NATO and cyber defence
Against the background of rapidly developing technology, NATO is advancing its efforts to confront the wide range of cyber threats targeting the Alliance’s networks on a daily basis.
NATO’s Strategic Concept and the 2010 Lisbon Summit Declaration recognise that the growing sophistication of cyber attacks makes the protection of the Alliance’s information and communications systems an urgent task for NATO, and one on which its security now depends.
On 8 June 2011, NATO Defence Ministers approved a revised NATO Policy on Cyber Defence – a policy that sets out a clear vision for efforts in cyber defence throughout the Alliance.
The revised policy will offer a coordinated approach to cyber defence across the Alliance with a focus on preventing cyber attacks and building resilience. All NATO structures will be brought under centralised protection, and new cyber defence requirements will be applied. The policy clarifies political and operational mechanisms of NATO’s response to cyber attacks, and integrates cyber defence into NATO’s Defence Planning Process. It also sets out the framework for how NATO will assist Allies, upon request, in their own cyber defence efforts, with the aim to optimise information sharing and situational awareness, collaboration and secure interoperability based on NATO agreed standards. Finally, the policy sets the principles on NATO’s cyber defence cooperation with partner countries, international organisations, the private sector and academia.
In parallel, an Action Plan was adopted, which will serve as the tool to ensure the policy’s timely and effective implementation.
Principal cyber defence activities
Coordinating and advising on cyber defence
The NATO Policy on Cyber Defence will be implemented by NATO’s political, military and technical authorities, as well as by individual Allies. According to the revised policy, the North Atlantic Council provides the high level political oversight on all aspects of implementation. The Council will be apprised of major cyber incidents and attacks and exercises principal decision-making authority in cyber defence related crisis management. The Defence Policy and Planning Committee provides Allies’ oversight and advice on the Alliance’s cyber defence efforts at the expert level. At the working level, the NATO Cyber Defence Management Board (CDMB) has the responsibility for coordinating cyber defence throughout NATO Headquarters and its associated commands and agencies. The NATO CDMB comprises the leaders of the political, military, operational and technical staffs in NATO with responsibilities for cyber defence. The NATO CDMB operates under the auspices of the Emerging Security Challenges Division in NATO HQ (i.e. Chairmanship and staff support).
The NATO Consultation, Control and Command (NC3) Board constitutes the main body for consultation on technical and implementation aspects of cyber defence.
The NATO Military Authorities (NMA) and NATO’s Consultation, Control and Command Agency (NC3A) bear the specific responsibilities for identifying the statement of operational requirements and acquisition and implementation of NATO’s cyber defence capabilities.
Lastly, the NATO Communication and Information Services Agency (NCSA), through its NCIRC Technical Centre, is responsible for provision of technical and operational cyber security services throughout NATO. The NCIRC has a key role in responding to any cyber aggression against the Alliance. It provides a means for handling and reporting incidents and disseminating important incident-related information to system/ security management and users. It also concentrates incident handling into one centralised and coordinated effort, thereby eliminating duplication of effort.
Assisting individual Allies
Prior to the cyber attacks against Estonia in 2007, NATO’s cyber defence efforts were primarily concentrated on protecting the communication systems owned and operated by the Alliance. As a result of the attacks, which were directed against public services and carried out throughout the internet, NATO’s focus has been broadened. NATO has developed and will be continuously enhancing mechanisms for assisting those Allies who seek NATO support for the protection of their communication systems, including through the dispatch of Rapid Reaction Teams (RRTs). While the Allies continue to bear the main responsibility for the safety and security of their communications systems, NATO requires a reliable and secure supporting infrastructure. To this end, it will work with national authorities to develop principles and criteria to ensure a minimum level of cyber defence where national and NATO networks inter-connect.
Research and training
According to the revised policy, NATO will accelerate its efforts in training and education on cyber defence through its existing schools and the cyber defence center in Tallinn. The Cooperative Cyber Defence Centre of Excellence (CCDCoE) in Tallinn, Estonia, which was accredited as a NATO CoE in 2008, conducts research and training on cyber defence and has a staff of 30, including specialists from the sponsoring countries.
Cooperating with partners
As cyber threats do not recognise state borders, nor organisational boundaries, cooperation with partners on cyber defence is an important element of the revised NATO policy. Engagement with partners will be tailored and based on shared values and common approaches, with an emphasis on complementarity and non-duplication. NATO also recognises the importance of harnessing the expertise of the private sector and academia in this complex area where new ideas and new partnerships will be key.