By Maj Gen (ret) Koen Gijsbers, General Manager, NATO Communications and Information Agency, Brussels
“The decision to recognise cyber as an operational domain alongside the existing environmental domains of
land, maritime and air, will change the way that NATO plans and conducts operations so that cyberdefence
is built into the planning from the start.”
Today’s cyberthreat landscape is markedly different from that of a few years ago. Experts and officials agree that the speed, sophistication and diversity of attacks has changed dramatically. Cyberrisks threaten the benefits, whether economic, political or social that the human invention of cyberspace can offer. Given this context, it is not surprising that nations and international organisations are taking this very seriously with a tangible response. NATO has recognized cyberdefence as a top priority and member nations have made a wide ranging cyberpledge for all Alliance nations to improve and modernise their own cyberdefences. Nations have also agreed that cyberspace should be viewed as an operational domain, a decision that will have wide ranging impacts across the Alliance’s organisation and operations. Equally, the EU has created multiple initiatives to standardise defence arrangements and to share information between Member States.
NATO’s Warsaw Summit: a game-changer
Many states who may be considered adversarial, now consider cybercapabilities as a legitimate and necessary part of their strategic toolbox alongside diplomacy, economic prowess and military might. Non-state actors continue to engage at many levels of sophistication and determination. The threat landscape continues to broaden and the level technical expertise necessary to operate in that landscape continues to drop. In the face of this threat, NATO is pursuing a number of positive and practical initiatives. As briefly mentioned above, at the last Summit the 28 nations that make up the Alliance have all made a pledge to improve their own cybersecurity and to keep pace with the fast evolving cyberlandscape. This is no hollow promise. Nations are devoting scarce resources to these improvements, actively reinforcing cooperation and information exchange amongst the Allies and prioritising education and training activities. Progress towards these improvements will be measured and reported annually. The decision to recognise cyber as an operational domain alongside the existing environmental domains of land, maritime and air, will change the way that NATO plans and conducts operations so that cyberdefence is built into the planning from the start. A roadmap to develop and implement these changes is now under way. These are examples of real and effective actions being taken by NATO in light of the stated Alliance priorities for cyberdefence.
The power of sharing
But it’s not just NATO on its own. The threats are faced by all international organisations including the EU. In February 2016, the NATO Computer Incident Response Capability (NCIRC) signed a technical agreement with the Computer Emergency Response Team of the European Union (CERT-EU) to provide a framework for information exchange and to share best practice at the technical level of defence. A year on, this agreement is proving to be very productive and of benefit to both NATO and the EU. Information sharing is not only limited to international organisations.
The Agency is facilitating a series of arrangements with NATO and non-NATO nations to exchange threat information and is also supporting the nations through wide ranging engagement using the framework of the NATO-Industry cyberpartnership. This initiative continues to grow and provide ever more information sharing and coordination between the Alliance and commercial organisations.
A comprehensive technological approach
The NCIRC and the associated elements that provide the spectrum of cyber security activities are an integral part of NATO’s Communications and Information Agency (NCI Agency). The Agency was born through a merger of five disparate organizations precisely in order to allow NATO to take a comprehensive view of its IT and cyberlandscape. The work of the cyberteam is conducted alongside and wholly coordinated with the other critical activities necessary to provide robust and resilient network operations for deployed and static users at more than 50 locations across the NATO area. This close integration of all network operations is a very real and irreplaceable strength. A cyberattack doesn’t exist in a vacuum. The whole Agency responds to the variety of threats in a coordinated, planned and efficient manner – cyberdefence is built into NATO’s network from the very start.
The benefits generated by this coordinated, integrated approach is not limited to real time operational defence but is applied across the whole cyberlifecycle of activities to prevent, assess, defend, inform and sustain. Whether Agency teams are designing security at the heart of new capabilities, reviewing NATO or (on request) national capabilities or raising awareness of the threat and facilitating information exchange, the whole really is greater than the sum of the parts. And – because of our funding regime – we can readily share this knowledge with Nations as they look to enhance their defences. As an example, the Agency is currently implementing the largest ever system change across NATO. Starting next year, a totally new communication and information system infrastructure will be deployed that will support, replace and harmonise
the Alliance’s current information technology in a way that will fundamentally enhance cyberdefence, resilience and robustness. Again, cyberdefence will be built in at the outset.
Need for speed
A critical point is the speed at which we can innovate. A number of NATO countries are pioneering new, innovative ways to partner with Industry, including small and medium enterprises, research centres and academia in order to speed up the introduction of cutting-edge technology into their defences. This for me is the next challenge – dramatically increasing the speed with which we can refresh and upgrade our technologies, so that we can stay ahead of the threat. Cyber evolves at the speed of fiber. We need to benefit from the pioneering examples of our member states that are fast-tracking cyberacquisition. In common with any modern large organisation, NATO needs command and control arrangements on which leaders can rely. There are organisations across the world whose aim is to attack and degrade the effectiveness of these arrangements. In order to provide the necessary mission assurance capabilities to NATO now and in the future, my Agency is developing and implementing world class capabilities. Part of our strength lies in the broad perspective we have on NATO IT, and a comprehensive technological approach. But no man is an island and the Alliance is no different. To succeed we must share information and cooperate with other organisations, nations and commerce.