NATO is developing new measures to enhance the protection of its communication and information systems against attempts at disruption through attacks or illegal access. These efforts form practical aspects of a common policy on cyber defence.
This new policy establishes the basic principles and provides direction to NATO’s civil and military bodies in order to ensure a common and coordinated approach to cyber defence and any response to cyber attacks. It also contains recommendations for individual NATO countries on the protection of their national systems.
NATO’s policy on cyber defence was approved in January 2008 and has been endorsed by heads of state and government at the Bucharest Summit in April.
The Alliance’s relevant military and technical committees and bodies, as well as the Allies individually, are now engaged in implementing the policy. In line with this, NATO's Military Committee recently agreed on a Cyber Defence Concept which adds practical action programmes to fit within the overarching policy.
More…The 2002 Prague Summit marked NATO’s first tasking with regards to cyber defence activities. Building on the technical achievements put in place since Prague, Allied leaders acknowledged the need to protect information systems over the longer term at the NATO Riga Summit in November 2006.
A major cyber attack on Estonian public and private institutions in April and May 2007 prompted NATO to take a harder look at its cyber defences. At their meeting on 14 June 2007 Allied Defence Ministers agreed that urgent work was needed in this area.
Following this, NATO conducted a thorough assessment of its approach to cyber defence resulting in a report to Allied Defence Ministers in October 2007.
The report recommended specific roles for the Alliance as well as the implementation of a number of new measures aimed at improving protection against cyber attacks. The report also called for the development of a NATO cyber defence policy. This policy was agreed in early 2008.
The North Atlantic Council – NATO’s top political decision-making body - has overall control over NATO’s policies and activities with regard to cyber defence. NATO’s Consultation, Control and Command Agency (NC3A) and the NATO Military Authorities (NMA) bear particular responsibility for the implementation of the new policy. NATO’s Computer Incident Response Capability (NCIRC) will have a key role in responding to any cyber aggression against the Alliance.
