NATO Agrees Collaboration On Cyber Security

In cyber space everyone is interconnected and defences are only as strong as the weakest link, says Antonio Missiroli (pictured), assistant secretary general for emerging security challenges at Nato.  

“Nato also recognises the scale and severity of cyber threats, and at our most recent summit, allies stated that cyber threats to the security of the alliance are becoming more frequent, complex, destructive and coercive,” he told attendees of the CyberSec Brussels Leaders’ Foresight 2019 event.

Responding to a call for the development of common principles for a secure cyber space at the event, Missiroli said the concept of “one for all and all for one” as it relates to cyber space is a “fundamentally uncontroversial” idea at Nato.

The alliance, he said, is firmly committed to continuing to adapt to the cyber threat landscape and take actions to improve cyber defence capabilities, build trust and improve cooperation among allies, partners, industry and academia.

One of Nato’s key tools for enhancing cyber defence, said Missiroli is the pledge made by allies at the 2016 summit to strengthen and enhance the cyber defences of their national networks and infrastructures as a matter of priority.

“We are now in the midst of our third cycle of assessment and reporting, and overall, the pledge has been a good news story because since 2016, almost every ally has upgraded their cyber defences,” he said.

According to Missiroli, the political impact of the pledge is also apparent through the fact that cyber security has attracted high-level political attention in allied nations, which has helped to elevate cyber defence from a technical to a strategic issue.

“It has also been useful in bringing together a variety of domestic national stakeholders that were operating separately from one another previously, and it has served as an important platform for allies to share best practices,” he said.

Throughout Nato, Missiroli said allies are working together, pooling their knowledge and experience to help each other.

“This demonstrates the pledge’s ‘multiplier effect’ across the alliance, with the results being far greater than the sum of their parts.”

In 2018, senior officials and cyber defence experts from Nato members met in Paris for the first annual conference on the pledge to discuss key elements of the pledge, with the second annual conference scheduled to take place in the UK later this year.

“These events demonstrate the ongoing commitment to this important tool, which is supported at the highest levels of government,” he said.

More work to be done

However, Missiroli said there is still more work to be done because the threat continues to grow and evolve, adding that the pledge has been a useful mechanism to galvanise and catalyse improvement.

In addition to the work by allies, he said Nato has undertaken “significant” policy and organisational adaptation in response to the recognition of cyber space as a domain of operations at the 2016 summit.

“Milestones include the setting up of the cyber space operations centre in Mons, Belgium, which will provide situational awareness and coordination of Nato activity in cyber space; the approval of a military vision and strategy for the cyber space domain; and the agreement on how to integrate cyber effects, provided voluntarily by allies, into alliance operations and missions,” said Missiroli.

However, he noted that the recognition of cyber space as a domain of operations does not change Nato’s defensive mandate, adding that Nato has explicitly affirmed the applicability of international law to cyber space.

“We support work to maintain international peace and security in cyber space and to promote stability and reduce the risk of conflict. We recognise that we all stand to benefit from a norms-based, predictable and secure cyber space.

“Our goal in recognising cyber space as a domain of operations is simply to ensure that we can operate as effectively as we do on land, at sea and in the air. In short, our goal is to make cyber space a daily and normal part of our business.”

Cyber Defence a Team Sport

Although a cliché, Missiroli said it remains true that cyber defence is a team sport. “Nato cannot and should not go it alone. We are only made better by sharing more information and the more we can pool best practices and interoperate with partners,” he said, adding that Nato currently engages with more than 40 partner countries based on shared values and common approaches.

Nato also helps to foster dialogue and practical cooperation in partner countries through the Science for Peace and Security Programme, taking steps, for example, to intensify cooperation with the European Union, particularly in the areas of information exchange, training, research and exercises.

However, Missiroli said Nato must continue to look beyond Europe in light of the fact that partner nations such as Australia, New Zealand, Japan and South Korea have all invested heavily in cyber defence. “And it will serve us well to continue to build these relationships.”

Nato also recognises the importance of the private sector, he said. “It is the private sector, after all, that develops and operates the vast majority of networks worldwide and our continuous interactions with industry partners helps provide advance notice and rapid mitigation for many activities that have been detected against systems in allied nations and against Nato itself.

“Information sharing goes both ways. Industry shares with us and we also share with industry. In the WannaCry  and NotPetya attacks, for example, we quickly reached out to our industry partners and the information exchange was critical for getting the most up-to-date picture of a rapidly-evolving and complex situation.”

Nato needs to do More

Moving forward, Missiroli said that given the cutting-edge developments in the cyber domain, such as artificial intelligence, Nato will need to do more to capitalise on the power of industry and academia.

“I hope it is clear that Nato has made significant progress in the cyber space domain as individual allies, as Nato and as partners,” he said.

“While affirming Nato’s defensive mandate, we have expressed our determination to employ the full range of capabilities, including cyber, to deter, to defend against and counter the full spectrum of cyber threats, including those conducted as part of a hybrid campaign.

“The threats of cyber space are real, and they are certainly not going away any time soon, so Nato will continue to adapt and evolve to meet these threats, and we do so not alone, but with all our partners,” concluded Missiroli.

Computer Weekly:

You Might Also Read:

NATO Defense Spending Should Privilege Cyber:

 

« China Gives Police New Powers To Spy On Foreign Firms
National Security & Surveillance In The Age Of AI »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

Boldend

Boldend

Boldend offers leading-edge offensive and defensive cybersecurity solutions that empower government and commercial organizations to stay resilient in an evolving threat landscape.