operations. on their own or as part of a lar- Advanced Persistent Threat (APT):

A key factor of Cyber threat (and ger organisation (notably state the most common definition of an

consequently of Cyber Operations) and state-sponsored groups or or- APT is an adversary with sophisti-

is represented by the virtual wor- ganised crime groups). From this cated levels of expertise and signi-

ld: the absence of any “physical” perspective, sophisticated actors ficant resources, allowing it throu-

boundaries is not supporting an frequently put into practice any gh the use of multiple different

easy distinction between what is possible initiative in order to make attack vectors (e.g., cyber, physi-

the “military” “ACCORDING TO THE NATO GLOSSARY, CYBERSPA- cal, and deception)
part of the thre- CE IS THE GLOBAL DOMAIN CONSISTING OF ALL to generate oppor-
at and the “ci- tunities to achieve
INTERCONNECTED COMMUNICATION, INFORMA- its objectives, whi-
vilian” portion ch are typically to
of it, and ele- TION TECHNOLOGY AND OTHER ELECTRONIC SY- establish and ex-
vating the Cy- STEMS, NETWORKS AND THEIR DATA, INCLUDING tend footholds wi-
ber Threat to
the role of one THOSE WHICH ARE SEPARATED OR INDEPENDENT, thin the information

of the most re- WHICH PROCESS, STORE OR TRANSMIT DATA” technology infra-
structure of organi-
levant ingre-

dients of the Hybrid Threat. it difficult for defenders to attribu- zations for purposes of continual-

Erosion of distance, speed of inte- te the activity (so called obfusca- ly exfiltrating information and/or

raction, low cost and difficulty of at- tion and false flag techniques)6. to undermine or impede critical

tribution are characteristics making State and state-sponsored groups aspects of a mission, program,

the Cyber domain unique compa- are generally considered to be or organization, or place itself in

red to the “traditional” domains4. the most sophisticated actors, a position to do so in the future;

As previously mentioned, moreover, the advan-

Cyber is not only compu- ced persistent threat

ters and the actors tradi- pursues its objectives

tionally play a relevant role repeatedly over an ex-

behind the threat itself. tended period of time,

One of the most com- adapting to a defen-

prehensive definitions of der’s efforts to resist it,

Cyber actors is states, and with determination

groups, or individuals who, to maintain the level of

with malicious intent, aim interaction needed to

to take advantage of vul- execute its objectives7.

nerabilities, low cyber se- An excellent example

curity awareness, or tech- about the complexity

nological developments to of an APT is offered by

gain unauthorized access the model produced by

to information systems in Lockheed Martin and

51

STABILITY POLICING HUB

defined The Cyber Kill Chain8: a en Russia and Georgia demon- ted Centre of Excellence, the NATO
seven-step approach clearly illu- strated that cyber-attacks have the Cooperative Cyber Defence Cen-
strating the need for the Adversary potential to become a major com- tre of Excellence in Tallinn, Estonia.
to put in place a sum of actions ponent of conventional warfare. Allies are committed to enhancing
that requires a comprehensive ap- Since 2014 cyber defence has information-sharing and mutual
proach not limited to the “com- been recognised by NATO as an assistance in preventing, mitiga-
puter world”, as recently demon- essential element of the Collective ting, and recovering from cyber-at-
strated by massive online foreign Defence9 and NATO has affirmed tacks and since 2016 NATO and
influence campaigns that seek to the principle that international the European Union (EU) are co-
impact domestic events like an law applies in cyberspace as well. operating through a Technical Ar-
election, census, or public health. NATO’s main focus in cyber de- rangement on Cyber Defence. In
Finally, Cyber Threat actors can fence is to protect its own networ- the light of common challenges,
be categorised by their motiva- ks (including operations and mis- NATO and the EU are strengthe-
tions and by their sophistication. sions) and enhance resilience ning their cooperation on cyber
In general, each type of Cyber across the Alliance: at Warsaw defence, notably in the areas of in-
Threat actor has a primary moti- NATO Summit in July 2016 cy- formation exchange, training, re-
vation: Nation state Cyber Threat berspace has been recognised as search and exercises. At the same
time, NATO is intensifying its co-
actors are usually geopolitically a domain of operations in which operation with industry through a
motivated, Cybercriminals are ge- NATO must defend itself as ef- dedicated initiative, the NATO In-
nerally financially motivated, and fectively as it does in the Air, on dustry Cyber Partnership (NICP).
Hacktivists and Terrorist groups Land, at Sea and in the Space. In 2018 a further crucial step was
are often ideologically motivated. Following this crucial decision taken in setting up a new Cyber-
and recognising that cyber defen- space Operations Centre as part
NATO AND THE CYBER-DOMAIN ce is as much about people as it of NATO’s strengthened Com-
As a consequence of the cyber-at- is about technology, Allies also mand Structure, making possible
tacks against Estonia’s public and made a Cyber Defence Pledge in that NATO Cyber Rapid Reaction
private institutions in 2007, NATO July 2016 to enhance their cyber teams are on standby to assist Al-
Defence Ministers agreed that ur- defences, as a matter of priority. lies, 24 hours a day. The NATO
gent work was needed in this area. Since then, all Allies have upgra- Computer Incident Response Ca-
As a result, NATO approved its ded their cyber defences and rein- pability (NCIRC) based at SHAPE
first Policy on Cyber Defence in forced their capabilities for cyber in Mons, Belgium, protects NA-
January 2008. In the summer of education, training and exercises, TO’s own networks by providing
the same year, the conflict betwe- including the creation of a dedica- centralised and round-the-clock
cyber defence support. This ca-
pability is expected to evolve on
a continual basis and maintain
pace with the rapidly changing
threat and technology environ-
ment. In addition, NATO can now
draw on national cyber capabili-
ties for its missions and operations.
In parallel, the appropriate doctri-
nal and legal framework has been
established through several initia-
tives and a significant step forward
has been taken at the Brussels
Summit in June 2021, when the Al-
liance acknowledged the changing
threat landscape, recognising that

52

cyberspace is continually conte- formation Sharing Platform (MISP) continually contested, requires a

sted. In addition, Allies endorsed a and the Smart Defence Multina- constant analysis of Cyber Thre-

new Comprehensive Cyber Defen- tional Cyber Defence Capability ats, a close collaboration betwe-

ce Policy to support NATO’s three Development (MN CD2) project. en incident response teams and

Core Tasks mentioned before, as Finally, from a comprehensive ap- the exchange of good practices

well as its overall deterrence and proach perspective, including the concerning the cyber aspects and

defence posture to further enhan- reinforcement of the internatio- implications of crisis manage-

ce the Alliance’s resilience and nal legal framework at the NATO ment. Since 2021 a new Com-

making possible for Partner Na- Summit in June 2021, Allies reaf- prehensive Cyber Defence Policy

tions to be constantly committed firmed their commitment to act in is supporting the above-mentio-

to employing the full range of ca- accordance with international law, ned NATO’s three core tasks.

pabilities to actively deter, defend including the UN Charter, interna- According to expectations, the

against and coun- ALLIES ARE COMMITTED TO ENHANCING INFORMA- NATO Summit
ter the full spectrum in June 2022
of Cyber Threats. TION-SHARING AND MUTUAL ASSISTANCE IN PREVEN- will be one
Cyber defence has TING, MITIGATING, AND RECOVERING FROM CYBER-AT- more opportu-
also been integra- TACKS AND SINCE 2016 NATO AND THE EUROPEAN nity to reinfor-

ted into NATO’s UNION (EU) ARE COOPERATING THROUGH A TECHNI- ce the notion of
Smart Defence ini- CAL ARRANGEMENT ON CYBER DEFENCE Cyber as one of

tiatives. Smart De- the major thre-

fence enables countries to work tional humanitarian law and inter- ats to the collective security and

together to develop and maintain national human rights law, in order the new Strategic Concept will be

capabilities they could not afford to promote a free, open, peaceful possibly the opportunity to further

to develop or procure alone, and and secure cyberspace and to fur- consolidate Cyber as a priority.

to release resources for develo- ther pursue efforts to enhance sta-

ping other capabilities. The Smart bility and reduce the risk of conflict. IS IT TIME TO THINK IN TERMS

Defence projects in cyber defence The evolving threat landscape, OF CYBER-STABILITY POLICING?

currently include the Malware In- recognising that cyberspace is Traditionally considered part of the

53

STABILITY POLICING HUB

Land Domain and conducted by Cyber Domain from the Sta- ting room for SP as one of the to-
Land-oriented forces, Stability Po- bility Policing perspective: ols to effectively operate in a Joint,
licing (SP) for NATO is defined as First: thinking only in terms of Inter-agency, Inter-governmental
Police-related activities intended “computers” could be a critical er- and Multinational response to the
to reinforce or temporarily repla- ror; Cyber is no longer an activity resolution of the complex challen-
ce the indigenous police in order for “practitioners” and ignored by ges of a crisis offering innovative
to contribute to the restoration the rest of the Force. Commanders and scalable options by expanding
and/or upholding of the public or- at any level should start thinking the reach of the military instrument.
der and security, rule of law, and in terms of possibly conducting SP Third: Establishing and maintai-

the protection of human rights.10 activities also in the Cyber Domain ning a Safe And Secure Environ-
In fact, the definition does not and they should be properly edu- ment (SASE) and Freedom Of Mo-
exclude at all any different appro- cated to do so by having Cyber vement (FOM) is a paramount in
ach required to include the Cyber as part of their basic set of skills. a SP mission: it is probably time to
Domain as part of the SP Battlespa- It is not only matter of giving them consider the option to think in term
ce and the existing NATO doctri- technical skills as they have to en- of a cyber-SASE and a cyber-FOM
nal framework does not close the ter into a virtual dimension with from the perspective of a com-
door to cyber in Stability Policing. no-boundaries and have the abili- prehensive approach. Understan-
As briefly pointed out in the previous ty to rapidly shift from the traditio- ding the Operating Environment
paragraphs some basic ingredien- nal Land dimension to the virtual and Understanding the Threat are
ts of the Cyber Threat perfectly fit dimension of the Cyber Domain. by doctrine11 two essential elemen-
the Stability Policing environment Second: Cyber is at the same time ts of the Planning Considerations
and are rapidly emerging as a re- a substantial ingredient of the Hy- in support of a SP mission. Nowa-
ality that cannot be further ignored brid Threat. Both Cyber and Hybrid days Cyber can be undoubtedly
or under-estimated as part of the are characterised by the absence considered as a relevant part of
evolution of the Stability Policing of physical borders (as previously the threat and an essential ingre-
vision and the related capabilities. pointed out), consequently there is dient of the Operating Environ-
More specifically, some consi- very little (or no) distinction betwe- ment, therefore by syllogism Cyber
derations support the need to en a purely military context and a cannot be ignored in a SP mission.
dedicate more attention to the civilian environment, clearly crea- Fourth: Law Enforcement (LE) has

54

an important role to play in sup- lution of the threat; a significant meone else. For example, a nation-state could
port of the Host Nation, particularly effort should be made to con- use a tool believed to be used extensively by
when it comes to domestic defensi- stantly maintain the operational cybercriminals. (FireEye Cyebr Security at ht-
ve cyber operations12: the frequent advantage against the enemy, tps://fireeye.com)
obfuscation of the adversary has thus avoiding a dangerous “cha- 7 US National Institute of Standard and Tech-
relevant legal implications, poten- se the (cyber)-threat” approach. nology (NIST) – Computer Security Resource
tially involving Host Nation‘s legal Cyber-instability is progressi- Center (CSRC)
authorities, and States are called to vely becoming a reality: con- 8 Lockheed Martin. Gaining the Advantage.
seek additional innovative updates sequently, the need for cy- Applying Cyber Kill Chain Methodology to
to laws that will allow LE to take ber-stability cannot be ignored. Network Defense. 2015
appropriate measures. In addition, 9 Collective Defence, Crisis Management
it should also be considered that SP Disclaimer: this paper is a product of the and Cooperative Security are the three Core
Assets (when mandated) can con- NATO Stability Policing Centre of Excellen- Tasks identified by the NATO Strategic Concept
duct a LE activity in Cyber Domain ce and its content does not reflect NATO adopted in 2010 at the Lisbon Summit.
as part of the Temporary Replace- policies or positions, nor represent NATO 10 AAP-06 NATO Glossary of terms and defini-
ment mission within fragile states. in any way, but only the NSPCoE or au- tions (ed. 2021)
Police Capacity Building is a key thor(s) depending on the circumstances. 11 Allied Joint Publication AJP 3.22 - Allied
role to develop and improve the Joint Doctrine for Stability Policing
police capabilities in fragile sta- note 12 America’s Cyber-Reckoning. Sue Gordon
tes and SP can offer a relevant and Eric Rosenbach – Foreign Affairs Jan. –
contribution also to deter the de- 1 AAP-06 NATO Glossary of terms and defini- Feb. 2022
velopment within fragile states tions (ed. 2021)
of cyber-sanctuaries having the 2 AAP-06 NATO Glossary of terms and defini- PICTURES:
ability to harm the security of the tions (ed. 2021) Aldo Rosa
Alliance and its member states. 3 US National Institute of Standard and Tech-
Finally, there is a serious risk to nology (NIST) – Computer Security Resource Aldo Rosa
have “Stone Age commanders” in Center (CSRC) Lt. Col. – Italian Carabinieri
a highly sophisticated operating 4 Joseph S. Nye Jr., The end of Cyber Anarchy. NATO Stability Policing COE
environment and to face an evol- Foreign Affairs, Jan-Feb 2022 Acting ALS Section Chief /
ved adversary putting in place an 5 Canadian Centre for Cyber Security: An In- Security Officer
evolved threat if we do not rapidly troduction to the Cyber Threat Environment.
change our mindset and expand https://cyber.gc.ca
the SP perspective as part of a 6 Obfuscation refers to the tools and techni-
comprehensive approach vision. ques that threat actors use to hide their identi-
Part of the solution could be the ties, goals, techniques, and even their victims.
virtuous cycle sustained by NATO In order to avoid leaving clues that defenders
through CoE’s systemic approach: could use to attribute the activity, threat actors
the “past” properly processed by can use either common, readily available to-
the Lessons Learned loop can ge- ols and techniques or custom-built tools that
nerate useful inputs to be develo- covertly send information over the Internet.
ped by the Concept Development (FireEye Cyebr Security at https://fireeye.com)
& Experimentation Pillar, to be cap- Sophisticated threat actors can also use false
tured and consolidated through flag, whereby an actor mimics the known acti-
the Doctrine Development & Stan- vities of other actors with the hope of causing
dards component, and finally tran- defenders to falsely attribute the activity to so-
sferred to the operational world by
the Education and Training Pillar.
A prompt change of mindset is re-
quired due to a big risk of being
“left behind” by the rapid evo-

55

C ESPUOCOESPU TRAINING TRAINING

56

57

COESPU TRAINING

2ND UNITED NATIONS STAFF OFFICERS COURSE

JANUARY 19 – FEBRUARY 8, 2022

2nd United Nations Staff Officers Course at CoESPU’s premises. The course aimed at training military, police
and civilian Headquarters Staff in planning and decision making process, also on the basis of the extensive
experience gained by CoESPU through the delivery - along the years - of several courses on Civilian, Military
and Police Relations in Peace Operations. Based on the UNPOL Strategic Guidance Framework for Interna-
tional Policing (SGF), the activity follows the most recent UN doctrine and the UN New Police Architecture Pro-
gram, which in particular foster mutual cooperation and understanding in Peace Operations, due to their inte-
grated and multidimensional nature. The Attendees came from from Jordan, Malaysia, Nepal, Senegal, Togo
and Ukraine, plus 3 Interns from Italy and one Tutor from Thailand.

15TH ASYMMETRIC THREAT COURSE

MARCH 8 – MARCH 18, 2022

The main goal of the two-week training Course, in the framework of the Italian Defence General Staff Initia-
tives, was to provide the attendees, coming from Albania, Italy and U.S.A, with a comprehensive overview on
transnational and complex threats against peace and stability - the so called “asymmetric threats” – in order to
fight modern hybrid menaces in multiple ways, combining military and police assets.

58

23RD (ENHANCED) COMPREHENSIVE PROTECTION OF CIVI-
LIANS COURSE

MARCH 16 – MARCH 29, 2022

Born from the long-lasting collaboration between the US Department of State and the CoESPU and based on
the recently released United Nations Comprehensive Protection of Civilians for Police Training Materials (2020),
the course encompassed all the most relevant UN policies, standards and manuals, promoting an effective
knowledge and supporting the development of the necessary skills to effectively implement POC in UN Peace
Operations. The audience was composed of 26 students coming from Bangladesh, Benin, Jordan, Malaysia,
Nepal, Rwanda, Senegal and Togo, plus one Tutor from Thailand and one Intern from Ca’ Foscari University
of Venice, in the context of CoESPU internship projects.

15TH INTERNATIONAL MILITARY POLICE COURSE

MARCH 21 – APRIL 1, 2022

In the framework of the Italian Defence General Staff Initiatives, students from Italy and Niger attended a 2-week
training activity inspired to the current role, procedures and challenges of the International Military Police.

59

AROUND THE WORLD EVENTS
TRAINING ACTIVITY IN FAVOUR OF SECURITY FORCES
MEMBERS FROM THE IRAQI MINISTRY OF INTERIOR

JANUARY 31 – FEBRUARY 4, 2022

In the framework of the “Counter Terrorism in the Middle East and Central Africa” European Union
Project, CoESPU hosted the 1st advanced course on “Counter Improvised Explosive Devices” and
“Chemical Biological Radiological Nuclear Explosive”, in favour of Security Forces Members from the
Iraqi Ministry of Interior. At the end of the Graduation ceremony, the course participants were given
an essay on forensic investigations, issued by the Carabinieri Scientific Investigations Department in
collaboration with the CT-MENA Project.

60

EU TWINNING PROJECT FOR THE NORTH MACEDONIAN
NATIONAL COUNTERTERRORISM ACTION TEAM

MARCH 8 – MARCH 11, 2022

CoESPU hosted “Strengthening the Prevention / Counter Violent Extremism & Counterterrorism Co-
ordination Capacities”, an European Union Twinning Project implemented by the Carabinieri and
“Studiare Sviluppo”. The activity, aimed to validate the Standard Operating Procedures for the North
Macedonian National Counterterrorism Action Team was carried out by representatives from relevant
Government, security and intelligence agencies.

61

ONSITE VISITS

COESPU ONSITE VISITS

62

63

ONSITE VISITS

PROF. ANDREA MARGELLETTI, FOUNDER AND CHAIRMAN
OF CE.S.I., CENTRE FOR INTERNATIONAL STUDIES

FEBRUARY 15, 2022

BRIG. GEN. ULF HÄUSSLER, COMMANDER OF THE GERMAN
BUNDESWEHR MILITARY POLICE

MARCH 9, 2022

64

COL. JAY LIDDICK, US ARMY PKSOI DIRECTOR

MARCH 11, 2022

LT. GEN. BRUNO JOCKERS, FRENCH GENDARMERIE DEPUTY
COMMANDING GENERAL

MARCH 15, 2022

65

ONSITE VISITS

COL. MATTHEW J. GOMLAK, COMMANDER OF THE U.S.
ARMY GARRISON ITALY.

MARCH 22, 2022

GEN. PAOLO RUGGIERO, NATO DEPUTY SUPREME ALLIED
COMMANDER TRANSFORMATION

MARCH 31, 2022

66

Center of Excellence for Stability Police Units -Sub Iure ad Pacem tuendam Milites paro The 3 - 2019

CMoEASGPAUZINEThe online quarterly Journal of Stability Policing

ININPTEEARCNEATOIPOENRAALTIPORNOSTECTION OF HUMAN RIGHTS
ThLeeUaPNrrnoPitOnegc&ttihoIenntleoarfnnHgaRutaiiongneUaNolfLPahOwumEvaonluritgiohntsthrough Continuity

PeRaTEcHLeAEkTEeEVeDpOiTLnUOgTWPIEOitAhNCinOEtFKhETeEHBPEoIuINNnGdTaMErRiIeNSsASoTIfOIIONnNtS.ALaLwLAW
The Future of Peacekeeping from the EU Prospective

ÿ74($123425ÿ78ÿ9:;2<<23;2ÿ875ÿ=4>?@<@4AÿB7<@;2ÿC3@4DÿEFGHÿJGKLÿMNÿOMPLQÿRGLSNMQÿTUVURLWÿXMKY 0ÿ2ÿ0303
"6
964($ÿ" $ÿ[ #&$# .ÿ\" # ÿ"*ÿ &' &.ÿ " ,

+%5.,"2ÿ4 (0 5 2ÿ ÿ 2 6 &ÿ 945 #ÿ5 6 ÿ 5 8ÿ, ! 2% 6+ÿÿ ÿ8ÿ7% ÿ9%949. ÿÿ 7,
5 ÿ4 2# 6"ÿ8 4
96 94 7
ÿ#! ÿ ( ÿ
ÿ7& "ÿ$
8 4&& 8 !) % %8ÿ "49"ÿ6 % 9 $ÿ7 ÿÿ!6$ 8 ÿ8%ÿ'4ÿ4ÿ* & " /"

"ÿÿ6#, 9ÿ ÿ72 $ ÿ $%6"9ÿ 7%"8 %
ÿ* "++
ÿ69 &
ÿ $+78 ÿ ÿ& &+6ÿ"&($6 46"$ #ÿ#ÿÿ
6&#6&ÿ"89 4&( , 6 6ÿ$$
# ÿ 67 -$ÿ9&(+ 6.$ ÿÿ95+ / 4$ #
9ÿ+6%"744 &ÿ(ÿ
668
7$ & 8 ' ÿ! 9ÿ &!96& 8 6 "6 ", 7 4ÿ ÿÿÿ 4ÿ'
4 ÿ6ÿ8ÿ ÿ
ÿ ÿ &9ÿ $ ÿ9 6ÿÿÿ ÿ
ÿ 4ÿ ÿ ÿ
48 6
8
9

Visit: www.coespu.org

We welcome your contributions!

Should you wish to collaborate with our
Magazine, please send your articles, tales or pictures from the field to

[email protected]

67