Integration of Allies’ National Cyber Effects into NATO Operations and Missions

Introduction

Cyberspace is NATO’s fourth domain of operations along with air, sea and land. The Alliance’s cyber defence is part of NATO’s core task of collective defence which means that a cyberattack on any one Ally will be treated as an attack against all. NATO has been steadily protecting its own networks, as well as enhancing resilience across the Alliance by encouraging member states to make voluntary contributions of their national cyber capabilities, defensive and offensive, in the framework of strong political oversight. However, it is not yet clear how the sovereign cyber effects will contribute to the resilience and operational capacity of NATO.

Cyber Policy and Strategy Evolution

In January 2008, NATO adopted its first Policy on Cyber Defence. The Alliances’ urgent decision was prompted by the cyberattacks against Estonian critical infrastructure and it was subsequent to the lasting political efforts of the Allied leaders. The 2010 NATO Strategic Concept, adopted at the Lisbon Summit, called for the North Atlantic Council (NAC) to develop a new cyber defence policy to coordinate the national efforts aimed at enhancing network protection. Consequently, the second Policy on Cyber Defence and the corresponding implementation plan were approved by NATO Ministers of Defence and were further introduced into the Defence Planning Process.

Acknowledging the importance of member states’ coordinated efforts to strengthen resilience across the Alliance, the Allied leaders agreed at the 2012 Chicago summit to upgrade their defences by bringing all of NATO’s networks under centralised protection. They also set in motion the establishment of NATO Communications and Information Agency which became fully operational in 2014. [1]

Read also: NATO Space policy: Integrated response to incoming threats

However, key decision providing for the integration of the Allies’ offensive cyber capabilities into Alliance operations and missions was announced only at the 2016 Warsaw Summit with Allied Heads of State and Government reiterating the inherently defensive mandate of NATO. The decision was shortly supported by the defense ministers who also expressed their confidence that Allies would maintain full ownership of their contributions, just like they own conventional arms deployed in NATO missions[2].

A clear visionary on how to integrate sovereign cyber effects into the Alliance operations and missions “in order to deter, defend against, and to counter the full spectrum of cyber threats, including those conducted within hybrid warfare” was contoured at the 2018 Summit in Brussels.[3] The Summit declaration provides that as in the case of conventional arms deployment, Allies may voluntarily contribute their offensive cyber weapons to joint exercises, as well as to real-time military operations and missions. Furthermore, member states may attribute malicious cyber activity and respond in a coordinated manner to the emerging cyber threats, though an appropriate decision remains a national government’s prerogative.

Cyber Defence Pledge

The Alliance is only as strong as its weakest link. Thus, for the purpose of  strengthening and enhancing their national networks and infrastructure, member states made Cyber Defence Pledge. The Pledge shortly followed the 2016 Warsaw Summit decision acknowledging cyberspace as an operations domain and was taken in the context of Article 3 of the Founding Treaty, which states that “Allies will maintain and develop their individual and collective capacity to resist armed attack”. The Cyber Defence Pledge encourages Allies to take a whole-of-government adaptation approach by addressing cyber defence at the highest strategic level, integrating it into the national operations and extending coverage to deployable networks. Besides, member states must allocate resources to enhance training, information-sharing, and trust-building in cyber both between key stakeholders at home and across the Alliance. [4]

Learn more: Implications of Russia`s A2/AD capabilities in Kaliningrad for NATO security

Progress made on the Cyber Defence Pledge was duly appreciated by Secretary General Stoltenberg in his remarks at the 2nd NATO Cyber Defence Conference. In particular, Mr. Stoltenberg noted that the Allies “strengthened their cyber capabilities, … improved their legal and institutional frameworks, and … increased the resources - people and money - devoted to confronting cyber threats.'' In Luxembourg, for example, a Tech Academy was established while in the United Kingdom the “CyberFirst” school was founded by the National Cyber Security Centre. All of this increased NATO cyber defences in such a way as to have made its networks fully resilient to all the incidents that have occurred since the Pledge.[5]

Also, as part of its cyber defence policy, NATO is establishing a new Cyber Operations Centre (CyOC) in Belgium that will be fully operational in 2023. As of 2018 CyOC was in its trial structure, serving as a focal point of operations coordination in cyberspace. In particular, it provides cyberspace situational awareness, centralised planning and coordination of other operational concerns for the cyberspace aspects of operations and missions. [6]

Cyberspace Exercises

Along with the organizational adaptation, NATO member states integrate cyber component into regular joint exercises, as well as render the cyber-specific ones. For instance, in 2018 the Allies and partners arranged Cyber Coalition - NATO’s flagship cyber defence exercise with over 700 participants - during which for the first time the integration of sovereign cyber effects voluntarily provided by the Allies was successfully exercised.[7]

In the same year NATO organized its largest exercise in decades called Trident Juncture, where Allies and partner countries (overall 50,000 participants) tested their ability to defend, deter and operate together in the air, on land, at sea and in cyberspace. No less robust cyber scenario was included into the Crisis Management Exercise, arranged for the purpose of enhancing the Headquarters abilities in cyber defence.

Way Forward

The use of collective countermeasures to cyberattacks in NATO is subject to each Ally’s voluntary decision allowing to draw on its sovereign cyber effects. However, as cyberspace is becoming an integral component of the Alliance’s operations and missions through increased joint exercises and coordination, the integration of national cyber effects is enhancing NATO resilience and operational capacity in cyberspace.

­­References:

[2] https://www.nato.int/cps/en/natohq/opinions_148359.htm?selectedLocale=en

[3] https://www.nato.int/cps/en/natohq/official_texts_156624.htm

[4] https://www.nato.int/cps/en/natohq/official_texts_133177.htm

[5] https://www.nato.int/cps/en/natohq/opinions_166039.htm?selectedLocale=en

[6] https://www.nato.int/docu/review/2019/Also-in-2019/natos-role-in-cyberspace-alliance-defence/EN/index.htm

[7] https://shape.nato.int/news-archive/2018/final-planning-conference-held-for-nato-cyber-coalition-2018