.
Cyber space is without limits. Open to everyone, connecting people around the globe, it has offered unprecedented opportunities for our economies and has transformed the fabric of our societies. But it has also made our open societies extremely vulnerable. Spectacular intrusions into the world wide web, often called “cyber attacks”, have made for headlines in media across the world. Cyber crime is a booming business, making about half a trillion US-Dollars every year. Cybersecurity has become a major concern, not only for business, but for governments as well, which have to provide security for their countries and defend the civil liberties of their citizens. The significant increase in intensity and sophistication of cyber attacks and their use in military operations have raised serious concerns at Nato and among the 28 Allies.
At its most recent Summit in Wales in September 2014, the Alliance adopted an “Enhanced NATO Policy On Cyber Defense”. This document marks the key elements in Nato’s approach to cyber defense: First, it affirms that cyber defense is part of Nato’s core task of collective defense. Secondly, it confirms that International Law, including International Humanitarian Law and the UN Charter, apply in cyber space. It makes clear that cyber space should be governed internationally by the rule of law. NATO’s mandate in the cyber domain is one of defense. It is about defense based on protection and resilience. It is not about the militarization of cyber space or about promoting cyber warfare. But Nato needs to adapt and respond to threats as they arose from the use of sophisticated cyber capabilities during the military operations in Georgia in 2008 and in the crisis in Ukraine in 2014. Also, the increasing use of cyber attack by terrorist groups like ISIL and the growing dimension of cyber threats in the context of Hybrid Warfare generate growing concern.
Cyber defense was first put on the Alliance’s political agenda at the Prague Summit in 2002. The first result of this effort was the establishment, in 2004, of the NATO Computer Incident Response Capability (NCIRC). This is the Alliance’s primary tool for the prevention, detection, and mitigation of cyber attacks on NATO networks.
After the cyber attacks in Estonia in 2007 and the use of cyber components in the short conventional war between Russia and Georgia in 2008, cyber security was included into the Strategic Concept of 2010, still valid today. Here, NATO defines a “New Security Environment”. Consequently, a new Cyber Defense Policy was developed in 2011, extending, among other things, the NCIRC by two small Rapid Reaction Teams which are ready to deploy rapidly to any NATO installation, where a cyber attack is serious enough to necessitate human involvement, where an intrusion cannot be repaired from a distance or by technical means only.
However, since 2011 other important steps have been taken as well. Beginning in 2013, Allies have begun including elements of cyber defense into their defense planning. As the new 4-year-planning cycle has just started, cyber defense has become an integral part of that planning process. Finally, cyber defense considerations are also being integrated into NATO operations and operational planning, including contingency planning. In this way, cyber defense has become an integral part of all military planning in the Alliance.
This includes, of course, all training and education activities, where NATO aims at supporting Allies in providing the right people for this important task. Cyber defense is as much about people and processes than it is about technology. And therefore, well trained and educated personnel also engages in regular exercises to make sure that they push the right buttons and call the right people in order to prevent serious attacks from happening and/or to provide the best possible resilience and repair damage as quickly as possible.
Finally, cyberdefense offers NATO a whole new focus on cooperation, not only among each other, but with all kinds of partners. Nato and its 28 member states are part of a network connecting 69 countries, linked to Nato in different formats of official partnerships. They all are interested in cooperating with Nato in one way or the other, as, regarding the challenges from cyber space, they all face the same problems. Equally, international organizations like the European Union (EU), the Organization for Security and Cooperation in Europe (OSCE), the Council of Europe, and the United Nations (UN) engage in constant dialogue with Nato on the issue of cyber security.
Most interesting, NATO also has made cooperation with industry a priority objective. After all, industry is a key player in cyber space. It owns the majority of the world’s information systems, develops and provides the technical solutions for cyber defense. Most of the technological innovation lies with industry. This makes for a whole new kind of cooperation, for which Nato has offered a “NATO-Industry Cyber Partnership” (NICP).
Cyber space once was identified as a “space of unimaginable complexity”. It proves also to be a very fast changing landscape, fuelled by positive input such as technological evolution and innovation, but also by tendencies aimed at exploiting it for negative, illegal or harmful purposes. Cyber defense will require constant adaptation and agility and a true spirit of cooperation and team work between all those stakeholders who are interested in the preservation of the cyber domain as a space of freedom, growth, and security.
Ambassador Sorin Ducaru is the Assistant Secretary General of NATO for Emerging Security Challenges.
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.
a global affairs media network
Cyberdefense: An Increasing Priority
Cyber Crime
June 11, 2015
Cyber space is without limits. Open to everyone, connecting people around the globe, it has offered unprecedented opportunities for our economies and has transformed the fabric of our societies. But it has also made our open societies extremely vulnerable. Spectacular intrusions into the world wide web, often called “cyber attacks”, have made for headlines in media across the world. Cyber crime is a booming business, making about half a trillion US-Dollars every year. Cybersecurity has become a major concern, not only for business, but for governments as well, which have to provide security for their countries and defend the civil liberties of their citizens. The significant increase in intensity and sophistication of cyber attacks and their use in military operations have raised serious concerns at Nato and among the 28 Allies.
At its most recent Summit in Wales in September 2014, the Alliance adopted an “Enhanced NATO Policy On Cyber Defense”. This document marks the key elements in Nato’s approach to cyber defense: First, it affirms that cyber defense is part of Nato’s core task of collective defense. Secondly, it confirms that International Law, including International Humanitarian Law and the UN Charter, apply in cyber space. It makes clear that cyber space should be governed internationally by the rule of law. NATO’s mandate in the cyber domain is one of defense. It is about defense based on protection and resilience. It is not about the militarization of cyber space or about promoting cyber warfare. But Nato needs to adapt and respond to threats as they arose from the use of sophisticated cyber capabilities during the military operations in Georgia in 2008 and in the crisis in Ukraine in 2014. Also, the increasing use of cyber attack by terrorist groups like ISIL and the growing dimension of cyber threats in the context of Hybrid Warfare generate growing concern.
Cyber defense was first put on the Alliance’s political agenda at the Prague Summit in 2002. The first result of this effort was the establishment, in 2004, of the NATO Computer Incident Response Capability (NCIRC). This is the Alliance’s primary tool for the prevention, detection, and mitigation of cyber attacks on NATO networks.
After the cyber attacks in Estonia in 2007 and the use of cyber components in the short conventional war between Russia and Georgia in 2008, cyber security was included into the Strategic Concept of 2010, still valid today. Here, NATO defines a “New Security Environment”. Consequently, a new Cyber Defense Policy was developed in 2011, extending, among other things, the NCIRC by two small Rapid Reaction Teams which are ready to deploy rapidly to any NATO installation, where a cyber attack is serious enough to necessitate human involvement, where an intrusion cannot be repaired from a distance or by technical means only.
However, since 2011 other important steps have been taken as well. Beginning in 2013, Allies have begun including elements of cyber defense into their defense planning. As the new 4-year-planning cycle has just started, cyber defense has become an integral part of that planning process. Finally, cyber defense considerations are also being integrated into NATO operations and operational planning, including contingency planning. In this way, cyber defense has become an integral part of all military planning in the Alliance.
This includes, of course, all training and education activities, where NATO aims at supporting Allies in providing the right people for this important task. Cyber defense is as much about people and processes than it is about technology. And therefore, well trained and educated personnel also engages in regular exercises to make sure that they push the right buttons and call the right people in order to prevent serious attacks from happening and/or to provide the best possible resilience and repair damage as quickly as possible.
Finally, cyberdefense offers NATO a whole new focus on cooperation, not only among each other, but with all kinds of partners. Nato and its 28 member states are part of a network connecting 69 countries, linked to Nato in different formats of official partnerships. They all are interested in cooperating with Nato in one way or the other, as, regarding the challenges from cyber space, they all face the same problems. Equally, international organizations like the European Union (EU), the Organization for Security and Cooperation in Europe (OSCE), the Council of Europe, and the United Nations (UN) engage in constant dialogue with Nato on the issue of cyber security.
Most interesting, NATO also has made cooperation with industry a priority objective. After all, industry is a key player in cyber space. It owns the majority of the world’s information systems, develops and provides the technical solutions for cyber defense. Most of the technological innovation lies with industry. This makes for a whole new kind of cooperation, for which Nato has offered a “NATO-Industry Cyber Partnership” (NICP).
Cyber space once was identified as a “space of unimaginable complexity”. It proves also to be a very fast changing landscape, fuelled by positive input such as technological evolution and innovation, but also by tendencies aimed at exploiting it for negative, illegal or harmful purposes. Cyber defense will require constant adaptation and agility and a true spirit of cooperation and team work between all those stakeholders who are interested in the preservation of the cyber domain as a space of freedom, growth, and security.
Ambassador Sorin Ducaru is the Assistant Secretary General of NATO for Emerging Security Challenges.
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.
