Cyber attacks continue to pose a real threat to NATO and cyber defence will continue to be a core capability of the Alliance.
NATO’s Strategic Concept and the 2010 Lisbon Summit Declaration recognise that the growing sophistication of cyber attacks makes the protection of the Alliance’s information and communications systems an urgent task for NATO, and one on which its security now depends.
On 8 June 2011, NATO Defence Ministers approved a revised NATO Policy on Cyber Defence, a policy that sets out a clear vision for efforts in cyber defence throughout the Alliance, and an associated Action Plan for its implementation. In October 2011, Ministers agreed on details of the Action Plan.
In February 2012, a 58 million Euro contract was awarded to establish a NATO Cyber Incident Response Capability (NCIRC), to be fully operational by the end of 2012. A Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness.
The revised policy will offer a coordinated approach to cyber defence across the Alliance with a focus on preventing cyber attacks and building resilience. All NATO structures will be brought under centralised protection, and new cyber defence requirements will be applied.
The policy clarifies political and operational mechanisms of NATO’s response to cyber attacks, and integrates cyber defence into NATO’s Defence Planning Process.
It also sets out the framework for how NATO will assist Allies, upon request, in their own cyber defence efforts, with the aim to optimise information sharing and situational awareness, collaboration and secure interoperability based on NATO agreed standards.
Finally, the policy sets the principles on NATO’s cyber defence cooperation with partner countries, international organisations, the private sector and academia.