THREAT ANALYSIS AND OPERATIONS
LISBON: The NAC is tasked with developing an in-depth cyber defence policy and action plan
2009
2010
2011
CHICAGO: NATO agrees to bring all communications networks under centralised protection
2012
JUNE: NATO Defence Ministers approve the second cyber defence policy
2013
WALES: An enhanced cyber policy and action plan is endorsed
2014
MAY: NATO Computer Incident Response Capability (NCIRC) achieves full operational capability
FEB: NATO and the EU conclude a Technical Arrangement on cyber defence
JUNE: Defence Ministers endorse a new Cyber Defence Policy SEPT: NATO launches the NATO Industry Cyber Partnership (NICP)
Moreover, NATO was willing to point the finger of suspicion, noting that “Foreign militaries and intelligence services, organised criminals, terrorist and/or extremist groups can each be the source of such attacks”. The result was that NATO’s principal political decision-making body, the North Atlantic Council (NAC), was tasked with developing an in-depth cyber defence policy and action plan. This second cyber defence policy was approved a year later in 2011. The next step was to integrate cyber defence into NATO’s Defence Planning Process. This was done in April 2012, a month before the Chicago Summit. When that ended, the official declaration stated: “Building on NATO’s existing capabilities, the critical elements of the NATO Computer Incident Response Capability (NCIRC) Full Operational Capability (FOC), including protection of most sites and users, will be in place by the end of 2012.” It then went on to confirm that “We have committed to provide the resources and complete the necessary reforms to bring all NATO bodies under
US Deputy of Defense reveals 24,000 DoD files were stolen from a defence contractor’s system Canadian agencies are attacked, forcing the Finance Ministry to disconnect from internet Russian cybersecurity firm Kaspersky discovers Red October global cyber attack
2011
2012
MARCH: The NCIA signs partnership deals with Cisco and Fortinet
SEPT: NATO includes cyber defence as a core part of collective defence
centralised cyber protection, to ensure that enhanced cyber defence capabilities protect our collective investment in NATO”. Moving two years forward to the 2014 Wales Summit, NATO endorsed an Enhanced Cyber Defence Policy and raised the stakes in the face of the relentless rise in the number of cyber attacks around the world. “The policy reaffirms the principles of the indivisibility of allied security and of prevention, detection, resilience, recovery and defence.” This effectively meant that a cyber attack on a nation could trigger Article 5 of NATO’s founding treaty, which states that an attack on one NATO member is an attack on them all.
ENHANCING CYBER DEFENCE According to Ian West, NATO’s Chief of Cyber Security within the NATO Communications and Information Agency (NCIA), “the NCIRC is responsible for the cyber defence of all NATO sites, whether they are those of static HQs or HQs deployed for operations or exercises”. The problem with cyber defence,
The US Postal Service admits loss of data on 2.9 million customers
Australia’s Prime Minister reveals a cyber attack on Bureau of Meteorology
South Korean financial institutions and YTN broadcaster are infected
2013
2016
APRIL: The Alliance hosts the first NATO Cyber Defence Smart Defence Projects Conference
APRIL: The Defence Policy and Planning Committee (Cyber Defence) is renamed the Cyber Defence Committee
APRIL: Cyber defence is integrated into the NATO Defence Planning Process
2015
The US Office of Personnel Management confirms theft of data on 4 million government employees
2014
2015
2016 Source: NATO Review Magazine, ABC, BBC, CNN
STRENGTHENING PEACE AND SECURIT Y
3.6 Cybersecurity-v2.indd 95
NATO SUMMIT 2016
95 24/06/2016 16:40