NATO - North Atlantic Treaty Organisation

NATO and cyber defence

Against the background of rapidly developing technology, NATO is advancing its efforts to confront the wide range of cyber threats targeting the Alliance’s networks on a daily basis. NATO’s Strategic Concept and the 2012 Chicago Summit Declaration recognise that the growing sophistication of cyber attacks makes the protection of the Alliance’s information and communications systems an urgent task for NATO, and one on which its security now depends.

• Principal cyber defence activities

  Assisting individual Allies

  NATO’s top priority on cyber defence is protecting the communication systems owned and operated by the Alliance. The protection of national critical infrastructures remains a national responsibility, which requires nations to invest resources in developing their own capabilities. NATO is helping Allies in their efforts to build up cyber defences by sharing information and best practices and conducting cyber defence exercises. In addition, defence ministers on 4 June 2013 agreed to continue the discussions at their next meeting in October on how NATO can provide additional support to Allies who request assistance if they come under cyber attack.

  NATO requires a reliable and secure supporting infrastructure. To this end, it will work with national authorities to develop principles and criteria to ensure a minimum level of cyber defence where national and NATO networks interconnect.

  To achieve this, NATO will identify its critical dependencies on the Allies’ national information systems and networks and will work with Allies to develop common minimum security requirements.

  Integrating cyber defence into the National Defence Planning Process

  In accordance with the Lisbon mandate, cyber defence has been integrated into the NATO Defence Planning Process (NDPP) in April 2012. NDPP is a crucial tool to provide a framework within which national and Alliance defence planning activities can be harmonised to meet agreed targets in the most effective way.

  Cyber defence has also been integrated into NATO’s Smart Defence initiative, endorsed at the 2012 Chicago Summit. Smart Defence is a new mindset, enabling countries to work together to develop and maintain capabilities they would not afford to develop or procure alone, and to free resources for developing other capabilities.

  To draw attention to models for ‘early engagement’ with industry by NATO and its constituent bodies, the NATO Industrial Advisory Group (NIAG) provided in 2012 an industry perspective on how a NATO-Industry Partnership can be achieved (see below).

  Research and training

  According to the revised policy, NATO will accelerate its efforts in training and education on cyber defence through its existing schools and the cyber defence center in Tallinn, Estonia. The Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, which was accredited as a NATO CoE in 2008, conducts research and training on cyber defence and has cyber defence staff, including specialists from the sponsoring countries.

  Further information on the CCD CoE can be found at http://www.ccdcoe.org/

  The NATO Crisis Management Exercise (CMX12) and the Cyber Coalition Exercise (CC12) offered good opportunities in November 2012 to test NATO consultations and crisis management procedures in response to a cyber crisis.

  Cooperating with partners and International Organisations

  As cyber threats defy state borders or organisational boundaries, cooperation with partners and international organisations including the European Union (EU) on cyber defence is an important element of the revised NATO policy. Informal staff-level talks regarding cyber defence have continued with the EU.

  Engagement with partners is tailored and based on shared values and common approaches, with an emphasis on complementarity and non-duplication.

  Cyber defence goals and benchmarks have been incorporated into approximately 75 per cent of the bilateral cooperation programmes that have been agreed with individual Partners. Sweden, Finland and the EU participated in CMX12. Three Partner Nations participated in the Cyber Coalition Exercise 2012, and the European Union and three additional Partner Nations were observers.

  Further cyber defence engagement with partner countries and international organisations in areas such as crisis management, best practices, education, training and exercises will be conducted upon decision by Allies on a case-by-case basis.

  Cooperating with industry

  Developing genuine partnership with industry is broadly recognised as vital in ensuring effective cyber defence both within NATO countries and also for NATO.

  In 2012, the NIAG examined how the private sector can best assist NATO in carrying out its responsibilities for cyber defence, particularly concerning NATO’s role in coming to the aid of member countries subject to the potential or actuality of cyber attack. It provided an industry perspective on how an enhanced, sustainable NATO-Industry Partnership could be achieved across a wide range of cyber-defence related activities, to include information exchange, crisis management, planning and exercises.

  The NIAG is a high-level consultative body of senior industrialists of NATO member countries, acting under the Conference of National Armaments Directors (CNAD), and plays an important role in advising the CNAD on key issues regarding armaments cooperation policy and the industrial and technological base of the Alliance.

  Coordinating and advising on cyber defence

  The NATO Policy on Cyber Defence will be implemented by NATO’s political, military and technical authorities, as well as by individual Allies. According to the 2011 revised policy, the North Atlantic Council provides the high-level political oversight on all aspects of implementation. The Council will be apprised of major cyber incidents and attacks and exercises principal decision-making authority in cyber defence related crisis management.

  The Defence Policy and Planning Committee provides oversight and advice to Allies on the Alliance’s cyber defence efforts at the expert level. At the working level, the NATO Cyber Defence Management Board (CDMB) has the responsibility for coordinating cyber defence throughout NATO civilian and military bodies. The NATO CDMB comprises the leaders of the political, military, operational and technical staffs in NATO with responsibilities for cyber defence. This body operates under the auspices of the Emerging Security Challenges Division in NATO HQ (i.e. Chairmanship and staff support).

  The NATO Consultation, Control and Command (NC3) Board constitutes the main body for consultation on technical and implementation aspects of cyber defence.

  The NATO Military Authorities (NMA) and the NATO Communications and Information (NCI) Agency bear the specific responsibilities for identifying the statement of operational requirements, acquisition, implementation and operating of NATO’s cyber defence capabilities.

  Lastly, the NCI Agency, through its NCIRC Technical Centre, is responsible for the provision of technical and operational cyber security services throughout NATO. NCIRC is a two-tier functional capability where the NCIRC Technical Center constitutes NATO’s principal technical and operational capability and has a key role in responding to any cyber aggression against the Alliance. It provides a means for handling and reporting incidents and disseminating important incident-related information to system/ security management and users. It also concentrates incident handling into one centralised and coordinated effort, thereby eliminating duplication of effort.

  The NCIRC Coordination Centre is located in NATO HQ with co-located staff from NATO HQ C3S. It is a staff element responsible for coordination of cyber defence activities within NATO and with Nations, staff support to CDMB, planning of an annual cyber coalition exercise and cyber defence liaison with international organisations such as the European Union, the Organization for Security and Co-operation in Europe and the United Nations/International Telecommunication Union (UN/ITU ).The Cyber Threat Assessment Cell (CTAC) is also co-located with the NCIRC Coordination Centre.

• Context and evolution

  Although NATO has always been protecting its communication and information systems, the 2002 Prague Summit first placed cyber defence on the Alliance’s political agenda. Building on the technical achievements put in place since Prague, Allied leaders reiterated the need to provide additional protection to these information systems at their Riga Summit in 2006.

  After the cyber attacks against Estonian public and private institutions in April and May 2007, the NATO Defence Ministers at a meeting in June 2007 agreed that urgent work was needed in this area. In the months to follow, NATO conducted a thorough assessment of its approach to cyber defence, and the findings of the assessment recommended specific roles for the Alliance as well as the implementation of a number of new measures aimed at improving protection against cyber attacks. It also called for the development of a NATO cyber defence policy.

  In the summer of 2008, the war in Georgia demonstrated that cyber attacks have the potential to become a major component of conventional warfare. The development and use of destructive cyber tools that can threaten national and Euro-Atlantic security and stability represent a strategic shift that had increased the urgency for a new NATO cyber defence policy in order to strengthen the cyber defences not only of NATO Headquarters and its related structures, but across the Alliance as a whole.

  On 8 June 2011, NATO Defence Ministers approved a revised NATO Policy on Cyber Defence, a policy that sets out a clear vision for efforts in cyber defence throughout the Alliance, and an associated Action Plan for its implementation. In October 2011, ministers agreed on details of the Action Plan. This revised policy offers a coordinated approach to cyber defence across the Alliance with a focus on preventing cyber attacks and building resilience.

  In February 2012, a €58 million contract was awarded to establish a NATO Computer Incident Response Capability (NCIRC), to be fully operational by October 2013. A Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness.

  In April 2012, cyber defence was integrated into the NATO Defence Planning Process (NDPP). Relevant cyber defence requirements will be identified and prioritised through the NDPP.

  At Chicago in May 2012, heads of state and government reaffirmed their commitment to improve the Alliance’s cyber defences by bringing all of NATO’s networks under centralised protection and implementing the critical elements of the NCIRC’s full operational capability by October 2013.

  On 1 July 2012, against the background of the NATO Agencies Reform, which is part of an ongoing NATO reform process, the NATO Communications and Information (NCI) Agency was established. The agency will facilitate bringing all NATO bodies under centralised protection and provide significant operational benefits and long-term cost savings.

  In April 2013,a critical implementation milestone was met when the core network defence management infrastructure and analytic capability was installed at the NCIRC Technical Centre in Mons, Belgium.

  On 4 June 2013, in their first-ever meeting dedicated to cyber defence, NATO defence ministers agreed that the Alliance’s cyber-defence capability should be fully operational by the autumn. This includes the establishment of Rapid Reaction Teams to help protect NATO’s own systems. The protection will by then be extended to all the networks owned and operated by the Alliance. Defence ministers also agreed to continue the discussions at their next meeting in October 2013 on how NATO can support and assist Allies who request assistance if they come under cyber attack.