Coordinating and advising on cyber defence
The NATO Policy on Cyber Defence will be implemented by NATO’s political, military and technical authorities, as well as by individual Allies. According to the revised policy, the North Atlantic Council provides the high level political oversight on all aspects of implementation. The Council will be apprised of major cyber incidents and attacks and exercises principal decision-making authority in cyber defence related crisis management. The Defence Policy and Planning Committee provides Allies’ oversight and advice on the Alliance’s cyber defence efforts at the expert level. At the working level, the NATO Cyber Defence Management Board (CDMB) has the responsibility for coordinating cyber defence throughout NATO Civilian and Military bodies. The NATO CDMB comprises the leaders of the political, military, operational and technical staffs in NATO with responsibilities for cyber defence. The NATO CDMB operates under the auspices of the Emerging Security Challenges Division in NATO HQ (i.e. Chairmanship and staff support).
The NATO Consultation, Control and Command (NC3) Board constitutes the main body for consultation on technical and implementation aspects of cyber defence.
The NATO Military Authorities (NMA) and NATO’s Communications and Information (NCI) Agency bear the specific responsibilities for identifying the statement of operational requirements, acquisition, implementation and operating of NATO’s cyber defence capabilities.
Lastly, the NCI Agency, through its NCIRC Technical Centre, is responsible for provision of technical and operational cyber security services throughout NATO. NCIRC is a two-tier functional capability where The NCIRC Technical Center constitutes NATO’s principal technical and operational capability and has a key role in responding to any cyber aggression against the Alliance. It provides a means for handling and reporting incidents and disseminating important incident-related information to system/ security management and users. It also concentrates incident handling into one centralised and coordinated effort, thereby eliminating duplication of effort. First tier of NCIRC is the NCIRC Coordination Centre, located in NATO HQ with co-located staff from NATO HQ C3S. NCIRC Coordination Centre is a staff element responsible for coordination of cyber defence activities within NATO and with Nations, staff support to CDMB, planning of Annual Cyber Coalition Exercise and cyber defence liaison with International Organizations such as EU, OSCE and UN/ITU. Cyber Threat Assessment Cell (CTAC) is also co-located with NCIRC Coordination Centre.
Assisting individual Allies
Prior to the cyber attacks against Estonia in 2007, NATO’s cyber defence efforts were primarily concentrated on protecting the communication systems owned and operated by the Alliance. As a result of the attacks, which were directed against public services and carried out throughout the internet, NATO’s focus has been broadened. NATO has developed and will be continuously enhancing mechanisms for assisting those Allies who seek NATO support for the protection of their communication systems, including through the dispatch of Rapid Reaction Teams (RRTs). While the Allies continue to bear the main responsibility for the safety and security of their communications systems, NATO requires a reliable and secure supporting infrastructure. To this end, it will work with national authorities to develop principles and criteria to ensure a minimum level of cyber defence where national and NATO networks inter-connect.
Research and training
According to the revised policy, NATO will accelerate its efforts in training and education on cyber defence through its existing schools and the cyber defence center in Tallinn. The Cooperative Cyber Defence Centre of Excellence (CCDCoE) in Tallinn, Estonia, which was accredited as a NATO CoE in 2008, conducts research and training on cyber defence and has cyber defence staff, including specialists from the sponsoring countries. Further information on CCD CoE can be found at http://www.ccdcoe.org/
Cooperating with partners
As cyber threats do not recognise state borders, nor organisational boundaries, cooperation with partners on cyber defence is an important element of the revised NATO policy. Engagement with partners will be tailored and based on shared values and common approaches, with an emphasis on complementarity and non-duplication. NATO also recognises the importance of harnessing the expertise of the private sector and academia in this complex area where new ideas and new partnerships will be key.