[…]
Along with NATO allies, there are currently over 1,700 Canadian troops and aircrew dug in as part of a Western commitment to defend Latvia. More are planned and others are on standby should there be a crisis.
[Recently], Canadian, Danish, Spanish, Polish, Italian, Swedish and Latvian troops conducted a major exercise at the Adazi training range, on the outskirts of the Latvian capital of Riga. The scenario they were rehearsing for was stark.
[…]
“Latvia has been the target of Russian cyber operations since their very beginning,” said Varis Teivans, deputy manager and a senior technical expert at CERT.LV, located at the Institute of Mathematics and Computer Science at the University of Latvia.
When Teivans says the very beginning, he’s referring to the 2006-07 timeframe when proxy groups affiliated with Russia’s security service — the FSB — launched denial-of-service attacks against public infrastructure in neighbouring Estonia.
[…]
He said Russian targets have expanded from government institutions, such as border controls, power grids, defence and foreign relations, to deep into the country’s private sector — aiming at companies that are part of the national security supply chain.
[…]
They work side-by-side at the university, which is housed in a dimly lit, old Soviet-style building. Behind banks of computer screens and with a giant, open-source, worldwide cyberattack threat monitor streaming in the background, Canadians working with the Latvians conduct what’s known as threat-hunting operations.
[…]
[Canadian officer aiding CERT.LV Maj. Kiernan] Broda-Milian also said their hosts “are capable of performing this work. But there are not enough cybersecurity professionals in Latvia, and then we both learn from each other.”
The Canadian team has been engaged in digital forensics in cases where intrusions have been detected. They essentially examine the techniques for telltale signs of who may have conducted the attack.
Teivans said they look for little mistakes. For example, one Russian hacker left behind signs because it was clear they were using a keyboard with cyrillic letters.
Both Teivans and Broda-Milian said an important side benefit of the Canadian presence is that the cyberhunting and forensics operations give a glimpse into Russian tactics that gets fed back to Ottawa in the form of threat intelligence.
[…]