NATO - North Atlantic Treaty Organisation

NATO and cyber defence

Cyber attacks continue to pose a real threat to NATO and cyber defence will continue to be a core capability of the Alliance.

NATO’s Strategic Concept recognises that the growing sophistication of cyber attacks makes the protection of the Alliance’s information and communications systems an urgent task for NATO, and one on which its security now depends.

On 8 June 2011, NATO Defence Ministers approved a revised NATO Policy on Cyber Defence, a policy that sets out a clear vision for efforts in cyber defence throughout the Alliance, and an associated Action Plan for its implementation. In October 2011, Ministers agreed on details of the Action Plan. 

This revised policy offers a coordinated approach to cyber defence across the Alliance with a focus on preventing cyber attacks and building resilience. All NATO structures will be brought under centralised protection, and new cyber defence requirements will be applied. The policy clarifies political and operational mechanisms of NATO’s response to cyber attacks, and integrates cyber defence into NATO’s Defence Planning Process. It also sets out the framework for how NATO will assist Allies, upon request, in their own cyber defence efforts, with the aim to optimise information sharing and situational awareness, collaboration and secure interoperability based on NATO agreed standards. Finally, the policy sets the principles on NATO’s cyber defence cooperation with partner countries, international organisations, the private sector and academia.

In February 2012, a 58 million Euro contract was awarded to establish a NATO Computer Incident Response Capability (NCIRC), to be fully operational by the end of 2012. A  Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness.

At Chicago in May 2012, heads of state and government reaffirmed their commitment to improve the Alliance’s cyberdefences, by bringing all of NATO networks under centralized protection and implementing the critical elements of the NCIRC’s full operational capability by the end of 2012.

On 1 July 2012, against the background of the agencies reform, which is part of an ongoing NATO reform process, the NATO Communications and Information Agency (NCIA) was established. The agency will facilitate bringing all NATO bodies under centralized protection and provide significant operational benefits and long-term cost savings.

  • Context and evolution

    Although NATO has long been protecting its communication and information systems, the 2002 Prague Summit first placed cyber defence on the Alliance’s political agenda. Building on the technical achievements put in place since Prague, Allied leaders reiterated the need to provide additional protection to these information systems at their Summit in Riga in November 2006.

    A series of major cyber attacks on Estonian public and private institutions in April and May 2007 prompted NATO to take a harder look at its cyber defences. At a meeting in June 2007, the NATO Defence Ministers agreed that urgent work was needed in this area. In the months to follow, NATO conducted a thorough assessment of its approach to cyber defence, and the findings of the assessment recommended specific roles for the Alliance as well as the implementation of a number of new measures aimed at improving protection against cyber attacks. It also called for the development of a NATO cyber defence policy.

    Since the cyber attacks against Estonia in 2007, cyber threats have rapidly evolved in frequency and sophistication. In the summer of 2008, the war in Georgia demonstrated that cyber attacks have the potential to become a major component of conventional warfare. The development and use of destructive cyber tools that can threaten national and Euro-Atlantic security and stability represent a strategic shift that has increased the urgency for a new NATO cyber defence policy in order to strengthen the cyber defences not only of NATO Headquarters and its related structures, but across the Alliance as a whole.

    With this in mind, the Strategic Concept adopted at the 2010 Lisbon Summit highlighted the need for accelerated efforts in cyber defence and tasked the North Atlantic Council to develop a new NATO policy on cyber defence which was adopted by the NATO Defence Ministers on 8 June 2011 and an action plan which is being implemented. The subsequent Chicago Summit in 2012 reaffirmed this policy.

  • Principal cyber defence activities

    Coordinating and advising on cyber defence

    The NATO Policy on Cyber Defence will be implemented by NATO’s political, military and technical authorities, as well as by individual Allies. According to the revised policy, the North Atlantic Council provides the high level political oversight on all aspects of implementation. The Council will be apprised of major cyber incidents and attacks and exercises principal decision-making authority in cyber defence related crisis management. The Defence Policy and Planning Committee provides Allies’ oversight and advice on the Alliance’s cyber defence efforts at the expert level. At the working level, the NATO Cyber Defence Management Board (CDMB) has the responsibility for coordinating cyber defence throughout NATO Civilian and Military bodies. The NATO CDMB comprises the leaders of the political, military, operational and technical staffs in NATO with responsibilities for cyber defence. The NATO CDMB operates under the auspices of the Emerging Security Challenges Division in NATO HQ (i.e. Chairmanship and staff support).

    The NATO Consultation, Control and Command (NC3) Board constitutes the main body for consultation on technical and implementation aspects of cyber defence.

    The NATO Military Authorities (NMA) and NATO’s Communications and Information (NCI) Agency bear the specific responsibilities for identifying the statement of operational requirements, acquisition, implementation and operating of  NATO’s cyber defence capabilities.

    Lastly, the NCI Agency, through its NCIRC Technical Centre, is responsible for provision of technical and operational cyber security services  throughout NATO. NCIRC is a two-tier functional capability where The NCIRC Technical Center constitutes NATO’s principal technical and operational capability and has a key role in responding to any cyber aggression against the Alliance. It provides a means for handling and reporting incidents and disseminating important incident-related information to system/ security management and users. It also concentrates incident handling into one centralised and coordinated effort, thereby eliminating duplication of effort. First tier of NCIRC is the NCIRC Coordination Centre, located in NATO HQ with co-located staff from NATO HQ C3S. NCIRC Coordination Centre is a staff element responsible for coordination of cyber defence activities within NATO and with Nations, staff support to CDMB, planning of Annual Cyber Coalition Exercise and cyber defence liaison with International Organizations such as EU, OSCE and UN/ITU. Cyber Threat Assessment Cell (CTAC) is also co-located with NCIRC Coordination Centre.

    Assisting individual Allies

    Prior to the cyber attacks against Estonia in 2007, NATO’s cyber defence efforts were primarily concentrated on protecting the communication systems owned and operated by the Alliance. As a result of the attacks, which were directed against public services and carried out throughout the internet, NATO’s focus has been broadened. NATO has developed and will be continuously enhancing mechanisms for assisting those Allies who seek NATO support for the protection of their communication systems, including through the dispatch of Rapid Reaction Teams (RRTs). While the Allies continue to bear the main responsibility for the safety and security of their communications systems, NATO requires a reliable and secure supporting infrastructure. To this end, it will work with national authorities to develop principles and criteria to ensure a minimum level of cyber defence where national and NATO networks inter-connect.

    Research and training

    According to the revised policy, NATO will accelerate its efforts in training and education on cyber defence through its existing schools and the cyber defence center in Tallinn. The Cooperative Cyber Defence Centre of Excellence (CCDCoE) in Tallinn, Estonia, which was accredited as a NATO CoE in 2008, conducts research and training on cyber defence and has cyber defence staff, including specialists from the sponsoring countries. Further information on CCD CoE can be found at http://www.ccdcoe.org/

    Cooperating with partners

    As cyber threats do not recognise state borders, nor organisational boundaries, cooperation with partners on cyber defence is an important element of the revised NATO policy. Engagement with partners will be tailored and based on shared values and common approaches, with an emphasis on complementarity and non-duplication. NATO also recognises the importance of harnessing the expertise of the private sector and academia in this complex area where new ideas and new partnerships will be key.

Last updated: 14-Mar-2013 11:45

Topics

Quicklinks