Resources

Organisations

North Atlantic Treaty Organisation

The North Atlantic Treaty Organization (NATO) is a regional organisation of 28 countries in the area of the North Atlantic, which was established in 1949 by the North Atlantic Treaty.1 It is a military and political alliance, constituting a system of collective defence and crisis management for its members.2

Cyber defence became part of NATO’s political agenda at the Prague Summit in 2002, and has been reiterated ever since. The cyber attacks against Estonia in 2007 may be seen as initiating the gradual shift in the attention the Alliance has paid to cyber defence since then. NATO’s first cyber defence policy was prepared in 2008. At the Lisbon Summit in 2010, cyber defence was included in NATO’s Strategic Concept, and the summit declaration precipitated the update of the Cyber Defence Policy in 2011 and the creation of an accompanying Action Plan in 2012. On 5 September 2014, a new enhanced Cyber Defence Policy was approved at the Wales Summit.3 The Policy ‘clarifies that a major digital attack on a member state could be covered by Article 5 [of the North Atlantic Treaty].’4 The Policy further improves information-sharing and mutual assistance between Allies, enhances training and exercises and furthers cooperation with the industry. At the Warsaw Summit in 2016, NATO recognised cyberspace as a domain of operations, and pledged to further develop NATO-EU cyber defence cooperation, and to commit more resources to cyber defence capabilities.

Cyber defence is dealt with by multiple NATO bodies. First and foremost, any collective defence response by NATO to a cyber attack would be subject to a decision by the North Atlantic Council (NAC), which is NATO’s supreme body, consisting of the representatives of all Member States and chaired by the Secretary General. The NAC decides by consensus.

The Cyber Defence Committee (CDC), prior to April 2014 known as the Defence Policy and Planning Committee (Cyber Defence), is a senior advisory body to the NAC in matters of cyber defence, while also providing consultation to the Allies and exercising overall governance of NATO’s internal cyber defence.

The Cyber Defence Management Board (CDMB) operates under the auspices of the Emerging Security Challenges Division of NATO HQ. It consists of representatives of all major stakeholders in cyber security within NATO, such as Allied Command Operations (ACO), Allied Command Transformation (ACT) and the NATO agencies. CDMB does the strategic planning and executive direction regarding NATO networks. It also signs Memoranda of Understanding with Member States to facilitate information exchange and coordinate assistance.

The NATO Communications and Information Agency (NCIA) was created on 1 July 2012, pursuant to the aim in the Lisbon Summit Declaration, by merging 7 NATO agencies dealing with CIS and cyber activities. NCIA is the primary CIS provider for NATO.5 The NATO Computer Incident Response Capability (NCIRC) is incorporated in the NCIA and it is the body responsible for the centralised technical protection of NATO cyber assets. The NCIRC reached full operational capability in May 2014.6

The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) is a ‘NATO-accredited research and training facility dealing with education, consultation, lessons learned, research and development in the field of cyber security.’7 Currently it has 16 Sponsoring Nations (NATO Member States) and 2 Contributing Participants (Austria and Finland). NATO CCD COE is funded, directed and tasked by the Sponsoring Nations, but services are also requested by NATO via the ACT, even though it is not included in the NATO organisational structure.

By using the INCYDER website you accept the terms and conditions. Read the INCYDER disclaimer. All suggestions and comments regarding the INCYDER website and database are welcome at incyder-at-ccdcoe.org
Date Document name Organisation Tags More info
%date% %name% %organisation% %tags% %more%