With millions of suspicious cyber events a day, NATO has to defend its networks on a constant basis. Simon Michell reviews the capabilities in pace to achieve this

Cybersecurity is not a theoretical challenge for NATO. It is a daily game of cat and mouse, played out between its computer network experts and a host of malevolent hackers from around the world. The scale is immense, as Ian West, NATO’s chief of cyber security, explains: “Every single day our sensors detect around 240 million suspicious events.” Fortunately, most of these are dealt with automatically, enabling NATO analysts to focus in on what West terms the “needle in the haystack. The ones that we really need to do something about”. This reduces that 240 million daily incidents down to a more manageable 4,000 a year. It was as recent as 2014 that NATO’s own websites came under a distributed denial of service attack (DDoS), blocking access to users.

As a part of a long-standing process to combat this growing threat, NATO announced a Cyber Defence Pledge during the 2016 Warsaw Summit. “In recognition of the new realities of security threats to NATO, we, the Allied Heads of State and Government, pledge to ensure the Alliance keeps pace with the fast-evolving cyber threat landscape and that our nations will be capable of defending themselves in cyberspace as in the air, on land and at sea.” The top priority is the protection of the communications systems owned and operated by the Alliance. Consequently, NATO now has four operational domains – land, sea, air and cyber.

This new operational domain is guided by the NATO Cyber Defence Committee (NCDC), the NATO Cyber Defence Management Board (NCDMB) and the Consultation, Control and Command Board (C3B). They have at their disposal a raft of capabilities and capacities to address the cyber challenge. A key part of this capability, the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn, Estonia, is relatively new, having been created in 2008. The Cyber Test Range is even newer, having been originally created by the Estonians in 2011. It received a welcome boost in July 2014, when NATO decided to establish the Alliance’s cyber range using this existing Estonian one in Tartu. In June 2016, NATO’s governing body, the North Atlantic Council, agreed a further capability enhancement to the range, enabling the expansion of the annual cyber defence exercises, Cyber Coalition and Locked Shields. It will also bring about more advanced testing of complex IT systems.


NATO is clear in its understanding that it must be able to protect its own networks and, to do this, it has established the Belgium-based NATO Computer Incident Response Capability (NCIRC). This is responsible for the cyber defence of all NATO sites – static, mobile, and those deployed on operations. The NCIRC Technical Centre in Mons is, according to NATO, “the nerve centre for the Alliance’s fight against cybercrime”. Its main protagonists are the Cyber Threat Assessment Cell and the Cyber Rapid Reaction Teams. Together, they not only keep an eye on the Alliance networks, they also send out emergency assistance to those within the Alliance who have suffered an attack. This can be a very complicated and exhaustive activity, which NATO likens to defending a skyscraper where the defenders must close each door and every window, but the hackers only have to find one that has been left slightly ajar to sneak in unobserved.

With education being an enabler for cyber defence, NATO is fortunate in being able to lean on a network of institutions to build the necessary skills and deliver relevant training. For example, the NATO Communications and Information Systems School (NCISS), which will be moving its headquarters to Portugal from its current home in Latina, Italy, delivers a range of courses to train staff in the dark arts of cybersecurity. The NATO School in Oberammergau, Germany, complements this capability with its own syllabus of cyber education and training. And, at a somewhat loftier level, the NATO Defence College in Rome has gained an enviable reputation for its strategic thinking on matters concerning both the political and military arenas, of which cyber issues is increasingly prominent.

Just like all things related to information technology, the pace of change is rapid, and standing still is a recipe for disaster. Realising this, NATO agreed an updated Cyber Defence Plan in February 2017 to increase the Allies’ ability to work together, develop capabilities and share information. One adaptation that the Alliance is making to its response to complex cyber challenges is increased and fairer burden-sharing, which will ultimately give better protection to all member states.

Projecting Stability | ATA special publication for the Brussels Summit 2017

For the occasion of the NATO Special Meeting in May 2017, ATA has published a dedicated monograph where high level policy makers and experts tackle the strategic issues of the summit. This publication was distributed to all the delegations and representatives that were taking part to closed-doors discussions and parallel meetings that took place before and during the Summit.

The publication is available in its entirety here:  Projecting Stability | ATA special publication for the Brussels Summit 2017