Assisting individual Allies
NATO’s top priority on cyber defence is protecting the communication systems owned and operated by the Alliance. The protection of national critical infrastructures remains a national responsibility, which requires nations to invest resources in developing their own capabilities. NATO is helping Allies in their efforts to build up cyber defences by sharing information and best practices and conducting cyber defence exercises. In addition, defence ministers on 4 June 2013 agreed to continue the discussions at their next meeting in October on how NATO can provide additional support to Allies who request assistance if they come under cyber attack.
NATO requires a reliable and secure supporting infrastructure. To this end, it will work with national authorities to develop principles and criteria to ensure a minimum level of cyber defence where national and NATO networks interconnect.
To achieve this, NATO will identify its critical dependencies on the Allies’ national information systems and networks and will work with Allies to develop common minimum security requirements.
Integrating cyber defence into the National Defence Planning Process
In accordance with the Lisbon mandate, cyber defence has been integrated into the NATO Defence Planning Process (NDPP) in April 2012. NDPP is a crucial tool to provide a framework within which national and Alliance defence planning activities can be harmonised to meet agreed targets in the most effective way.
Cyber defence has also been integrated into NATO’s Smart Defence initiative, endorsed at the 2012 Chicago Summit. Smart Defence is a new mindset, enabling countries to work together to develop and maintain capabilities they would not afford to develop or procure alone, and to free resources for developing other capabilities.
To draw attention to models for ‘early engagement’ with industry by NATO and its constituent bodies, the NATO Industrial Advisory Group (NIAG) provided in 2012 an industry perspective on how a NATO-Industry Partnership can be achieved (see below).
Research and training
According to the revised policy, NATO will accelerate its efforts in training and education on cyber defence through its existing schools and the cyber defence center in Tallinn, Estonia. The Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, which was accredited as a NATO CoE in 2008, conducts research and training on cyber defence and has cyber defence staff, including specialists from the sponsoring countries.
Further information on the CCD CoE can be found at http://www.ccdcoe.org/
The NATO Crisis Management Exercise (CMX12) and the Cyber Coalition Exercise (CC12) offered good opportunities in November 2012 to test NATO consultations and crisis management procedures in response to a cyber crisis.
Cooperating with partners and International Organisations
As cyber threats defy state borders or organisational boundaries, cooperation with partners and international organisations including the European Union (EU) on cyber defence is an important element of the revised NATO policy. Informal staff-level talks regarding cyber defence have continued with the EU.
Engagement with partners is tailored and based on shared values and common approaches, with an emphasis on complementarity and non-duplication.
Cyber defence goals and benchmarks have been incorporated into approximately 75 per cent of the bilateral cooperation programmes that have been agreed with individual Partners. Sweden, Finland and the EU participated in CMX12. Three Partner Nations participated in the Cyber Coalition Exercise 2012, and the European Union and three additional Partner Nations were observers.
Further cyber defence engagement with partner countries and international organisations in areas such as crisis management, best practices, education, training and exercises will be conducted upon decision by Allies on a case-by-case basis.
Cooperating with industry
Developing genuine partnership with industry is broadly recognised as vital in ensuring effective cyber defence both within NATO countries and also for NATO.
In 2012, the NIAG examined how the private sector can best assist NATO in carrying out its responsibilities for cyber defence, particularly concerning NATO’s role in coming to the aid of member countries subject to the potential or actuality of cyber attack. It provided an industry perspective on how an enhanced, sustainable NATO-Industry Partnership could be achieved across a wide range of cyber-defence related activities, to include information exchange, crisis management, planning and exercises.
The NIAG is a high-level consultative body of senior industrialists of NATO member countries, acting under the Conference of National Armaments Directors (CNAD), and plays an important role in advising the CNAD on key issues regarding armaments cooperation policy and the industrial and technological base of the Alliance.
Coordinating and advising on cyber defence
The NATO Policy on Cyber Defence will be implemented by NATO’s political, military and technical authorities, as well as by individual Allies. According to the 2011 revised policy, the North Atlantic Council provides the high-level political oversight on all aspects of implementation. The Council will be apprised of major cyber incidents and attacks and exercises principal decision-making authority in cyber defence related crisis management.
The Defence Policy and Planning Committee provides oversight and advice to Allies on the Alliance’s cyber defence efforts at the expert level. At the working level, the NATO Cyber Defence Management Board (CDMB) has the responsibility for coordinating cyber defence throughout NATO civilian and military bodies. The NATO CDMB comprises the leaders of the political, military, operational and technical staffs in NATO with responsibilities for cyber defence. This body operates under the auspices of the Emerging Security Challenges Division in NATO HQ (i.e. Chairmanship and staff support).
The NATO Consultation, Control and Command (NC3) Board constitutes the main body for consultation on technical and implementation aspects of cyber defence.
The NATO Military Authorities (NMA) and the NATO Communications and Information (NCI) Agency bear the specific responsibilities for identifying the statement of operational requirements, acquisition, implementation and operating of NATO’s cyber defence capabilities.
Lastly, the NCI Agency, through its NCIRC Technical Centre, is responsible for the provision of technical and operational cyber security services throughout NATO. NCIRC is a two-tier functional capability where the NCIRC Technical Center constitutes NATO’s principal technical and operational capability and has a key role in responding to any cyber aggression against the Alliance. It provides a means for handling and reporting incidents and disseminating important incident-related information to system/ security management and users. It also concentrates incident handling into one centralised and coordinated effort, thereby eliminating duplication of effort.
The NCIRC Coordination Centre is located in NATO HQ with co-located staff from NATO HQ C3S. It is a staff element responsible for coordination of cyber defence activities within NATO and with Nations, staff support to CDMB, planning of an annual cyber coalition exercise and cyber defence liaison with international organisations such as the European Union, the Organization for Security and Co-operation in Europe and the United Nations/International Telecommunication Union (UN/ITU ).The Cyber Threat Assessment Cell (CTAC) is also co-located with the NCIRC Coordination Centre.