Cyber defence: next steps
Cyber attacks have become more common, more destructive and more sophisticated. At the 2010 Lisbon Summit, Allied leaders noted that this could threaten national and Euro-Atlantic security, and therefore agreed to enhance the Alliance’s cyber defence capabilities. The next steps in this area were discussed by NATO defence ministers when they met at NATO Headquarters in Brussels on 8 and 9 June.
The Allies agreed that NATO should revise its cyber defence policy adopted in January 2008 and develop an action plan to strengthen its own defences and better defend its populations and systems against cyber threats. A concept on NATO cyber defence, which provides the conceptual basis for this revision, was agreed by NATO defence ministers in March 2011.
At their meeting in June, defence ministers adopted the revised policy and agreed on an action plan, addressing the two major questions facing Allies: what does NATO want to defend and how should it do it?
“The new NATO policy will not only enable NATO to defend its own networks more quickly and effectively but also provide much more assistance to Allies and Partners in all the three crucial areas of cyber security: prevention, coping with cyber attacks and limiting their impact, and helping countries which are attacked to recover and restore their vital information systems rapidly,” says Jamie Shea, Deputy Assistant Secretary General, Emerging Security Challenges Division. “This is real progress for NATO.”
The revised policy and action plan work in parallel. The revised policy offers a coordinated approach to cyber defence across the Alliance. It focuses on the prevention of cyber attacks and building resilience. All NATO structures will be brought under centralised protection, and new cyber defence requirements will be applied. NATO’s work on cyber defence will be integrated into NATO’s Defence Planning Process. While no new military structures to deal with cyber threats will be created, Allies will ensure that appropriate cyber defence capabilities are included as part of their planning to protect information infrastructures that are critical for core Alliance tasks The revised cyber defence policy also stipulates NATO’s principles on cyber defence cooperation with partner countries, international organisations, the private sector and academia. The Action Plan will serve as the tool to ensure the timely and effective implementation of this policy.
“Nowhere is the need to act today rather than tomorrow more evident than in the area of cyber security,” says NATO Secretary General Anders Fogh Rasmussen. “A well orchestrated cyber attack can turn off the power in your house, your city, your country. It can shut down air traffic control. It can shut down banks. In short, a cyber attack can bring a country down without a single soldier having to cross its borders… It is no exaggeration to state that cyber attacks have become a new form of permanent, low-level warfare.”