Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 4

Digital Sparta: Information Operations and Cyber-warfare in Greece ¹

The intense scholarly debate about information operations and cyber-warfare tends to be dominated by the American experience. This is to some extent justified; but the reality is that national doctrines of information operations and cyber-warfare are as varied as human fingerprints. Countries do not enter the sphere of the information society in a vacuum. Instead, they carry their particular historical experiences and strategic concerns with them. These are instrumental in shaping national cyber-warfare doctrines with distinct features, reflecting the geopolitical identity of each nation.

Such varied doctrines combine the military and civilian dimensions of information operations. The formal origins of information operations are undoubtedly military [VEN 09]; yet it would be an error to limit our understanding of the broader concept of information operations to the context of war, or even to the military realm altogether. Although they include traditional military components, such as deception or psychological warfare, information operations extend to areas more closely associated with intelligence and network warfare — that is, offensive and defensive information operations implemented in times of peace [VEN 09]. Examples of such operations range from the 1982 explosion of the Urengoy-Surgut-Chelyabinsk natural gas pipeline in Siberia due to defective computer systems supplied by the United States (US) Central Intelligence Agency (CIA) to unsuspecting Soviet engineers [WEI 96], to the 2010 Stuxnet computer virus that targeted the technical infrastructure of the Iranian nuclear energy program [FAL 10].

The connections between military and civilian information operations are critical for the full comprehension of cyber-warfare, which is a relatively new concept that tends to blend conventional distinctions between domestic and international security, military and civilian targets, and even warfare domains. It is also important for understanding the doctrinal framework within which countries other than the US, with more limited defense postures and strictly peripheral security concerns, approach cyber-warfare. Greece is a case in point.

4.1. Geopolitical significance

Arguably, Greece may not be the first nation that comes to mind when considering national conceptions of cyber-warfare and information operations. The country’s small size and weak economy inevitably place it among the more marginal of Western states. Moreover, there appears to be consensus, even among Greek scholars [KON 88], that Greece’s geopolitical weight has diminished in the postSoviet environment. Additionally, it may be argued that the recent implosion of the Greek economy has severely constrained the country’s strategic maneuvering [ANO 11b]. This section aims to show that dismissing Greece’s relevance in the domain of cyber-warfare would be myopic — indeed dangerous. If anything, the country’s geopolitical significance is such that Greece’s international stature far exceeds the narrow parameters of its small armed forces and relatively weak economy. In other words, dismissive views of Greece’s structural and economic weaknesses ought to be tempered by the elevated geopolitical framework of the country’s wider region, in which even nations of diminished regional importance remain significant in the global domain.

Although an integral part of the Balkans, Greece’s geopolitical standing rests on its geographical position in the immediate periphery of the Middle East. Its 16,000 km coastline, which is dotted with indispensable military outposts on islands like Crete, Rhodes and the Republic of Cyprus, allows it to monitor — and often directly engage in — the prolonged crisis in the Middle East [DEM 99]. The Balkan Wars of the 1990s, the rise of Islamic fundamentalism and the wave of popular revolts that swept Arab countries in 2010 and 2011 serve as reminders of Greece’s continuing geopolitical relevance in the post-Cold War environment. Moreover, its crucial position at the transcontinental crossroads of Europe, Asia and Africa provides it with strategic proximity to the Dardanelles and the Suez Canal, two critical transportation junctures that link the Mediterranean with the energy-rich regions of the Black Sea and the Persian Gulf, respectively [DEM 99].

Though severely hampered in recent times, Greece’s economy is important, too. The international weight of the Greek economic sector should not be underestimated. In the 14 years immediately preceding 2008, the country’s gross domestic product rose by between 3% to nearly 6% annually, making the Greek economy one of the world’s fastest-growing [LIV 10]. Even in times of economic crisis, its economy is listed among the world’s 30 wealthiest [BAK 10, LIV 10], only 15 times smaller than that of China and four times smaller than that of India — whose population sizes exceed Greece’s by a factor of up to 160 [BAK 10]. Greece’s employee sector, one of the world’s most highly educated and multilingual [BAK 10], is largely responsible for the Greek economy’s impressive peripheral role in recent years [TAY 03]. This allows the country to regularly influence patterns of political interaction in the Balkans and southern Europe [MOU 07]. Greek-registered companies active in the Balkans have invested over $20 billion in the fields of telecommunications, energy, food production and distribution, and banking [BAK 10, TAY 03]. Greece’s role is particularly notable in the latter: as of 2010, 30% of bank headquarters in the Balkan region (including Turkey) belonged to Greek companies, which operated as many as 3,500 bank branches throughout the region [BAK 10, LIV 10]. The regional role of the Greek finance sector, coupled with Greece’s absorption of over a million laborers from Balkan countries, can be partially credited for helping stabilize the economies of the Balkan region during the crucial post-1991 transitional period [BAK 10].

The peripheral weight of Greece’s finance sector is coupled by the country’s formidable seafaring power. In 2010, Greece boasted the world’s second-largest merchant naval fleet, with ownership of nearly 20% of the world’s total fleet¹ [LIV 10]. Greeks own over half the European Union’s (EU) merchant navy, making the country’s role in European civilian naval transportation comparable to Germany’s role in the area of heavy industry. In 2010, nearly 60% of the EU’s total exportation of goods and products to China, and 35% of its exports to the US, was facilitated though Greek-owned ships [BAK 10].

The country is also gradually transforming itself into a telecommunications hub for the Eastern European and Balkan regions [TAY 03], fulfilling an infrastructural function similar to that of Cyprus in the Near East. The Athens-based Hellenic Telecommunications Organization (OTE) and its subsidiary, CosmOTE, own majority or minority shares in telecommunications providers in Armenia, Ukraine, Romania, Serbia, Bulgaria, Albania, Turkey and elsewhere [TAY 03]. Furthermore, Greece’s strategic location positions it at the heart of some of the Internet’s most crucial fiber optic “choke-points” [ANO 10c], which facilitate undersea digital traffic patterns from the Middle East, to Europe, Central Asia and beyond.

Last, though certainly not least, Greece’s geopolitical significance can be expected to increase due to its inclusion in planned energy distribution routes connecting Europe to Russia and Central Asia [KER 04, DEM 99]. In 1994, Russia, Bulgaria and Greece drafted plans to construct the trans-Balkan oil pipeline, which would enable Russia to transfer oil from Novorossiysk to the Aegean Sea while bypassing the Turkish Straits [DEK 03]. The project, known as the Burgas– Alexandroupolis pipeline, has been stalled, but if completed it will facilitate an alternative oil route to the Western-sponsored Baku—Tbilisi—Ceyhan pipeline, and will constitute the first-ever Russian-controlled pipeline on EU territory [LUF 09, GRA 09]. Since 2007, a new natural gas pipeline has connected Turkey and Greece, allowing the latter to receive some Azerbaijani gas, which marks the first-ever gas supply from the Caspian region to the EU. If plans to extend the supply into Italy through the proposed Interconnector Turkey—Greece—Italy pipeline materialize, the route will provide two — and potentially more — EU Member States with natural gas from a source other than Russia [NIC 11]. There are also plans for an extension to the Nabucco pipeline, which would carry Iraqi and Central Asian natural gas supplies to Greece and Italy [TAG 09].

The above analysis demonstrates that Greece’s international stature far exceeds the narrow parameters of its small size and relatively weak economy. Despite its diminutive standing within the Western context, its geopolitical position is anything but trivial. A severe Greek crisis, whether sociopolitical, economic or military in nature, would bear immediate, extensive and multifaceted consequences for southeast Europe, the Balkans, the Middle East, and several international organizations, including the EU and the North Atlantic Treaty Organization (NATO), for which Greece serves as “a sensitive strategic outpost” [TSA 04] across several troubled regions [KOF 03].

Greece’s geopolitical importance is inevitably reflected in the information environment. Should the country be threatened or otherwise destabilized by coordinated cyber-attacks on its information networks, similar to those experienced by Estonia in 2007 and Georgia in 2008 [ANO 10b], spillover effects could massively impact on international shipping patterns, energy transportation networks, global banking, NATO military and communications assets, and regional telecommunications systems, to name but a few. Perhaps more importantly, Greece’s geopolitical attributes are decisive in helping formulate the country’s conception of information operations and cyber-warfare, as will become evident further on in this chapter.

4.2. Strategic concerns and internal balancing

Another factor in shaping Greek conceptions of information operations and cyber-warfare is the country’s immediate and long-term strategic concerns, particularly in relation to the age-old Greek–Turkish rivalry. The latter, in its ethnic/religious dimension, or as part of imperial policies during the Byzantine and Ottoman periods, has been a feature of regional politics for over 10 centuries [KER 04]. Since its independence in the first half of the 19th Century, the Greek state has never made a major strategic policy decision without considering its potential impact on its balance of power with the Ottoman Empire/Turkey [TAY 03]. This includes the period of the Cold War — particularly after 1974, when Greek strategic thinking reflected relations with Turkey to a far higher degree than relations with the Soviet Union or countries aligned to it [TSA 04].

Throughout modern times, the Greek–Turkish bilateral relationship has been one “of low-intensity conflict disrupted by shorter or longer détentes [periods of relaxation]” [GÜN 05]. Periods of the absence of war have usually been tense and viewed on both sides of the Aegean as opportunities to prepare plans for future wars [KON 88]. This prolonged tension is driven by mutual suspicion and the perception that the other side is actively “harboring aggressive designs” [AYD 04], even when discernible evidence points to the contrary. Spiraling suspicion has helped solidify a bilateral framework of conflict-oriented power-politics, in which preemption and domination often supersede balancing behavior or the establishment of mutual security objectives [AYD 04]. Today, individual issues of contention between the two nations typically blend into a unified system of recrimination and retort. Such issues include the political independence of Greek religious institutions in Turkey, the ethnic character of the Muslim minority in northeastern Greece, and the control of territorial waters, mineral rights, airspace and even small islets in the Aegean Sea [NAC 03]. In 1996, the two countries came dangerously close to war over one such disputed pair of uninhabited islets. Known as the Imia/Kardak crisis, the heated episode cost the lives of three Greek military officers, when their helicopter crashed over the islets — some argue due to live fire shot from a Turkish warship [HAD 99]. The crisis led to the eventual dismissal of the Chief of the Hellenic National Defense General Staff at the time (the commander of all Greek armed forces), Admiral Christos Limberis.

By far the most dominant issue, however, in terms of impact on Greek strategic thinking, is the Turkish military occupation of northern territories in the Republic of Cyprus. Before 1974, when Turkey invaded the majority Greek-speaking island in response to a coup led by Greek ultranationalists, Greece had implemented a policy of appeasement against Turkey, while maintaining a “modicum of […] autonomy and independence” [KOF 03] from the US. Its entry into NATO in 1952, along with Turkey, was a major component of that policy, which rested on the belief that the US would protect Greece from perceived Turkish aggression, in order to maintain the stability of NATO and direct unified Member State resources against the Warsaw Pact [KER 07, NAC 03]. Washington’s failure to prevent Turkey’s invasion of Cyprus, however, shattered Greek strategic thinking almost overnight. Athens faced the reality of violent conflict, and experienced a potentially direct threat to its territorial integrity by a fellow-NATO Member State. This highly traumatic experience led Greek planners to redirect their strategic resources to internal balancing [TSA 04], namely strengthening Greece’s armed forces in direct competition with its eastern neighbor [TSA 04, KER 04]. As a result of this policy, by 1992 the Greek state was the industrialized world’s second-largest weapons purchaser [MOU 07]. Greece’s internal balancing trajectory, which has been sustained in recent years by regional instability in the Balkans and the Middle East, remains high in defiance of declining average defense spending rates among NATO and EU countries [TSA 04, NAC 03].

The process of internal balancing in Greek strategic thinking, which encompasses the country’s information operations doctrine, rests on visions of technological superiority. The latter are viewed as the key to counteracting Turkey’s geopolitical advantages, as perceived by Greek defense planners [FIT 10a]. These perceptions include Greece’s lack of strategic depth, which exposes virtually all of its major population and military production centers to the reach of Turkish artillery, as well as its physically fragmented territory, composed largely of thousands of hard-to-defend islands and islets. They also incorporate what is known in Greece as ‘the demographic problem’, namely the growing population disparity between Greece’s 10 million aging inhabitants and Turkey’s youthful populace, which is widely expected to reach 100 million by the year 2020 [KON 88, NAC 03]. More importantly, modern Greece is seen as lacking what some theorists call a ‘geopolitical dynamic’ [KON 88], namely a set of historical and political regional ambitions that can, under certain conditions, unify its population and motivate it to constantly rise above its insecurities and inhibitions [KON 88]. It can be argued that this view ignores the multitude of Turkey’s internal limitations and inconsistencies, such as its often schizophrenic relationship with Europe and the Middle East — including Israel — as well as its fragmented religious, ethnic and class composition, which can be said to lie behind the country’s prolonged political instability [DEM 99]. Nevertheless, the view of Turkey’s geopolitical dynamic as somehow more vigorous compared to that of Greece is a driving perception among Greek defense planners [FIT 10a]. The latter view Turkey’s internal inconsistencies as potentially empowering Ankara’s regional ambitions, by acting as a discharging mechanism for impulsive expansionist tendencies harbored among ultranationalist military circles [KON 88].

4.3. Formative experiences in information operations: the Ergenekon conspiracy

Conceptions of information operations in Greece reflect the dominant views of defense policy experts about Turkey’s vigorous and impulsive geopolitical dynamic. They are also shaped by defining moments in information operations experienced by Greek planners since the late 1990s. One such defining moment centers on revelations in Turkey of what has come to be known as the Ergenekon affair — an alleged alliance of military and intelligence officers in pursuit of secular and ultranationalist objectives. The Ergenekon conspiracy, which was partly neutralized by the Turkish government in the years following 2007, appears to have been part of what observers describe as Turkey’s ‘deep state’. The term signifies a covert network of influential individuals operating within the country’s security state apparatus, who view themselves as custodians of Turkey’s secularist and nationalist traditions [ANO 10a]. The Ergenekon conspiracy involved, among other things, a series of coup plots, terrorist acts and other sophisticated criminal schemes, some dating as far back as 2001. These were all aimed at destabilizing, or altogether terminating, the government of the pro-Islamic Justice and Development Party. Since 2007, an ongoing legal investigation into the affair has involved the detention of over 200 prominent figures involved in Ergenekon’s civilian, paramilitary and intelligence wings [ANO 10a].

According to the public indictment drafted by the Turkish state prosecutor, several of Ergenekon’s plots involved information operations — particularly black propaganda and false flag operations — directed against Greece and Greek national and regional interests. They included the planned assassination of Ecumenical Patriarch Bartholomew I of Constantinople, the prelate of the Eastern Orthodox Church, which would be subsequently blamed on Kurdish paramilitaries [ANO 10a]. Another plot involved “the shooting down of one of Turkey’s own F-16 fighters over the Aegean Sea, which was to be blamed on the Greeks” [ANO 10a], presumably in an attempt to destabilize bilateral relations between Greece and Turkey and unify the Turkish population in support of the country’s military. Thankfully, Ergenekon was penetrated by the Turkish authorities before these activities were carried out.

One of Ergenekon’s information operations did, however, materialize. In October 2009, an anonymous letter from a whistleblower revealed the existence of a detailed sub-operation under a broader political destabilization program entitled “Action Plan to Fight Reactionaryism” — a term used by the Turkish military to refer to non-secular political views. The sub-operation proposal had initially been drafted by Turkish Army Colonel Dursun Çiçek, following explicit directives in 2000 by the Office of Prime Minister Bülent Ecevit. Brigadier General Hıfzı Çubuklu, legal adviser to the Turkish Armed Forces General Staff, which took control of the operation, handed it over to its Third Information Support Unit. The latter implemented it under direct supervision by Deputy Chief of General Staff General Hasan Iğsız. According to Istanbul’s 13th High Criminal Court, which began pursuing the case in March 2010, General Iğsız provided regular updates about the operation to the Chief of General Staff, General İlker Başbuğ [YEN 10].

The court indictment explains that the operation had a two-fold mission, centering on information collection and active propaganda. On one hand, the Third Information Support Unit was tasked with systematically monitoring the activities of over 400 Turkish and foreign-language websites. The latter were carefully targeted for allegedly supporting “reactionaryist” politics, “separatist” causes, the Justice and Development Party views, as well as voicing criticism of the Turkish armed forces. The more sinister aspect of the operation involved the clandestine creation of 42 websites aimed at disseminating fabricated information against groups and individuals deemed as adversaries by the Turkish military. According to court documents, the ultimate goal was to “gain public support regarding a possible military coup and mislead public opinion in line with the alleged coup plotters’ aims” [YEN 10].

The websites and Internet domains, which were provided by Middle East Software Services Inc., a now-defunct internet provider with links to the Turkish military, were maintained for several years by active and retired Turkish military personnel. Many of these online propaganda outlets acted as far-reaching vehicles of psychological warfare directed specifically toward destabilizing Greece, a goal that appears to have been perceived by Ergenekon’s members as somehow advantageous to Turkish national interests. The websites included cameria.org, which openly promoted irredentist claims against northwestern Greek territories in pursuit of the creation of a “Greater Albania”. They also included greekmurderers.net that, according to the Ergenekon public indictment, was created and maintained using IP addresses belonging to the Turkish Ministry of National Defense [YEN 10]. At the time of writing, the case remains under examination by Turkish government prosecutors. Ongoing investigations have led to the arrest of at least one retired Turkish military officer, Ataman Yildirim, who was indicted in 2009 for creating and maintaining 35 of the propaganda websites [ANO 09b].

4.4. Formative experiences in information operations: intensifying cyber-attacks

Greek defense planners have been evaluating the Ergenekon revelations in the wider context of computer hacking and cyber-espionage operations against Greek government information networks and databases, which have intensified since 2007. Until that time, most cyber-attacks detected against the Greek state involved symbolic defacements of websites, perpetrated by individuals or groups using crude methodology and boasting ideological, but no operational, allegiance with foreign governments. The three-day attack by a group of Turkish self-described ‘Patriotic Hackers’ in 2006, which defaced and later disrupted the operations of several websites owned and operated by the Greek Ministry of National Defense, was typical of the pre-2007 period [ANO 10g, FIT 10b]. Since that time, cyber-attacks against Greek civilian and military networks have increased exponentially in frequency, technical sophistication and operational scope [FIT 10b]. In the last few months of 2010 alone, Albanian hackers disabled the Hellenic Centre for Marine Research network in Heraklion, Crete. This network operates POSEIDON, a leading maritime weather forecasting system that is consulted by merchant and civil transportation vessels transiting through Greek territorial waters [ANO 10e]. The Greek Ministry of National Defense also reported a ‘very skilled’ [ANO 10f] cyber-espionage attack against its online network, during which intruders managed to get into the code-protected part of the system and appeared to be specifically pursuing access to classified documentation. The Ministry’s cyber-defense system experts reportedly managed to repel the intrusion, but not without resorting to shutting down the entire network, causing severe operational problems across online defense systems nationwide [ANO 10g].

4.5. Formative experiences in information operations: the Öcalan affair

Several instances of cyber-attacks against Greek networks arguably go unreported or even undetected. Those that are reported would seem to indicate that Greek cyber-defense planners are gradually overcoming the naïveté that until recently plagued Greek conceptions of information operations. This naïveté was publicly displayed in February of 1999, when Turkish government forces captured Kurdish separatist leader Abdullah Öcalan.

Until 1998, Öcalan, founder of the Kurdistan Workers’ Party (PKK), which campaigns for the creation of a Kurdish State incorporating territories in Turkey’s southeastern Anatolia region, was based in Damascus, Syria. Due to concerted diplomatic pressure by Turkey and other NATO Member States, Öcalan was forced to abandon his Syrian command center and seek political asylum in a number of European countries, including Italy and Russia. Traveling clandestinely around Europe, he was eventually transported to Greece on January 30, 1998 on a private plane owned by a retired Greek military officer.

Despite the fact that Öcalan was wanted in Turkey for participating in armed attacks and for fomenting a bloody 15-year civil war that cost the lives of nearly 40,000 people [ANO 99b, KER 07], the Greek government chose to shelter the Kurdish separatist, eventually smuggling him into the compound of its Embassy in

Nairobi, Kenya. The decision was unfortunate on numerous levels, not least in ignoring Washington’s active interest in seeing Öcalan captured [WEI 99], and in overlooking the massive presence of over 100 US intelligence personnel in Nairobi in the aftermath of the bombing of the US Embassy there the previous August [FAL 09].

Soon after Öcalan’s arrival in Nairobi, on February 2, US intelligence officers placed the Embassy’s landline and cellular communications under surveillance, before tipping off Turkish and Kenyan authorities about the PKK leader’s whereabouts [FAL 09, WEI 99]. A few days later, a team consisting of members of Turkish Special Forces and officers of Turkey’s National Intelligence Organization (MİT) arrived secretly in Nairobi and were deployed around the Greek Embassy compound, guided by constant human and technical intelligence from the US side [NOM 10]. On February 15, a two-car convoy left the Greek Embassy for the Jomo Kenyatta International Airport in Nairobi, where Öcalan was scheduled to board a plane en route to Amsterdam, Holland. Unbeknownst to Greek officials, however, the Kenyan acting as Öcalan’s driver that day was secretly collaborating with American and Turkish intelligence. Shortly before reaching the airport, he suddenly changed course and drove Öcalan to Wilson Airport, a smaller airfield for light aircraft located at the southern outskirts of the Kenyan capital [FAL 09]. At Wilson Airport, Öcalan was delivered into the hands of Turkey’s MİT and was immediately flown, handcuffed and blindfolded, to Turkey, prompting a wave of national jubilation [WEI 99].

For Greece, the diplomatic and political fallout of Öcalan’s abduction by the MİT from the hands of Greek officials is difficult to overstate. The Turkish government’s public response to the capture appeared to have been prepared prior to Öcalan’s arrest. In scope and intensity it resembled the propaganda victory scored by the Soviet Union against the US following the 1960 U-2 Incident. Ankara supplied information to the Kurdish community implying that the Greek authorities had surrendered Öcalan to Turkey, prompting an unprecedented Kurdish wave of anti-Greek demonstrations and attacks against Greek embassies and consulates worldwide. On the international front, Turkey publicized intelligence showing details of the way in which the Greek authorities had smuggled the Kurdish leader into Greece and Kenya. The intelligence included a copy of a Cypriot diplomatic passport bearing Öcalan’s picture, confiscated from Öcalan’s by MİT officers following his arrest. The passport allowed the PKK leader to travel around the world under the assumed name of Lazaros Mavros. Interestingly, the Cypriot government later denied that the passport was diplomatic, but it did not address the question of its issuance [ANO 99a]. The stunning revelations led directly to a political crisis in Athens and the resignation of three senior Greek government ministers, while relations between Greece and Turkey plummeted to what was arguably their lowest level since the 1974 invasion of Cyprus [KER 07].

More importantly, the Öcalan affair displayed astonishing inexperience and staggering innocence about communications surveillance — and information operations in general — on behalf of Greek officials and Greece’s National Intelligence Service (EYP). Greek diplomats appeared to be unaware of the importance of forbidding the Kurdish leader to use his unencrypted cellular telephone while under their protection. They also failed to comprehend the degree to which their diplomatic communications were vulnerable to outside penetration. Remarkably, Athens’ instruction to its diplomats in Nairobi to transport Öcalan to the airport came via a call over an unprotected telephone line, in which a Greek government official used ‘code-words’ to tell the diplomats that Öcalan had to leave the embassy [THO 09].

The operational role of the Greek and Turkish intelligence services in the Öcalan affair appears to have been minimal, compared to that of the US [FAL 09]. The episode, however, showed Greek defense and intelligence planners that they had severely underestimated the degree to which Greece’s defensive info-dominance — that is, its ability to defend the integrity of its information and communications systems — had been compromised by the US, and possibly other countries. Contrasting Greece’s handling of Öcalan with that of Italy in this context is revealing: the Italians — though uneasy — chose to publicly reveal Öcalan’s presence in their country, even though the Kurdish leader had entered the country seemingly undetected, under an alias, using forged travel documents. Realizing the ominous merging of America’s strategic interests in Turkey and the Near East, and the panoply of the superpower’s technical collection capabilities, the Italian government consciously chose to handle Öcalan’s case via relatively open diplomatic and judicial channels. In contrast, Greece opted for a conventional secretive methodology that took no notice of the country’s informational vulnerabilities and landed Greek diplomacy one of its most damaging operational fiascos in recent history, while also exposing the Greek state to national and international condemnation [FIT 99].

4.6. Formative experiences in information operations: the Greek wiretapping case of 2004–2005

Shortly after the Öcalan fiasco, Greece may have once again become the target of America’s information operations arsenal. In the spring of 1999, US President Bill Clinton reportedly authorized the CIA to hack into the bank accounts of Slobodan Milosevic in Greece, Cyprus and Russia, and ‘waste’ the Yugoslav President’s personal funds [VOS 99].

Using computers to hack into a personal or corporate bank account and transfer funds by manipulating the SWIFT (Society for Worldwide Interbank Financial

Telecommunications) global financial messaging network is theoretically possible. The technical complexities involved in such an operation, however, raise doubts as to whether the action actually occurred [SIN 00]. Moreover, depending on the particular banks in Greece where the late Yugoslav President kept his private funds, such actions could constitute cyber-espionage against assets administered by the Greek state, which at the time was informally supporting Serbia’s position in the Yugoslav wars [HEN 06]. In any case, Greek, Cypriot and American officials have never directly commented on the CIA computer-hacking allegations.

A far more significant and damaging case of cyber-espionage erupted in Greece a year and a half after the 2004 Summer Olympic Games in Athens. On February 2, 2006, the Greek daily newspaper Ta Nea published allegations of a major security breach at the digital telephone exchanges of Vodafone Greece, the Greek subsidiary of London-based Vodafone Group, which is the world’s second-largest cellular telecommunications provider. Later on that same day, the Greek government publicly admitted that it had been aware of the breach for almost a year, but had kept it secret. It also acknowledged that the breach first occurred sometime before the 2004 Olympic Games and that it continued uninterrupted until it was uncovered on March 7, 2005 [SAM 10]. According to the information presented by the government, unknown culprits had surreptitiously installed complex software from inside Vodafone’s central traffic handling system, which compromised the privacy of over 100 cellular telephone numbers belonging to current and former Greek civilian and military officials and public figures. Telephone numbers affected by the breach included those of the prime minister, his wife, the foreign minister and his deputy, the ministers of justice, public order, and public works, the mayor of the city of Athens, most of the country’s senior police officers, the former minister of defense, the former head of EYP, as well as dozens of parliamentarians, journalists and other public figures [SAM 10, NOM 10].

What made the interception scheme so extensive and effective was that the software that facilitated it had been installed directly on four AXE (automatic cross-connection equipment) telephone exchanges manufactured and supplied to Vodafone by its chief hardware vendor, Ericsson Telecommunications, in collaboration with Athens-based Intracom Telecom [PRE 07, LEY 07]. The software, which consisted of nearly 6,500 lines of code, was essentially a rootkit, enabling its creators to access the system without being detected. Once installed and activated, most likely by a person inside Vodafone or Ericsson [SAM 10], the rootkit seamlessly duplicated and redirected cellular voice traffic to 14 prepaid and unregistered mobile telephones [BLU 09, SAM 10]. In doing so, it relied on pre-established traffic redirection functionality that is used to enable lawful interception of targeted telephone communications by Greek law enforcement and intelligence agencies [BLU 09]. The interception would most likely have continued indefinitely, had it not been detected by Ericsson technicians following complaints about undelivered short message service (SMS) texts by Vodafone Greece customers [SAM 10, TSA 04].

The rootkit was written in the PLEX (Programming Language for Exchanges) source code, a specialized programming language only common among highly trained digital switch software writers [FRA 08]. This led most expert observers, including Vodafone Greece CEO Giorgos Koronias, to deduce that “the perpetrators of the phone-tapping belong to the secret service of a major power” [FRA 08, SAM 10]. A subsequent technical study revealed that the antennae that facilitated the redirections of intercepted communications were located inside apartments in the vicinity of the US Embassy in Athens, giving some credence to the dominant theory that the interceptions were orchestrated by the CIA, the US National Security Agency, or both [NOM 10, SAM 10]. Such accounts, however, remain unconfirmed and therefore speculative [SAM 10].

The operation’s culprits aside, there has been fervent debate about the strong possibility that one or more technicians inside Vodafone or Ericsson were involved in the scheme. The debate intensified considerably after it was discovered that Vodafone executives first informed the government about the existence of the wiretaps on March 10, 2005, one day after Vodafone Greece network manager Costas Tsalikidis was found hanged in his Athens apartment [PRE 07, GAL 06]. Vodafone Greece has denied any connection between Tsakalidis’ apparent suicide and the company’s timing in informing the Greek government about the existence of the wiretaps [GAL 06]. Tsakalidis’ family insist that he was killed because he accidentally discovered the wiretaps; but Brady Kiesling, a retired US State Department diplomat who was stationed at the US Embassy in Athens for a total of nine years, has put forward the theory that Tsakalidis may have actually been employed by US intelligence as a ‘Trojan horse’ to install and activate the rootkit from inside Vodafone’s central traffic handling system [GAL 06]. Kiesling argues that Tsakalidis may have committed suicide once his role in the affair was discovered, “to protect his professional honor” [GAL 06].

Though important in a political sense, the identity of the culprits does not affect the operational significance of the wiretap conspiracy: its discovery marked the first known major infiltration of a cellular telephone system anywhere in the world; the entire scheme combined a degree of operational audacity and technical sophistication “rarely seen before or since” [PRE 07, SAM 10]. Furthermore, the exceptional nature and extent of penetration of Vodafone’s computers caused the biggest cyber-espionage scandal ever to engulf a major cellular telecommunications provider [PRE 07], with far-reaching implications for communications security in the deregulated wireless environment [FRA 08, FIT 03]. It also had an ‘immediate impact’ [FIT 10b] on Greek cyber-defense planners’ understanding of information security. For the first time in history, the Greek state publicly acknowledged that it had been subjected to a severe and protracted communications penetration affecting its executive, law enforcement, intelligence and military echelons [SAM 10]. By doing so, it also acknowledged its failure to protect its sensitive communications and the secrecy of internal decision-making processes about critical affairs of state at the highest levels of government [PRE 07, SAM 10].

Due to the technical methodology and the selected targets of the wiretapping case, Greek cyber-defense planners regarded it as a computer network exploitation operation, which had a direct and prolonged psychological impact on intelligence, military and civilian decision-makers in the country [FIT 10b]. Moreover, the series of computer forensic errors by Ericsson and Vodafone technicians, who essentially tipped off the perpetrators of the wiretaps before they could be detained [PRE 07], generated a new and ongoing process of technical negotiation between the EYP and the telecommunications industry in Greece, which remains classified, but which knowledgeable insiders describe as “fruitful [and] long overdue” [FIT 10b].

4.7. Emerging civilian information operations strategies

There is little doubt that the Öcalan affair, the 2004–2005 Vodafone wiretapping, and, more recently, the Ergenekon conspiracy caused great concern among Greek political decision-makers and defense planners alike. To some degree, this concern has proved constructive. This is because, though regrettable, the fallout from these experiences was both political and technological. It therefore vividly highlighted — even to non-experts — the need to reinterpret Greece’s traditional geopolitical concerns and strategic interests through the all-encompassing prism of the information society. “For the first time [after the exposure of the 2004–2005 Vodafone wiretapping] we were able to explain to the political leadership the significance of defending the country against network warfare”, says a Greek cyber-defense expert involved in national planning [FIT 10d]. “This was in the aftermath of the most serious espionage scandal in Greek history, so for the first time we had the impression that they were truly listening to us” [FIT 10d]. At the same time, a younger generation of technologically savvy political decision-makers is gradually taking control of Greek political institutions — a cathartic side-effect of the European sovereign debt crisis, which is washing away some of the old political power structures. These new leaders appear to be more aware of, and interested in, issues around information security and cyber-defense. A typical example is that of General Secretary of Telecommunications, Dr Socrates Katsikas, who joined the Ministry of Infrastructure, Transport and Networks in 2009 after having directed the graduate program on networked systems security at the University of Piraeus.

There is, therefore, a general sense among national planners in Greece’s cyber-defense community that, through the experiences detailed above, the country’s decision-making bodies have grown progressively aware of the country’s vulnerability to cyber-attacks, as Greece becomes increasingly reliant on computer networks [GRI 08, MAT 02]. It is probably too early to speculate about the precise shape of Greek cyber-defense and cyber-security in the years to come; as of 2010, the country’s civilian and military institutions did not subscribe to a common national cyber-security policy [ILI 10c]. This, however, is hardly unique in the field of cyber-security. Even the US, which is arguably among the global leaders in the field, did not operate on a formal concept of information warfare until 1992, while the three main branches of its military have only recently begun to explore the possibility of sharing a common information warfare doctrine [VEN 09]. Even after the tragic events of September 11, 2001, America’s civilian and military security planners have proved largely unable to work in partnership in securing civilian computer networks [ANO 10c, GRE 09].

The Greek state is no stranger to turf warfare and bureaucratic infighting. Cyber-defense planners are however encouraged by the pending National Communications Security Strategy (ESAE), which is currently in the legislative committee stage in the Greek Parliament. When enacted, the legislation will provide a much-needed institutional framework for the security of civilian information networks on a national scale. It is also expected to streamline, modernize and synchronize the multitude of institutional actors that are currently tasked with civilian information security [KAT 10]. The latter issue is considered to be of paramount importance by technical experts and policymakers, who view the current institutional setting as unproductive and lacking planning [KAT 10].

There are currently as many as 15 distinct agencies engaged in various aspects of protecting the content and infrastructure of civilian communications systems — often with largely overlapping functions. They include independent agencies, subject only to parliamentary oversight, such as the Authority for the Security of Communications Privacy (ADAE) and the National Telecommunications Commission (EETT). The latter appears to be responsible for a host of highly disparate tasks, such as digital signature verification systems and the maintenance of telecommunications networks during national emergencies [GRI 08]. They also include a number of more flexible ‘planning and action teams’, such as the Digital Awareness and Response to Threats (DART), that is vaguely tasked with “preventing and combating dangers related to new electronic information and communications technologies” [ANO 09a]. Its mission partly overlaps with that of the more specialized Computer Emergency Response Team (CERT), which provides incident response and security services to Greece’s National Research and Technology Network (GRNET). Greek cyber-security policy planners describe the current fragmentation of the country’s information security infrastructure as “incoherent and ineffective […], a remnant of Cold-War-era monolithic conceptions of analog communications security” [FIT 10c]. Many of these agencies will be “merged or altogether eliminated in the [ESAE] environment” [FIT 10c], while a new supervisory General Secretariat for Telecommunications Security will be created, which will act as a direct channel of communication between civilian cyber-defense agencies and the Office of the Prime Minister [GRI 08].

A central element in Greece’s emerging civilian information security strategy is the EYP, the country’s National Intelligence Service [ILI 10a]. The Service’s counterintelligence component will constitute one of the cornerstones of the country’s defense against network warfare in the ESAE environment. Operating under the Ministry of Interior, since 1992 the EYP has acted as the coordinating mechanism for securing the integrity of the government’s encrypted and unencrypted information infrastructure. In 2003, the service assumed responsibility for the classification of government communication networks, as well as information security (INFOSEC) and emission security (EMSEC or TEMPEST) duties. In 2008, a little over two years after the 2004–2005 Vodafone wiretapping was exposed, the EYP’s Fifth Directorate was designated Greece’s official national CERT. Its duties include the coordination of cyber-defense mechanisms against network warfare and cyber-terrorism on a national scale [ILI 09a, MAR 10, GRI 08].

Under the ESAE plan, the EYP will maintain its national CERT designation, but its duties will be cross-linked with those of two other civilian cyber-defense agencies, which also operate under the Ministry of Interior. The first of these will be the Civil Defense and Emergency Planning Directorate (PAM-PSEA), which is tasked with peacetime coordination of all emergency planning operations, through its network of bureaus and stations located throughout the country. The second will be the Informatics Development Service (YAP), which is responsible for overseeing the application of networked information systems in the public sector. This tripartite collaboration will be closely linked with a network of academic research teams throughout the country, such as the Information Security and Critical Infrastructure Protection Research Group of the Department of Informatics at Athens University of Economics. This group, which has been operational since 2000, currently coordinates research from four Greek higher education research centers, and aspires to create the nation’s first National Center for Excellence in Critical Infrastructure Protection [KAL 10].

The question, however, remains as to whether, in order to adequately fulfill its National CERT mission, the EYP will be made to undergo a painful period of internal reform. The EYP has undergone three substantial reorganizations since Greece’s political changeover to democracy, after the military junta of 1967–1974, the most recent of which was in 2008, when it was assigned its national CERT duties [NOM 10]. In 2010, as part of its national CERT obligations, the EYP participated in a national cyber-defense simulation exercise for the first time, along with several academic, civilian and military agencies. Its contribution to the exercise was deemed positive [ILI 10a], though insiders criticized it as an instance of ‘too little, too late’, and accused it of exhibiting a “turf-war mentality against [Greek] law enforcement and [military] agencies”, which are often “ahead of the game” in cyber-defense [FIT 10c]. More clouds appeared to gather on the horizon for the EYP in January of 2011, when British newspaper The Guardian published a confidential report sent from the US Embassy in Athens to the US Department of State, leaked though the international whistleblower organization WikiLeaks. In the communiqué, the US Ambassador to Greece, Daniel V. Speckhard, provided details of a January 22, 2010, closed-door meeting with Greece’s Minister for Citizen Protection at the time, Michalis Chrysohoidis. According to Ambassador Speckhard, the Minister, then a member of the ruling Panhellenic Socialist Movement (PASOK) party, “severely criticized the state of EYP”, saying bluntly that “EYP is nothing”, and that “[i]t does not serve its mission of protecting Greece and in fact is dangerous to national security because of its many shortcomings, not the least of which is a unionized labor force”. He continued saying that he intended to “collapse and rebuild [the service] via a draft law that is in the process of being drawn up” [SPE 10]. What is arguably even more interesting is Chrysohoidis’ response to the WikiLeaks revelations. Speaking on the day after the revelations, the PASOK politician rejected the revelatory tone of the disclosure, saying that the opinions expressed in the leaked US Embassy communiqué constituted summations of opinions he had previously expressed in public. He went on to state that the EYP was in a “sad state of affairs” when he assumed his cabinet position in October 2009, and that the service “did not serve its [stated] function of protecting the country”, but that “several things have improved since that time” [ANO 11a].

Chrysohoidis’ statements about the EYP are characteristic of opinions held by many Greek parliamentarians and government executives. They stem from the EYP’s less-than-honorable record prior to the country’s political changeover to democracy in 1974, as well as from its chronic subservience to Washington during most of the Cold War. These two issues have stained the service’s image among large segments of the Greek public and have raised doubts about its operational independence from Washington and NATO. These issues have thus placed an unfortunate ideological wedge between the EYP and the public-at-large, which is far from removed today despite over two decades of socialist rule since 1981. Consequently, inside observers maintain that government reforms aimed at enhancing the EYP’s role in national cyber-defense must include concerted efforts to raise the service’s public profile and to strengthen society’s confidence in the EYP’s institutional values and national mission [FIT 10d].

4.8. Emerging military information operations strategies

In contrast to the EYP, whose historical relations with Greece’s political leadership and the broader civil society have been awkward and strained, the country’s military forces enjoy a somewhat more positive image, which translates to superior funding opportunities and a greater degree of political influence. Consequently, Greek policy planners have been more receptive to the military’s viewpoint on information operations, as opposed to its civilian counterpart in the form of the EYP [NAC 03, MAT 02]. At the same time, the susceptibility of policy planners to military views of cyber-warfare can be partly attributed to the ability of Greek defense experts to advocate such views within the context of the country’s established foreign policy patterns and strategic concerns, as outlined in previous sections of this chapter.

Greece’s emerging information operations doctrine, therefore, reflects the widely established notion of cyberspace as the fifth domain of warfare (after sea, land, air and space), but tends to focus on those features of cyber-warfare that are seen as having the potential to offer solutions to the country’s strategic priorities, primarily in relation to Turkey. One such priority is maintaining Greece’s vigorous defensive and — to a somewhat lesser extent — pre-emptive posture in the ongoing low-intensity conflict with its eastern neighbor, while simultaneously exploring political, diplomatic and economic avenues to rapprochement and reconciliation. Information operations or, in times of crisis, information warfare, entail the promise of clandestine preparations for war, or the conduct of clandestine war, in what Carl von Clausewitz called “conditions of civilization” [CLA 80]. More specifically, the development of a technologically robust information warfare arsenal does not preclude, nor does it prohibit, the gradual development of healthy bilateral relations between strategic rivals. In the particular context of Greek–Turkish strategic relations, the anticipatory (preventive or pre-emptive) aspects of information operations are in agreement with broader efforts by Greek military planners to steer the country’s military thinking toward offense-oriented strategic concepts [FIT 10a].

The underlying technological component embedded in the concept of information operations is also attractive to Greek military planners, who view it as a vehicle through which Greece can reinvigorate its geopolitical dynamic and rise above its national insecurities and inhibitions. This view is further strengthened by the ‘demographic problem’, explained previously in section 4.2. The destabilizing impact of this crucial social indicator on the sheer size of the armed forces of tiny Greece, in relation to those of Turkey (NATO’s second-largest) is both evident and drastic, and helps direct Greek defense planning toward the asymmetrical promise of technologically-based balancing solutions [FIT 10a]. One such example is the concept of ‘information network war fighting’, which allows a technologically enhanced “platoon of just thirty soldiers to effectively control and achieve superiority over a space that in the Napoleonic era would need a 1,200 men-strong regiment for its control” [DEL 07]. Greek military planners have been among the first in the world to engage in the practical aspects of this concept, which is viewed as critical in reforming the country’s conscription-based territorial army into a permanent fighting force consisting mostly of professionals. Information network war fighting is the driving force behind the country’s ongoing strategy to reduce its armed forces from 160,000 to around 80,000 in the next few years, of which over 75% will consist of professional combatants [MAT 02].

The merits of the strategic thinking informing the land forces reduction plan have been strengthened by the severe impact of the European sovereign debt crisis, which has placed near-unprecedented financial constraints on Greece’s economy. Since 1974, which saw a drastic turn toward internal balancing in Greek strategic thinking, Greece has consistently maintained the highest proportional defense spending of any NATO Member State, and one of the highest in the world [GRA 09, NAC 03]. At the turn of the 21st Century, as much as 5% of the country’s active labor force was employed in military and military-related industries [NAC 03]. Greece’s economy has suffered from the high cost of military equipment imports, however, which account for 95% of its overall military equipment procurement. This highlights the difficulties involved in trying to maintain a “modern, efficient arms industry” in conditions of a “diminutive domestic market” [NAC 03]. As the financial crisis continues to exert a heavy toll on the Greek economy, and as the weight of the country’s productive sector shifts from state-owned industries to the private sector, the reduction in the country’s defense budget will have a direct impact on its strategic thinking. In 2010 alone, the government announced a 22% reduction in its non-discretionary defense budget, a trend that is expected to continue [DAL 10]. Under these financial constraints, Greek military planners are rapidly gravitating toward the concept of information operations as a method by which to maintain Greece’s internal balancing requirements in conditions of sustained economic recession [FIT 10a]. Greek advocates of information operations as a strategic equalizing option point to the examples of regional powers, such as Israel and Estonia, who boast some of the world’s most effective cyber-defense arsenals despite their relatively small size [ANO 10b].

The operational epicenter of Greece’s military information operation strategies is the Cyberdefense Directorate (DIKYV), administered by the Hellenic National Defense General Staff [ILI 09a]. In 2000, when it was officially established as a unit, it was one of the first of its kind in the world [PAV 10]. In 2003, its status was upgraded to that of a department, and a year later it was upgraded again, this time to a directorate, operating under the research and informatics division (DEPLI) of the Hellenic National Defense General Staff. With a permanent staff of around 100, trained mostly in the US and Western Europe, DIKYV is responsible for maintaining and refining the technical capabilities that are necessary to protect the digital information and communications infrastructure of the Hellenic Armed Forces in times of peace and war. Its tasks involve both preventive and responsive components, in the form of network penetration tests and incident handling, conducted through a number of Cyberdefense Rapid Reaction Teams. Furthermore, it organizes and facilitates institutional training on cyber-defense for members of the Hellenic Armed Forces, and conducts web information intelligence activities with an eye to coordinating cyber-defense on a national scale, involving the participation of both military and civilian institutional actors [PAV 10].

In November 2009, DIKYV was among the participants of Cyber Coalition 2009 (NCDEx 09), NATO’s second-ever Alliance-wide cyber-warfare exercise, which involved several simulated scenarios of multiple, simultaneous cyber-attacks against military and civilian facilities in NATO Member States. DIKYV also coordinated the participation of several Greek government ministries and academic research centers in the exercise. This participation was deemed highly successful, as Greece was one of only two NATO Member States to participate in all of the exercise’s seven attack scenarios. The Greek team was crucial in helping deflect three of the attacks, while it was alone in successfully combating one of the scenarios [PAV 10]. This successful presence was largely replicated in November of the following year, during NCDEx 10, when Greece’s EYP participated for the first time along with DIKYV [FIT 10d]. The NCDEx experience prompted DIKYV to organize and coordinate Greece’s first-ever nationwide cyber-defense exercise, which took place in May 2010. Code-named PANOPTIS 2010, the exercise brought together a host of institutional actors from the Greek military, law enforcement and intelligence communities for the first time. Among the participants were 18 centers of higher education, several government ministries, the EYP, GRNET, most government agencies engaged in protecting the content and infrastructure of civilian communications, as well as the Office of the Prime Minster and the Technical Chamber of Greece [PAV 10]. Despite its largely experimental character, PANOPTIS 2010 was largely successful in repelling the majority of the attack scenarios [KAL 10]. It was also actively supported by the chiefs of staff of the Hellenic Armed Forces, including the chairman of the Joint Chiefs of Staff, who participated in a scheduled visit to the PANOPTIS operational headquarters [ILI 10c].

As with any other constituent of modern military bureaucracy, DIKYV has had to fight for its existence and justify its operational mission to both military and civilian leaders. In one anecdotal episode that took place some years after DIKYV’s establishment, the directorate’s technical experts had to argue against a report advocating for DIKYV’s dismantling on the grounds of its ‘strategic irrelevance’ [FIT 10a]. Moreover, observers maintain that DIKYV remains underfunded and understaffed [ILI 09b, ILI 10b]. Judging by recent developments within the Hellenic National Defense General Staff, however, it seems safe to state that DIKYV’s operational mission has been secured, and that the directorate’s future is relatively promising. In January 2011, Greece’s Ministry of National Defense announced the formation of a new National Cyberdefense Authority, based on the conclusions of a report commissioned by DIKYV [ILI 11a]. A month later, the Greek Minister of National Defense announced in parliament that DIKYV’s operational role would be upgraded from a directorate to that of a command, and would “assume a central role in protecting the nation from cyberwarfare attacks” [ILI 11b]. The minister refused to provide further information, saying that the details of the pending upgrade were “highly classified”. Knowledgeable observers, however, believe that the announcement is directly related to the planned formation of the National Cyberdefense Authority, and that DIKYV rather than the EYP had been selected to spearhead the new effort [ILI 11b]. What is more, the announced changes may open the door to further modernization, including increased funding for DIKYV, the hiring of larger numbers of technical specialists and the establishment of a cyber-defense training center, which has been a longtime request of Greek cyber-defense advocates [ILI 10c, ILI 11b].

4.9. The European Union dimension in Greek information operations

Greece’s announcement of the formation of a National Cyberdefense Authority follows closely on the heels of organizational standards set by NATO [ILI 11a]. This should be viewed as indicative of the manner in which Greece’s international alliances and obligations, whether civilian or military, affect its internal national strategy on information operations. In addition to NATO, the EU — of which Greece has been a full member since 1981 — is gradually emerging as an international force shaping Greek conceptions of information operations, both legislatively and operationally. An important aspect of this is Greece’s central role in establishing, hosting and funding the European Network and Information Security Agency (ENISA). ENISA’s establishment was first proposed by the European Commission in early 2003, and was officially adopted by the European Council in February 2004 [WES 04]. The Agency’s existence remains tentative: it was initially given a five-year mandate, which was extended for a further three years in 2009 [UKH 10]. Its stated mission is to promote cyber-security standards and certification systems across the EU, and to operate as a rapid reaction mechanism against cyber-attacks across this area [WES 04].

The Agency’s operational success can be described as limited, or, as one insider put it “not the biggest success story of all time” [UKH 10]. There are several reasons that critics cite this, including the differing levels of development in informatics across EU Member States, as well as ENISA’s chronic understaffing, which some judge to be as much as 60% behind requirements [UKH 10, ANO 10b]. Despite this, Greek cyber-defense experts were thrilled when, in 2003, the European Council voted to locate the Agency in Greece, in a move that some in the Greek cyber-defense community say recognized the country’s constructive international presence in the field [FIT 10c]. It is worth noting, however, that some individuals in ENISA were disillusioned by the Greek government’s decision to base the Agency’s headquarters in Heraklion, the largest city in Crete, Greece’s largest island. The idea behind the decision was to establish links between ENISA and the Greek Foundation for Research and Technology, which is also located in Heraklion [UKH 10]. The outcome of the move, however, was to give ENISA the ambiguous distinction of being the EU’s most physically remote agency. Its headquarters is now located almost 2,500 km from Brussels, which some critics say has affected recruiting and keeps staff away from important research and policy centers in northern Europe [UKH 10]. In 2009, the Greek government responded to these criticisms by independently funding the establishment of an ENISA branch in Athens, which has somewhat pacified critics and has kept ENISA in Greece [UKH 10]. Despite its mixed record, ENISA’s presence in Crete has elevated Greece’s international cyber-defense presence and has enabled the country to assume a central role in facilitating inter-European cyber-defense collaboration. This was illustrated during Cyber Europe 2010, the EU’s first-ever large-scale cyber-attack simulation exercise, which was conducted with the participation of all 27 EU Member States and several other nations. The exercise was organized by ENISA from Heraklion and Athens, placing both Greek cities on the cyber-defense map, in the same way that the efforts of NATO’s Cyber Defense Center of Excellence in Tallinn have elevated Estonia’s status in the cyber-defense universe [ANO 10d].

4.10. Conclusion

Greece’s geopolitical importance is such that the country’s approach to information operations and cyber-warfare matters within several international contexts, including those of maritime transportation, banking, energy, telecommunications, the Balkans, the Middle East, NATO and the EU. Although Greek conceptions of information operations and cyber-warfare are still emerging, it is safe to say that they will continue to be decisively shaped by the country’s distinct historical experiences and strategic concerns, particularly in relation to its geopolitical archrival Turkey.

The asymmetrical promise embedded in the concept of information warfare appeals to Greek defense planners, who seek:

– ways of maintaining Greece’s internal military balance;

– to combat the growing demographic gap between Greece and Turkey; and

– to reinvigorate Greece’s geopolitical dynamic without directly antagonizing the Turkish military.

These broader strategic parameters have been revised through the prism of several formative experiences in information operations, including — but not limited to — the Öcalan affair, the Vodafone wiretapping of 2004–2005, and the Ergenekon conspiracy. Although damaging Greece’s reputation in exposing substantial gaps in its defensive info-dominance, these experiences have also proved constructive in highlighting — even to non-experts — the urgent need to reinterpret Greece’s traditional geopolitical concerns and strategic interests through the all-encompassing prism of the information society. These experiences have therefore helped make the country’s decision makers progressively aware of the country’s vulnerability to information operations.

This awareness has resulted in a two-fold reorganization of Greece’s cyber-defense structure:

– the pending National Communications Security Strategy (coordinated by the EYP, Greece’s National Intelligence Service); and

– the pending formation of a National Cyberdefense Authority (coordinated by DIKYV, the Hellenic Armed Forces’ Cyberdefense Directorate).

These initiatives represent the civilian and military facets of Greece’s new cyber-defense structure that, in times of crisis, will be directly coordinated by the Office of the Prime Minister through a new General Secretariat for Telecommunications Security. Judging by recent developments, it appears that the military has the upper hand in shaping Greece’s doctrine of information operations, though the role and influence of the country’s civilian intelligence agency, the EYP, should not be underestimated. Finally, Greece’s NATO and EU membership does, to some extent, influence the country’s conceptions of information operations, both legislatively and operationally. This is exemplified by Greece’s central role in establishing, hosting and funding ENISA, the EU’s network and information security agency.

At the time of writing, Greece is experiencing the most severe economic crisis in the country’s postwar history. The path of this crisis, which is developing in the context of a wider, severe financial downturn for the economies of the West, is both unchartered and unpredictable. As such, its impact on Greece’s security and cyber-defense doctrines is extremely uncertain and does not lend itself to any obvious conclusions. As late as February 2012, over two years after the onset of the economic crisis, Greece’s spending on military infrastructure had remained largely intact, despite the severe austerity measures that were implemented to stabilize the country’s substantial budget deficit. Moreover, the senior planning leadership of Greece’s National Defense Department had remained largely intact, even following the collapse of George Papandreou’s PASOK government in November 2011. It remains doubtful whether its replacement by a tri-party unity coalition, led by technocrat international banker Lucas Papadimos, will prove powerful enough to implement substantial changes — budgetary or otherwise — in the armed forces.

At the current juncture it would be unrealistic to expect drastic changes in Greek defense planning, especially when it comes to those aspects deemed strategically critical, such as air power. It has been noted that “Greece currently spends more on defense, as a percentage of gross domestic product than any other EU member, including the United Kingdom, which maintains a global defense reach, and Poland, which sees itself as needing to be ready to hold out against the vastly superior Russian army” [MES 10]. Despite severe economic and social pressures, there is currently little indication that this reality may be about to change. In April 2010, Athens attempted, for the first time since the onset of the economic crisis, to put forward an official proposal for bilateral defense cuts to Ankara. During a minisummit held in Athens on May 14 of that year, Greek officials suggested a 25% mutual cut in defense spending. Perhaps predictably, the Turkish side — which is most definitely not under the pressure of a pending economic collapse — did not consent to the Greek proposal [MES 10]. This may change, however, depending on whether Turkey’s regional ambitions prompt it to outgrow its rivalry with Greece, in pursuit of broader geopolitical interests in the Middle East, the Caucasus and beyond.

The spiraling economic pressures on Greek society may ultimately increase the government’s role in economic planning. This could in turn transform the military into a political vehicle for alleviating high unemployment among the younger generations. In this case, Greek military and security planners are likely to turn toward low-technology, high-personnel models of defense posturing. On the diametrically opposite side of the forecasting spectrum, a rapidly imploding Greek economy could drive defense planners to seek highly innovative technological solutions to regional security challenges. This could gradually transform the Greek armed forces into an experimental hotbed of pioneering cyber-defense doctrines within existing NATO structures — similar perhaps to the case of Estonia after 2007. Greece’s history, both ancient and modern, features numerous examples of groundbreaking warfare innovation. No serious student of history would be genuinely surprised if yet another groundbreaking military innovation was to come out of Greece in the next few decades.

4.11. Bibliography

[ANO 09a] ANONYMOUS, What is DART?, Digital Awareness and Response to Threats, Athens, 2009.

[ANO 09b] ANONYMOUS, Turkish General Staff Behind Anti-Hellenic Websites, Strategy Report, November 4, 2009 (in Greek).

[ANO 10a] ANONYMOUS, Turkey: Guide to Ergenekon, Open Source Center, Office of the Director of National Intelligence, Washington, DC, March 19, 2010.

[ANO 10b] ANONYMOUS, “Cyberwar”, The Economist, July 1, 2010.

[ANO 10c] ANONYMOUS, “Cyberwar: war in the fifth domain”, The Economist, July 1, 2010.

[ANO 10d] ANONYMOUS, “EU cyberdefence exercise mirrors US trials”, Security & Defense Agenda, November 5, 2010.

[ANO 10e] ANONYMOUS, “Sustained hacker attack on the Hellenic Centre for Marine Research”, SecNews, November 10, 2010 (in Greek).

[ANO 10f] ANONYMOUS, “Cyberattack on the Ministry of National Defense”, Strategy Report, December 3, 2010 (in Greek).

[ANO 10g] ANONYMOUS, “Attack by unknown hackers on the Ministry of Defense”, Press Time, December 13, 2010 (in Greek).

[ANO 11a] ANONYMOUS, “Michalis Chrysohoidis: WikiLeaks ‘Revelations’ are known public statements”, To Vima, January 12, 2011 (in Greek).

[ANO 11b] ANONYMOUS, “No agreements under threat”, Eleftherotypia, February 25, 2011.

[ANO 99a] ANONYMOUS, Turkish Propaganda Against Cyprus is Rejected, Press Office, Permanent Mission of the Republic of Cyprus to the United Nations, February 24, 1999.

[ANO 99b] ANONYMOUS, Text of the Öcalan Verdict, BBC, June 29, 1999.

[AYD 04] AYDIN M., K. IFANTIS K., “Introduction”, in AYDIN M., IFANTIS K., Turkish-Greek Relations: The Security Dilemma in the Aegean, Routledge, London, 2004.

[BAK 10] BAKOYANNIS D., “Europe and Greece: The crisis as an opportunity”, Konrad Adenauer Stiftung Foundation, Berlin, June 2010 (in Greek).

[BLU 09] BLUNDEN B., The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, Worldware Publishers, Plano, US, 2009.

[CHA 11] CHAROUNTAKI M., The Kurds and US Foreign Policy: International Relations in the Middle East since 1945, Routledge, London, 2011.

[CLA 80] CLAUSEWITZ C., Vom Kriege, W. Hahlweg, Bonn, 1980.

[DAL 10] DALOUMIS I., “22% Reductions in defense spending”, Isotimia, January 9, 2010 (in Greek).

[DEK 03] DEKMEJIAN R.H., SIMONIAN H.H., Troubled Waters: The Geopolitics of the Caspian Region, I.B. Tauris, London, 2003.

[DEL 07] DELIBASIS D., The Right to National Self-Defence in Information Warfare Operations, Arena Books, Bury St. Edmunds, UK, 2007.

[DEM 99] DEMESTICHAS G., “Greek security and defense policy in the eastern Mediterranean”, in STAVROU N.A., Mediterranean Security at the Crossroads: A Reader, Duke University Press, Durham, NC, 1999.

[FAL 09] FALIK O., KROITORU H., “The internationalization of suicide terrorism”, in MORGENSTERN H., FALK O., Suicide Terror: Understanding and Confronting the Threat, John Wiley & Sons, Hoboken, USA, 2009.

[FAL 10] FALLIERE N., Stuxnet Introduces the First Known Rootkit for Industrial Control Systems, Symantec, August 6, 2010.

[FIT 99] FITSANAKIS J., Here’s How We Lost Him, Macedonia, March 14, 1999 (in Greek).

[FIT 03] FITSANAKIS J., “State-sponsored communications interception: facilitating Illegality”, Information, Communication and Society, vol. 6, pp. 403-428, 2003.

[FIT 10a] FITSANAKIS J., Interview with Hellenic National Defense General Staff and North Atlantic Treaty Organization Official, October 2010.

[FIT 10b] FITSANAKIS J., Interview with Digital Awareness and Response to Threats Member, August 2010.

[FIT 10c] FITSANAKIS J., Interview with Research and Informatics Division Official, Hellenic National Defense General Staff, October 2010.

[FIT 10d] FITSANAKIS J., Interview with Hellenic National Intelligence Service Official, August 2010.

[FRA 08] FRANCESCHETTI G., GROSSI M, “Homeland security technology challenges”, in Sensing and Encrypting to Mining and Modeling, Artech House, Boston, MA, 2008.

[GAL 06] GALPIN R., Death Muddies Greek Spy Probe, BBC, March 24, 2006.

[GRA 09] GRAMATIKOV P., “Bulgarian energetics management and environmental security”, in STEC S., BESNIK B., Energy and Environmental Challenges to Security, Springer, Dordrecht, 2009.

[GRE 09] GREENBERG A., Top Cyber Official Sounds Off, Forbes, March 9, 2009.

[GRI 08] GRITZALIS D., MITROU N., SKOULARIDOU V., Protection of Critical Information and Communication Infrastructure in Public Administration: Strategic Design, eGovForum, Athens, 2008 (in Greek).

[GÜN 05] GÜNLÜK-ŞENESEN G., “An Analysis of the action-reaction behavior in the defence expenditure of Turkey and Greece”, in ÇARKOğLU A., RUBIN B.M., Greek-Turkish Relations in an Era of Détente, Routledge, London, 2005.

[HAD 99] HADJIDIMOS K., The Role of the Media in Greek-Turkish Relations, Robert Bosch Foundation, Stuttgart, 1999.

[HEN 06] HENTEA C., Balkan Propaganda Wars, Scarecrow Press, Lanham, MD, 2006.

[ILI 09a] ILIADES M., “Ankara shielded from cyberwar”, O Kosmos tou Ependiti, September 26, 2009 (in Greek).

[ILI 09b] ILIADES M., “Paramilitary internet warriors”, O Kosmos tou Ependiti, September 26, 2009 (in Greek).

[ILI 10a] ILIADES M., “National cyberdefense exercise in Greece”, O Kosmos tou Ependiti, April 1, 2010 (in Greek).

[ILI 10b] ILIADES M., “Habemus cyberdefense”, O Kosmos tou Ependiti, May 8, 2010 (in Greek).

[ILI 10c] ILIADES M., “Panoptes deflected the attack”, O Kosmos tou Ependiti, May 29, 2010 (in Greek).

[ILI 11a] ILIADES M., “Green light for a National Cyberdefense Authority in Greece”, O Kosmos tou Ependiti, January 21, 2011 (in Greek).

[ILI 11b] ILIADES M., “A Step Forward”, O Kosmos tou Ependiti, February 19, 2011 (in Greek).

[KAL 10] KALYVIOTOU M., “A war in cyberspace”, Avgi, July 31, 2010 (in Greek).

[KAT 10] KATSIKAS S., “Toward a national strategy of communications security”, Workshop on Coordinated Supervision and Administration of Security and Privacy in the Greek Territory, Hellenic Ministry of Infrastructure, Transport and Networks, Athens, October 2010.

[KER 04] KERIDIS D., PERRY C.M., Defense Reform, Modernization, and Military Cooperation in Southeastern Europe, Brassey’s Inc., Dulles, VA, 2004.

[KER 07] KER-LINDSAY J., Crisis and Conciliation: A Year of Rapprochement between Greece and Turkey, Palgrave Macmillan, New York, NY, 2007.

[KOF 03] KOFAS J.V., Under the Eagle’s Claw: Exceptionalism in Postwar US-Greek Relations, Praeger, Westport, CT, 2003.

[KON 88] KONDYLIS P., Theory of War, Themelio, Athens, 1988 (in Greek).

[LEY 07] LEYDEN J., “Greek mobile wiretap scandal unpicked”, The Register, July 11, 2007.

[LIV 10] LIVIERATOS D., “Greek capitalism today”, Kokkino, no. 49, July 2010 (in Greek).

[LUF 09] LUFT G., KORIN A., Energy Security Challenges for the 21st Century, Praeger Security International, Santa Barbara, CA, 2009.

[MAR 10] MARINAKIS G., “Security of national communication and information systems: 5th Directorate, Hellenic National Intelligence Service”, Workshop on Coordinated Supervision and Administration of Security and Privacy in the Greek Territory, Hellenic Ministry of Infrastructure, Transport and Networks, Athens, October 2010.

[MAT 02] MATHIOPOULOS M., “Greece ventures onto new ground: the new Greek security and defense policy, 2000-2015”, in GYARMATI I., WINKLER T., Post-Cold War Defense Reform: Lessons Learned in Europe and the United States, Bassey’s Inc., Washington, DC, 2002.

[MES 10] MESSINIS A., “Greece: Defense Spending and the Financial Crisis”, StratFor, April 29, 2010.

[MOU 07] MOURITZEN H., WIVEL A., The Geopolitics of Euro-Atlantic Integration, Routledge, London, 2007.

[NAC 03] NACHMANI A., Turkey: Facing a New Millennium, Coping with Intertwined Conflicts, Manchester University Press, Manchester, 2003.

[NIC 11] NICHOL J., Armenia, Azerbaijan and Georgia: Political Developments and Implications for US Interests, Defense Technical Information Center, Ft. Belvoir, VA, USA, 2011.

[NOM 10] NOMIKOS J., LIAROPOULOS A., “Truly reforming or just responding to failures? lessons learned from the modernisation of the Greek National Intelligence Service”, Journal of Policing, Intelligence and Counter Terrorism, vol. 5, pp. 28–41, 2010.

[PAV 10] PAVLIDES A., “Cyberdefense”, Cyberdefense in the Service of National Strategy Workshop, Hellenic National Defense General Staff, Athens, December 2010.

[PRE 07] PREVELAKIS V., SPINELLIS D., “The Athens affair”, IEEE Spectrum, July 2007 (online).

[SAM 10] SAMATAS M., “The Greek Olympic phone tapping scandal: A defenceless state and a weak democracy”, in HAGGERTY K.D., SAMATAS M., Surveillance and Democracy, Routledge, Abingdon, 2010.

[SIN 00] SINAI T., The New Security Threats — Cyberterror: An Assessment, GRIN Verlag, Norderstedt, 2000.

[SPE 10] SPECKHARD D.V., Citizen Protection Minister Upbeat on Reorganization, Cooperation, Embassy of the United States of America in Athens, January 29, 2010.

[TAG 09] TAGARINSKI M., AVIZIUS A., “Energy security for the Euro-Atlantic region”, in STEC S., BESNIK B., Energy and Environmental Challenges to Security, Springer, Dordrecht, 2009.

[TAY 03] TAYFUR M.E., Semiperipheral Development and Foreign Policy: The Cases of Greece and Spain, Ashgate, Aldershot, 2003.

[THO 09] THOMAS G., Gideon’s Spies: the Secret History of the Mossad, Thomas Dunne, New York, NY, 2009.

[TSA 04] TSAKONAS P.J., DOKOS T.P., “Greek-Turkish relations in the early twenty-first century: a view from Athens”, in MARTIN L.G., KERIDIS D., The Future of Turkish Foreign Policy, MIT Press, Cambridge, MA, 2004.

[UKH 10] UK House of Lords, “Protecting Europe against large-scale cyber attacks”, 5th Report of Session 2009-10, Government Stationery Office, London, 2010.

[VEN 09] VENTRE D, Information Warfare, ISTE, London, John Wiley & Sons, New York, 2009.

[VOS 99] VOSTICA G., “Cyberwar and Sabotage”, Newsweek, May 31, 1999.

[WEI 96] WEISS G., “The farewell dossier: duping the Soviets”, Studies in Intelligence, vol. 35, no. 5, pp. 121–126, 1996.

[WEI 99] WEINER T., “US helped Turkey find and capture Kurd rebel”, The New York Times, February 20, 1999.

[WES 04] WESTBY J.R., International Guide to Cyber Security, The American Bar Association, Chicago, IL, USA, 2004.

[YEN 10] YENILMEZ C., “Propaganda websites used defense ministry IPs”, Today’s Zaman, May 1, 2010.

1 Chapter written by Joseph FITSANAKIS.

1 See United Nations 2007 Review of Maritime Transport: http://www.unctad.org/en/docs/rmt2007_en.pdf and also British Embassy in Athens’ publication Marine Sector Report in Greece” (2009), section 1.2: available at http://www.britishmarine.co.uk/pdf/Marine%20Sector%20Report%20Greece%20May%202009.pdf.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 4: Digital Sparta: Information Operations and Cyber-warfare in Greece

Create new playlist

Sign In

Sign Up

Chapter 4Digital Sparta: Information Operations and Cyber-warfare in Greece 1