NATO - North Atlantic Treaty Organization

NATO and cyber defence

Against the background of increasing dependence on technology and web-based communications, NATO is advancing its efforts to confront the wide range of cyber threats targeting the Alliance’s networks on a daily basis. NATO’s Strategic Concept and the 2012 Chicago Summit Declaration recognised that the growing sophistication of cyber attacks makes the protection of the Alliance’s information and communications systems an urgent task for NATO.

In June 2011, NATO adopted a new cyber defence policy and the associated Action Plan, which sets out a clear vision of how the Alliance plans to bolster its cyber defence efforts. This policy reiterates that the priority is the protection of the NATO network but that any collective defence response is subject to a decision by the North Atlantic Council, NATO’s principal political decision-making body.

The revised policy offers a coordinated approach to cyber defence across the Alliance. It focuses on the capability to better detect, prevent and respond to cyber threats against NATO’s networks. All NATO structures will be brought under centralised cyber protection to deal with the vast array of cyber threats it currently faces, integrating these defensive requirements into the NATO Defence Planning Process. This way, Allies will ensure that appropriate cyber defence capabilities are included as part of their planning to protect information infrastructures that are connected to the NATO network and critical for core Alliance tasks. The revised cyber defence policy also stipulates NATO’s cooperation with partner countries, international organisations, the private sector and academia.

  • Principal cyber defence activities

    Assisting individual Allies

    NATO’s top priority on cyber defence is protecting the communication systems owned and operated by the Alliance. The protection of national critical infrastructures remains a national responsibility, which requires nations to invest resources in developing their own capabilities. NATO is helping Allies in their efforts to build up cyber defences by sharing information and best practices and conducting cyber defence exercises in order to develop the necessary expertise to compliment the related technology. Allies are still discussing how NATO should further facilitate this collective effort and what support could be provided to Allies, if requested.

    NATO requires a reliable and secure supporting infrastructure. To this end, it will work with national authorities to develop principles and criteria to ensure a minimum level of cyber defence where national and NATO networks interconnect.

    To achieve this, NATO will identify its critical dependencies on the Allies’ national information systems and networks and will work with Allies to develop common minimum security requirements.

    Integrating cyber defence into the NATO Defence Planning Process

    In accordance with the Lisbon mandate, cyber defence began its integration into the NATO Defence Planning Process (NDPP) in April 2012. NDPP is a crucial tool to provide a framework within which national and Alliance defence planning activities can be harmonised to meet agreed targets in the most effective way.

    Cyber defence has also been integrated into NATO’s Smart Defence initiative, endorsed at the 2012 Chicago Summit. Smart Defence is a new mindset, enabling countries to work together to develop and maintain capabilities they could not afford to develop or procure alone, and to free resources for developing other capabilities.

    To draw attention to models for ‘early engagement’ with industry by NATO and its constituent bodies, the NATO Industrial Advisory Group (NIAG) provided in 2012 an industry perspective on how a NATO-Industry Partnership can be achieved (see below).

    Research and training

    According to the revised policy, NATO will accelerate its efforts in training and education on cyber defence through its existing schools and the cyber defence center in Tallinn, Estonia. The Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, which was accredited as a NATO CoE in 2008, conducts research and training on cyber defence and has cyber defence staff, including specialists from the sponsoring countries.

    Further information on the CCD CoE can be found at

    The NATO Cyber Coalition Exercise (CC13) in November 2013 offered a good opportunity to exercise NATO crisis management and information-sharing procedures.

    Cooperating with partners and international organisations

    As cyber threats defy state borders or organisational boundaries, cooperation with partners and international organisations including the European Union (EU) on cyber defence is an important element of the revised NATO policy. Informal staff-level talks regarding cyber defence have continued with the EU.

    Engagement with partners is tailored and based on shared values and common approaches, with an emphasis on complementarity and non-duplication.

    Cyber defence goals and benchmarks have been incorporated into approximately 75 per cent of the bilateral cooperation programmes that have been agreed with individual Partners.  Five partner nations (Austria, Finland, Ireland, Sweden and Switzerland) participated in CC13. The cyber defence staff of the European Union and New Zealand observed.

    Further cyber defence engagement with partner countries and international organisations in areas such as crisis management, best practices, education, training and exercises will be conducted upon decision by Allies on a case-by-case basis.

    Cooperating with industry

    Developing genuine partnership with industry is broadly recognised as vital in ensuring effective cyber defence both within NATO countries and also for NATO.

    In 2012, the NIAG examined how the private sector can best assist NATO in carrying out its responsibilities for cyber defence, particularly concerning NATO’s role in coming to the aid of member countries subject to a potential or actual cyber attack. It provided an industry perspective on how an enhanced, sustainable NATO-Industry Partnership could be achieved across a wide range of cyber-defence related activities, to include information exchange, crisis management, planning and exercises.

    In 2013 and 2014, the NIAG will conduct an in-depth study on actions NATO should take in collaboration with industry to facilitate NATO cyber defence during crisis.

    The NIAG is a high-level consultative body of senior industrialists of NATO member countries, acting under the Conference of National Armaments Directors (CNAD), and plays an important role in advising the CNAD on key issues regarding armaments cooperation policy and the industrial and technological base of the Alliance.

    Coordinating and advising on cyber defence

    The NATO Policy on Cyber Defence will be implemented by NATO’s political, military and technical authorities, as well as by individual Allies. According to the 2011 revised policy, the North Atlantic Council provides the high-level political oversight on all aspects of implementation. The Council will be apprised of major cyber incidents and attacks and exercises principal decision-making authority in cyber defence related crisis management.

    The Defence Policy and Planning Committee provides oversight and advice to Allies on the Alliance’s cyber defence efforts at the expert level. At the working level, the NATO Cyber Defence Management Board (CDMB) has the responsibility for coordinating cyber defence throughout NATO civilian and military bodies. The NATO CDMB comprises the leaders of the political, military, operational and technical staffs in NATO with responsibilities for cyber defence. This body operates under the auspices of the Emerging Security Challenges Division in NATO HQ (i.e. Chairmanship and staff support).

    The NATO Consultation, Control and Command (NC3) Board constitutes the main body for consultation on technical and implementation aspects of cyber defence.

    The NATO Military Authorities (NMA) and the NATO Communications and Information (NCI) Agency bear the specific responsibilities for identifying the statement of operational requirements, acquisition, implementation and operating of NATO’s cyber defence capabilities.

    Lastly, the NCI Agency, through its NATO Computer Incident Response Capability (NCIRC) Technical Centre, is responsible for the provision of technical and operational cyber security services throughout NATO. NCIRC is a two-tier functional capability where the NCIRC Technical Center constitutes NATO’s principal technical and operational capability and has a key role in responding to any cyber aggression against the Alliance. It provides a means for handling and reporting incidents and disseminating important incident-related information to system/ security management and users. It also concentrates incident handling into one centralised and coordinated effort, thereby eliminating duplication of effort.

    The NCIRC Coordination Centre is located in NATO Headquarters in Brussels, Belgium. It is a staff element responsible for coordination of cyber defence activities within NATO and with nations, staff support to the CDMB, planning of an annual cyber coalition exercise and cyber defence liaison with international organisations such as the European Union, the Organization for Security and Co-operation in Europe (OSCE) and the United Nations/International Telecommunication Union (UN/ITU ).

  • Context and evolution

    Although NATO has always been protecting its communication and information systems, the 2002 Prague Summit first placed cyber defence on the Alliance’s political agenda. Building on the technical achievements put in place since Prague, Allied leaders reiterated the need to provide additional protection to these information systems at their Riga Summit in 2006.

    After the cyber attacks against Estonian public and private institutions in April and May 2007, the NATO Defence Ministers at a meeting in June 2007 agreed that urgent work was needed in this area. In the months to follow, NATO conducted a thorough assessment of its approach to cyber defence, and the findings of the assessment recommended specific roles for the Alliance as well as the implementation of a number of new measures aimed at improving protection against cyber attacks. It also called for the development of a NATO cyber defence policy.

    In the summer of 2008, the war in Georgia demonstrated that cyber attacks have the potential to become a major component of conventional warfare. The development and use of destructive cyber tools that could threaten national and Euro-Atlantic security and stability represented a strategic shift that had increased the urgency for a new NATO cyber defence policy in order to strengthen the cyber defences not only of NATO Headquarters and its related structures, but across the Alliance as a whole.

    On 8 June 2011, NATO Defence Ministers approved a revised NATO Policy on Cyber Defence, a policy that sets out a clear vision for efforts in cyber defence throughout the Alliance, and an associated Action Plan for its implementation. In October 2011, ministers agreed on details of the Action Plan. This revised policy offers a coordinated approach to cyber defence across the Alliance with a focus on preventing cyber attacks and building resilience.

    In February 2012, a €58 million contract was awarded to establish an upgrade of the   NCIRC, to be fully operational by autumn 2013. A Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness.

    In April 2012, cyber defence began its integration into the NATO Defence Planning Process (NDPP). Relevant cyber defence requirements will be identified and prioritised through the NDPP.

    At Chicago in May 2012, heads of state and government reaffirmed their commitment to improve the Alliance’s cyber defences by bringing all of NATO’s networks under centralised protection and implementing a series of upgrades to the NCIRC.

    On 1 July 2012, against the background of the NATO Agencies Reform, which is part of an ongoing NATO reform process, the NATO Communications and Information (NCI) Agency was established. The agency will facilitate bringing all NATO bodies under centralised protection and provide significant operational benefits and long-term cost savings.

    In April 2013, a critical implementation milestone was met when the core network defence management infrastructure and analytic capability was installed at the NCIRC Technical Centre in Mons, Belgium.

    On 4 June 2013, in their first-ever meeting dedicated to cyber defence, NATO Defence Ministers agreed that the Alliance’s NCIRC should have its upgrade completed by autumn 2013. This includes the establishment of Rapid Reaction Teams to help protect NATO’s own systems. Defence ministers also agreed to continue the discussions at their next meeting in October 2013 on how NATO can support and assist Allies who request assistance if they come under cyber attack.

    On 22 October 2013, NATO Defence Ministers concluded that the Alliance is on track in upgrading its ability to protect NATO’s networks.

Last updated: 22-Oct-2013 13:29