NATO's Answer to Cyber Warfare
NATO’s longtime motto says that an attack on one NATO member is considered an attack on all the alliance. Today, this creed also applies to cyberspace, alliance leaders indicate. NATO’s new Cyberspace Operations Center, formed in August 2018, takes up the mantle of defending the alliance in the digital realm.
Given rising adversarial threats, NATO has taken action to reform and strengthen its command structure, including steps toward an improved cyber posture. Two years after NATO leaders elected to add cyber as one of the military domains—in addition to sea, land, and air—leaders from the 29-member military and political alliance agreed in Brussels in July 2018 to set up NATO’s Cyberspace Operations Center (CyOC) to act as its key strategic and operational cyber nexus.
The NATO leaders’ decision at the Brussels summit in 2018 also included a push to increase the organization’s cyber training, exercises and education. The alliance is looking to deepen its collaboration with the industry through the so-called NATO Industry Cyber Partnership, leaders say.
“NATO recognized that around the world, every military engagement contains a cyber-facing aspect,” says Maj. Gen. Wolfgang Renner, GEAF, commander, NATO Communications and Information Systems (CIS) Group and deputy chief of staff cyberspace at Supreme Headquarters, Allied Powers Europe (SHAPE). “But NATO is a relative newcomer in cyberspace. I would say that we are in the crawl phase. Despite that, we take our responsibility very seriously.”
In developing the CyOC, which NATO stood up at the end of August 2018, the alliance’s leaders decided against making it a full cyber command, explains Gen. Renner. The leaders reasoned that starting with a smaller, more nimble organization made more sense. “We are flying the plane while we are building it,” Gen. Renner says.
The CyOC is focusing on cyber defense, the general explains. “We have a defensive option, based on NATO’s charter,” Gen. Renner confirms. “However if a nation would be ready on a voluntary basis to field a cyber effect, that could be an option as well.”
Col. Donald Lewis, USAF, deputy director, NATO CyOC, adds, “NATO doesn’t do offensive cyber, but it will integrate actions from sovereign nations who are capable and willing to provide them, but under their national responsibility.”
The leaders presented information about their CyOC efforts at the CyCon U.S. conference in November in Washington, D.C., a joint event of the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, and spoke to SIGNAL Magazine.
The two leaders clarify that a cyber event or attack against a NATO country does not necessarily constitute a cyber response. NATO could take political steps as well, such as sanctions. The spectrum of choices is broad as to what NATO can do in response to an adversarial event, the leaders say. “Our role is to integrate those effects into the operations along with everything else,” Col. Lewis states.
Both officers are stationed at the CyOC, which is located at NATO’s Supreme Headquarters Allied Powers Europe, in Mons, Belgium. Col. Lewis is in charge of presenting the cyberspace situational awareness picture to the NATO Supreme Allied Commander of Europe (SACEUR). He leads a multinational team that tracks the cyberspace environment and develops warnings on how cyber activity may affect NATO allied operations and missions.
In addition to the actions in cyberspace—the defensive operations—the activities of the CyOC include the composition of the cyberspace network, the leaders say.
The CyOC participated in its first NATO exercise in November, Trident Juncture, with an initial staff, and aims to be fully operational by 2023 with a 70-person team. “It’s a very aggressive schedule,” Gen. Renner says.