A new Memorandum of Understanding (MOU) on cyber defence cooperation was signed on Monday (12 October 2015) between NATO, represented by Assistant Secretary General Ambassador Sorin Ducaru in his capacity as the Chairman of the Cyber Defence Management Board (CDMB), and the Czech Republic, represented by Engineer Dušan Navrátil, the Director of the Czech National Security Agency.
This represents a second generation of the MOU template, which was approved by Allies in line with the 2014 Enhanced NATO Policy on Cyber Defence.
The North Atlantic Treaty Organization (NATO), also called the North Atlantic Alliance, is an intergovernmental military alliance based on the North Atlantic Treaty which was signed on 4 April 1949. The organization constitutes a system of collective defence whereby its member states agree to mutual defense in response to an attack by any external party. NATO’s headquarters are located in Haren, Brussels. NATO has 28 member states across North America and Europe, the newest of which, Albania and Croatia, joined in April 2009.
The MOU aims to improve and enhance cyber defence cooperation and assistance between NATO and national cyber defence authorities.
The Czech Republic expressed their content and determination for further cooperation, stressing the “importance of their swift decision making, which is critical when it comes to cyber security crises”.
Director Navrátil highlighted the significance of cyber defence cooperation within the Alliance and also offered support to NATO from national specialists and experts on cyber defence. This was welcomed by the Chairman of the Cyber Defence Management Board, stressing that such support “is not only about information exchange but also training and exercises.”
As the Alliance looks to the future, cyber threats and attacks will continue to become more common, sophisticated, and potentially damaging. Responding to this challenge, an Enhanced NATO Policy on Cyber Defence and Cyber Defence Action Plan was endorsed at the 2014 NATO Summit in Wales.
The new MOU reflects the latest cyber defence developments contained within the Enhanced NATO Policy on Cyber Defence.
The Czech Republic is the first NATO member to have singed the memorandum.
The memorandum aims to improve and enhance cooperation between the Czech Republic and NATO in fighting against cyber threats and attacks that are increasingly common, sophisticated and harmful.
As computer attacks become a global problem, NATO has reacted at its 2014 summit in Wales with approving an action plan.
NATO’S CYBER DEFENSE POLICY AND ACTION PLAN
The 2010 NATO Strategic Concept highlighted the need to “develop further our ability to prevent, detect, defend against and recover from cyber-attacks”. Threats are rapidly evolving both in frequency and sophistication. Threats emanating from cyberspace – whether from states, hacktivists or criminal organisations, among many others – pose a considerable challenge to the Alliance and must be dealt with as a matter of urgency.
Against this background, at the 2010 Lisbon Summit, the Heads of State tasked the North Atlantic Council to develop a revised NATO cyber defence policy.
A NATO Concept on Cyber Defence was first drafted for Defence Ministers in March 2011, which formed the conceptual basis of the revised NATO Policy on Cyber Defence. The Policy itself was then developed and approved by the NATO Defence Ministers on 8 June.
The document is coupled with an implementation tool – an Action Plan, which represents a detailed document with specific tasks and activities for NATO’s own structures and Allies’ defence forces
What is NATO’s role in cyber defence?
The main focus of the NATO Policy on Cyber Defence is on the protection of NATO networks and on cyber defence requirements related to national networks that NATO relies upon to carry out its core tasks: collective defence and crisis management.
NATO’s Cyber Defense Policy and Action Plan reflects the steps the Alliance has taken to mature its cyber capabilities. These steps aim to enhance the political and operational mechanism of NATO’s response capability and expand training and assistance to improve defenses of Alliance national militaries.
The main elements of the new approach include:
1. Realization that cyber defense is required to perform NATO’s core tasks of collective defense and crisis management;
2. Prevention, resilience, and defense of cyber assets critical to NATO and its constituent Allies;
3. Implementation of robust cyber defense capabilities and centralized protection of NATO’s own networks;
4. Definition of minimum requirements for cyber defense of national networks critical to NATO’s core tasks;
5. Assistance to the Allies to achieve a minimum level of cyber defense to reduce vulnerabilities of national critical infrastructure; and
6. Engagement with partners, other international organizations, the private sector, and academia.
Read – China Opens Border with Nepal
Practical Steps
- NATO will develop minimum requirements for those national information systems that are critical for carrying out NATO’s core tasks.
- NATO assists Allies in achieving a minimum level of cyber defence in order to reduce vulnerabilities to national critical infrastructure.
- Allies can also offer their help to an Ally or to the Alliance in case of a cyber attack.
- Cyber defence will be fully integrated into the NATO Defence Panning Process. Relevant cyber defence requirements will be identified and prioritised through the NDPP.
- NATO Military Authorities will assess how cyber defence supports performing NATO’s core tasks, planning for military missions, and carrying out missions.
- Cyber defence requirements for non-NATO troop contributing nations will also be defined.
- Strong authentication requirements will be applied. The acquisition process and supply chain risk management requirements will be streamlined.
- NATO will enhance early warning, situational awareness, and analysis capabilities.
- NATO will develop awareness programs and further develop the cyber component in NATO exercises.
- NATO and Allies are encouraged to draw on expertise and support from the Cooperative Cyber Defence Centre of Excellence in Tallinn.