Cyber defence

Against the background of increasing dependence on

technology and on the Internet, the Alliance is advancing
its efforts to confront the wide range of cyber threats
targeting NATO’s networks on a daily basis. The growing
sophistication of cyber attacks makes the protection of
the Alliance’s communications and information systems
(CIS) an urgent task.
 Principal cyber defence activities
NATO Policy on Cyber Defence

In order to keep abreast with the rapidly changing threat landscape and
maintain a robust cyber defence, NATO has adopted a new enhanced policy
and its action plan, which was endorsed by Allies at the Wales Summit in
September 2014. The policy establishes that cyber defence is part of the
Alliance’s core task of collective defence, confirms that international law
applies in cyberspace and intensifies NATO’s cooperation with industry. The
top priority is the protection of the communications systems owned and
operated by the Alliance.

The new policy also reflects Allied decisions on issues such as streamlined
cyber defence governance, procedures for assistance to Allied countries, and
the integration of cyber defence into operational planning (including civil
emergency planning). Further, the policy defines ways to take awareness,
education, training and exercise activities forward, and encourages further
progress in various cooperation initiatives, including those with partner
countries and international organisations. It also foresees boosting NATO’s
cooperation with industry based on information sharing and cooperative
supply chain management.

The Allies have also committed to enhancing information sharing and mutual
assistance in preventing, mitigating and recovering from cyber attacks. The
new policy is complemented by an action plan with concrete objectives and
implementation timelines.

Assisting individual Allies

While NATO’s top priority for cyber defence is the protection of

communications and information systems (CIS) which are owned and
operated by NATO, the Alliance requires a reliable and secure supporting
national infrastructure, in particular those national networks which may be
considered critical for NATO missions. To this end, NATO works with national
authorities to develop principles, criteria and mechanisms to ensure an
appropriate level of cyber defence for national CIS. The Alliance will continue
to identify NATO dependencies on the Allies’ national CIS for critical Alliance
tasks and will work with NATO countries to develop common standards.

NATO is also helping member countries in their efforts to protect their own
critical infrastructures by sharing information and best practices, and by
conducting cyber defence exercises to help develop national expertise.
Similarly, individual Allied countries may, on a voluntary basis and facilitated
by NATO, assist other Allies to develop their national cyber defence
capabilities.

Developing the NATO cyber defence capability

The NATO Computer Incident Response Capability (NCIRC) protects NATO’s

own networks by providing centralised and round-the-clock cyber defence
support to the various NATO sites. This capability is expected to evolve on a
continual basis, to maintain pace with the rapidly changing threat and
technology environment.

To facilitate an Alliance-wide and common approach to cyber defence

capability development, NATO also defines targets for Allied countries’
implementation of national cyber defence capabilities via the NATO Defence
Planning Process (NDPP).

Cyber defence has also been integrated into NATO’s Smart Defence initiative.
Smart Defence enables countries to work together to develop and maintain
capabilities they could not afford to develop or procure alone, and to free
resources for developing other capabilities. The Smart Defence projects in
cyber defence, so far, include the Malware Information Sharing Platform
(MISP), the Smart Defence Multinational Cyber Defence Capability
Development (MN CD2) project, and the Multinational Cyber Defence
Education and Training (MN CD E&T) project.

Increasing NATO cyber defence capacity

Recognising that cyber defence is as much about people as it is about

technology, NATO continues to improve the state of its cyber defence
education, training, exercises and evaluation.

NATO conducts regular exercises, such as the annual Cyber Coalition

Exercise, and aims to integrate cyber defence elements and considerations
into the entire range of Alliance exercises. NATO is also enhancing its
capabilities for cyber education, training and exercises, including the NATO
Cyber Range, which is based on a facility provided by Estonia.

The NATO Cooperative Cyber Defence Centre of Excellence (CCD CoE) in

Tallinn, Estonia is the foremost NATO-accredited research and training facility
dealing with cyber defence education, consultation, lessons learned, research
and development. Although it is not part of the NATO command structure, the
CCD CoE offers recognised expertise and experience.

The NATO Communications and Information Systems School (NCISS) in

Latina, Italy provides training to personnel from Allied (as well as non-NATO)
nations relating to the operation and maintenance of some NATO
communication and information systems. NCISS will soon relocate to
Portugal, where it will provide greater emphasis on cyber defence training and
education.

The NATO School in Oberammergau, Germany conducts cyber defence-

related education and training to support Alliance operations, strategy, policy,
doctrine and procedures. The NATO Defense College in Rome fosters
strategic thinking on political-military matters, including on cyber defence
issues.

Cooperating with partners

Because cyber threats defy state borders and organisational boundaries,

NATO engages with relevant countries and organisations to enhance
international security.

Engagement with partner countries is based on shared values and common

approaches to cyber defence. Requests for cooperation with the Alliance are
handled on a case-by-case basis.

NATO also works with, among others, the European Union (EU), the United
Nations (UN), the Council of Europe and the Organization for Security and
Cooperation in Europe (OSCE). The Alliance’s cooperation with other
international organisations is intended to ensure that actions are
complementary and avoid unnecessary duplication of work.
 Cooperating with industry

The private sector is a key player in cyberspace, and technological

innovations and expertise from the private sector are crucial to enable NATO
and Allied countries to mount an effective cyber defence.

Via the NATO Industry Cyber Partnership (NICP), NATO and Allies will work
to reinforce their relationships with industry. The principal aim of the NICP will
be to facilitate voluntary engagement between NATO and industry. This
partnership will rely on existing structures and will include NATO entities,
national Computer Emergency Response Teams (CERTs) and NATO
member countries’ industry representatives.

 Governance

The NATO Policy on Cyber Defence is implemented by NATO’s political,

military and technical authorities, as well as by individual Allies. The North
Atlantic Council (NAC) provides high-level political oversight on all aspects of
implementation. The Council is apprised of major cyber incidents and attacks,
and it exercises principal authority in cyber defence-related crisis
management.

The Cyber Defence Committee (formerly the Defence Policy and Planning
Committee/Cyber Defence), subordinate to the NAC, is the lead committee for
political governance and cyber defence policy in general, providing oversight
and advice to Allied countries on NATO’s cyber defence efforts at the expert
level. At the working level, the NATO Cyber Defence Management Board
(CDMB) is responsible for coordinating cyber defence throughout NATO
civilian and military bodies. The CDMB comprises the leaders of the policy,
military, operational and technical bodies in NATO with responsibilities for
cyber defence.
 The NATO Consultation, Control and Command (NC3) Board constitutes the
main committee for consultation on technical and implementation aspects of
cyber defence.

The NATO Military Authorities (NMA) and the NATO Communications and
Information Agency (NCIA) bear the specific responsibilities for identifying the
statement of operational requirements, acquisition, implementation and
operating of NATO’s cyber defence capabilities. Allied Command
Transformation (ACT) is responsible for the planning and conduct of the
annual Cyber Coalition Exercise.

Lastly, NCIA, through its NCIRC Technical Centre in Mons, Belgium, is

responsible for the provision of technical cyber security services throughout
NATO. The NCIRC Technical Centre has a key role in responding to any
cyber aggression against the Alliance. It handles and reports incidents, and
disseminates important incident-related information to system/security
management and users.

The NCIRC Coordination Centre is a staff element responsible for the

coordination of cyber defence activities within NATO and with member
countries, and for staff support to the CDMB. It ensures the cyber defence
liaison with other international organisations such as the EU, the OSCE and
the United Nations/International Telecommunication Union (UN/ITU).

 Evolution

Although NATO has always protected its communication and information

systems, the 2002 Prague Summit first placed cyber defence on the Alliance’s
political agenda. Allied leaders reiterated the need to provide additional
protection to these information systems at the Riga Summit in 2006.
Following the cyber attacks against Estonia’s public and private institutions in
April and May of 2007, Allied defence ministers agreed in June 2007 that
urgent work was needed in this area.  As a result, NATO approved its first
Policy on Cyber Defence in January 2008.

In the summer of 2008, the conflict between Russia and Georgia

demonstrated that cyber attacks have the potential to become a major
component of conventional warfare.

NATO adopted a new Strategic Concept at the Lisbon Summit in 2010, during
which the NAC was tasked to develop an in-depth NATO cyber defence policy
and to prepare an action plan for its implementation. 

In June 2011, NATO defence ministers approved the second NATO Policy on
Cyber Defence, which set out a vision for coordinated efforts in cyber defence
throughout the Alliance within the context of the rapidly evolving threat and
technology environment, and an associated action plan for its implementation.

In April 2012, the integration of cyber defence into the NATO Defence
Planning Process (NDPP) began. Relevant cyber defence requirements are
identified and prioritised through the defence planning process.

At the Chicago Summit in May 2012, Allied leaders reaffirmed their

commitment to improve the Alliance’s cyber defences by bringing all of
NATO’s networks under centralised protection and implementing a series of
upgrades to the NCIRC.

In July 2012, as part of the reform of NATO’s agencies, NCIA was

established.

In February 2014, Allied defence ministers tasked NATO to develop a new,

enhanced cyber defence policy regarding collective defence, assistance to
Allies, streamlined governance, legal considerations and relations with
industry. 

In April 2014, the NAC agreed to rename the Defence Policy and Planning
Committee (Cyber Defence) as the Cyber Defence Committee.

In May 2014, the full operational capability of the NCIRC (NCIRC FOC) was
achieved, providing enhanced protection to NATO networks and users. 

In June 2014, NATO defence ministers endorsed the new cyber defence
policy, which is currently being implemented. The new policy and its
implementation will be kept under close review at both the political and
technical levels within the Alliance and will be refined and updated in line with
the evolving cyber threat.

At the Wales Summit in September 2014, Allies approved a new action plan
which along with the new policy contributes to the fulfilment of the Alliance’s
core tasks.

On 17 September 2014, NATO launched an initiative to boost cooperation

with the private sector on cyber threats and challenges. The NATO Industry
Cyber Partnership (NICP) was presented at a two-day cyber conference held
in Mons, Belgium, where 1,500 industry leaders and policy makers gathered
to discuss cyber collaboration. The NICP was earlier endorsed at the Wales
Summit on 5 September by the 28 Allies.  It recognises the importance of
working with industry partners to enable the Alliance to achieve its cyber
defence policy’s objectives. 

On 10 February 2016, NATO and the EU concluded a Technical Arrangement

on Cyber Defence to help both organisations better meet this challenge. This
Technical Arrangement between the NATO Computer Incident Response
Capability (NCIRC) and the Computer Emergency Response Team of the EU
(CERT-EU) provides a framework for exchanging information and sharing
best practices between emergency response teams.