Cyber defence

  • Last updated: 16 Jul. 2018 17:03

Cyber threats and attacks are becoming more common, sophisticated and damaging. The Alliance is faced with an evolving complex threat environment. In recent events, cyber attacks have been part of hybrid warfare. NATO and its Allies rely on strong and resilient cyber defences to fulfil the Alliance’s core tasks of collective defence, crisis management and cooperative security. NATO needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats and attacks it faces.


  • Cyber defence is part of NATO’s core task of collective defence.
  • NATO has affirmed that international law applies in cyberspace.
  • NATO's main focus in cyber defence is to protect its own networks (including operations and missions) and enhance resilience across the Alliance.
  • In July 2016, Allies reaffirmed NATO’s defensive mandate and recognised cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea.
  • Allies also made a Cyber Defence Pledge in July 2016 to enhance their cyber defences, as a matter of priority. Since then, almost all Allies have upgraded their cyber defences.
  • NATO reinforces its capabilities for cyber education, training and exercises.
  • Allies are committed to enhancing information-sharing and mutual assistance in preventing, mitigating and recovering from cyber attacks.
  • NATO Cyber Rapid Reaction teams are on standby to assist Allies, 24 hours a day, if requested and approved.
  • At the Brussels Summit in 2018, Allies agreed to set up a new Cyberspace Operations Centre as part of NATO’s strengthened Command Structure. They also agreed that NATO can draw on national cyber capabilities for its missions and operations.
  • NATO and the European Union (EU) are cooperating through a Technical Arrangement on cyber defence that was signed in February 2016. In light of common challenges, NATO and the EU are strengthening their cooperation on cyber defence, notably in the areas of information exchange, training, research and exercises.
  • NATO is intensifying its cooperation with industry through the NATO Industry Cyber Partnership.

More background information

  • Principal cyber defence activities

    NATO Policy on Cyber Defence

    To keep pace with the rapidly changing threat landscape and maintain robust cyber defences, NATO adopted an enhanced policy and action plan, which were endorsed by Allies at the Wales Summit in September 2014. An updated action plan has since been endorsed by Allies in February 2017. The policy establishes that cyber defence is part of the Alliance’s core task of collective defence, confirms that international law applies in cyberspace and intensifies NATO’s cooperation with industry. The top priority is the protection of the communications systems owned and operated by the Alliance.

    The policy also reflects Allied decisions on issues such as streamlined cyber defence governance, procedures for assistance to Allied countries, and the integration of cyber defence into operational planning (including civil emergency planning).  In addition, the policy defines ways to take forward awareness, education, training and exercise activities, and encourages further progress in various cooperation initiatives, including those with partner countries and international organisations. It also foresees boosting NATO’s cooperation with industry, including on information-sharing and the exchange of best practices. Allies have also committed to enhancing information-sharing and mutual assistance in preventing, mitigating and recovering from cyber attacks. 

    NATO’s cyber defence policy is complemented by an action plan with concrete objectives and implementation timelines on a range of topics from capability development, education, training and exercises, and partnerships.

    Allies pledged at the Warsaw Summit in 2016 to strengthen and enhance the cyber defences of national networks and infrastructures, as a matter of priority. Together with the continuous adaptation of NATO’s cyber defence capabilities, as part of NATO’s long-term adaptation, this will reinforce the cyber defence and overall resilience of the Alliance.

    At Warsaw, Allies also reaffirmed NATO’s defensive mandate and recognised cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea. As most crises and conflicts today have a cyber dimension, treating cyberspace as a domain will enable NATO to better protect and conduct its missions and operations.

    Developing the NATO cyber defence capability

    The NATO Computer Incident Response Capability (NCIRC) based at SHAPE, Mons, Belgium, protects NATO’s own networks by providing centralised and round-the-clock cyber defence support to the various NATO sites. This capability is expected to evolve on a continual basis, to maintain pace with the rapidly changing threat and technology environment.

    To facilitate an Alliance-wide and common approach to cyber defence capability development, NATO also defines targets for Allied countries’ implementation of national cyber defence capabilities via the NATO Defence Planning Process. In June 2017, further cyber defence capability targets were agreed by defence ministers.

    Cyber defence has also been integrated into NATO’s Smart Defence initiatives. Smart Defence enables countries to work together to develop and maintain capabilities they could not afford to develop or procure alone, and to free resources for developing other capabilities. The Smart Defence projects in cyber defence, so far, include the Malware Information Sharing Platform (MISP), the Smart Defence Multinational Cyber Defence Capability Development (MN CD2) project, and the Multinational Cyber Defence Education and Training (MN CD E&T) project.

    NATO is also helping member countries by sharing information and best practices, and by conducting cyber defence exercises to help develop national expertise. Similarly, individual Allied countries may, on a voluntary basis and facilitated by NATO, assist other Allies to develop their national cyber defence capabilities.

    Increasing NATO cyber defence capacity

    Recognising that cyber defence is as much about people as it is about technology, NATO continues to improve the state of its cyber defence education, training and exercises.

    NATO conducts regular exercises, such as the annual Cyber Coalition Exercise, and aims to integrate cyber defence elements and considerations into the entire range of Alliance exercises, including the annual Crisis Management Exercise (CMX). NATO is also enhancing its capabilities for cyber education, training and exercises, including the NATO Cyber Range, which is based at a facility provided by Estonia.

    To enhance situational awareness, an updated Memorandum of Understanding on Cyber Defence was developed in 2015. This updated MOU is now being concluded between NATO and the national cyber defence authorities of each of the 29 Allies. It sets out arrangements for the exchange of a variety of cyber defence-related information and assistance to improve cyber incident prevention, resilience and response capabilities.

    The NATO Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, Estonia is a NATO-accredited research and training facility dealing with cyber defence education, consultation, lessons learned, research and development. Although it is not part of the NATO Command Structure, the CCD CoE offers recognised expertise and experience.

    The NATO Communications and Information Systems School (NCISS) in Latina, Italy provides training to personnel from Allied (as well as non-NATO) nations relating to the operation and maintenance of NATO communication and information systems. NCISS will soon relocate to Portugal, where it will provide greater emphasis on cyber defence training and education.

    The NATO School in Oberammergau, Germany conducts cyber defence-related education and training to support Alliance operations, strategy, policy, doctrine and procedures. The NATO Defense College in Rome, Italy fosters strategic thinking on political-military matters, including on cyber defence issues.

    Cooperating with partners

    Because cyber threats defy state borders and organisational boundaries, NATO engages with relevant countries and organisations to enhance international security.

    Engagement with partner countries is based on shared values and common approaches to cyber defence. Requests for cooperation with the Alliance are handled on a case-by-case basis founded on mutual interest.

    NATO also works with, among others, the European Union (EU), the United Nations (UN) and the Organization for Security and Co-oper