Cyber defence

Cyber defence is part of NATO's collective defence. Given the growing dependence of human society on technology and the internet, NATO members are developing their security systems on a daily basis to counter large-scale cyber threats targeting NATO networks. The growing sophistication and threat of cyberattacks makes the protection of THE communications and information systems (CIS) of the Allies a key mission.

Cyber defence is part of NATO's main function – collective defence.
NATO has emphasised that international law applies in the cyberspace.
NATO’s main focus in cyber defence is on protecting its networks (including operations and missions) and building the resistance of the Alliance as a whole.
In July 2016 the Allies reaffirmed NATO’s defence mandate and recognised cyberspace as a domain of operations in which NATO must defend itself as effectively as in air, on land and at sea.
The Allies also made the Cyber Defence Pledge in July 2016 to enhance their cyber defence capabilities as a priority. Since then, all NATO Allies have improved their cyber defence.
NATO is strengthening its capability in cyber education, training and exercises.
The Allies are committed to exchanging information and enhancing mutual assistance to prevent, mitigate and recover from cyberattacks.
NATO Cyber Rapid Reaction teams are on standby 24 hours a day to assist the Allies if requested and approved.
At the Brussels Summit in 2018, the Allies agreed to establish a new Cyberspace Operations Centre as part of a strengthened NATO command structure. It was also agreed that NATO can use the national cyber capabilities of the Allies for its missions and operations.
In February 2019 the Allies endorsed a NATO roadmap that includes a number of tools to further strengthen NATO’s ability to respond to significant malicious cyber activities.
NATO and the European Union cooperate through the Technical Arrangement on Cyber Defence signed in February 2016. In the light of common challenges, NATO and the EU will strengthen cooperation on cyber defence, in particular in the areas of information exchange, training, research and exercises.
NATO is stepping up cooperation with industry through the NATO Industry Cyber Partnership.
NATO recognises that the Allies benefit from a norm-based, predictable and secure cyberspace.
At the Brussels Summit of 2021, the Allies endorsed a new comprehensive Cyber Defence Policy that supports NATO’s core tasks and its overall deterrence and defence posture to further enhance the Alliance’s resilience.
NATO’s deterrence and defence posture, the situation in Afghanistan, NATO’s nuclear deterrence and NATO-EU cooperation were discussed at the meeting of NATO Ministers of Defence in October 2021. A new defence plan was approved, cyber defence and space policy were discussed, as well as NATO’s response to the missile threat from Russia. Conclusions are still being drawn from 20 years of engagement in Afghanistan, but it was acknowledged that it had strengthened NATO’s interoperability. The Memorandum of Understanding of the NATO Innovation Fund for the establishment the Defence Innovation Accelerator for the North Atlantic (DIANA) was signed, which will create a network of technology test centres and accelerators to better harness civil innovation for guaranteeing the security of NATO. The fund is expected to invest a billion euros in innovators across the Alliance working on new and breakthrough technologies. The research and development centres of the NATO member countries will be connected with DIANA to offer better support for the technological development of NATO. It is important to Estonia that through this, we can channel innovation to address defence issues that are important to Estonia. Estonia is holding negotiations to have a part of the development centres brought to Estonia. NATO Ministers of Defence also agreed on the Alliance’s first Artificial Intelligence Strategy, which establishes standards for responsible use of AI in accordance with international law. The Ministers also met with NATO’s close partners Finland, Sweden and the European Union to discuss global challenges and how to further strengthen cooperation.
Overview of the press conference of NATO Secretary General Jens Stoltenberg here.

Although NATO has always protected its communications and information systems, the 2002 Prague Summit put cyber defence on the Alliance’s political agenda.
At the Riga Summit of 2006, the leaders of the Allies reiterated the need for additional protection for information systems.
Following the large-scale cyberattacks against Estonian public and private institutions in 2007, NATO Ministers of Defence agreed that urgent action was needed. As a result, NATO approved its first Policy on Cyber Defence in January 2008.
The conflict between Russia and Georgia in 2008 showed how cyberattacks have the potential to become a key component of conventional warfare.
NATO adopted a new strategic concept at the Lisbon Summit in 2010, which tasked the North Atlantic Council (NAC) with developing a comprehensive NATO cyber defence policy and an action plan for its implementation.
In June 2011, NATO Ministers of Defence approved the second NATO Policy on Cyber Defence, which set out a vision for the entire Alliance’s coordinated effort on cyber defence in the context of a rapidly evolving threat and technology environment. An action plan for implementing the policy was also presented.
Cyber defence was included in NATO’s defence planning process in April 2012. The appropriate cyber security requirements will be identified and prioritised through the defence planning process.
At the Chicago Summit held in May 2012, the Heads of State and Government of the Allies reaffirmed their commitment to strengthening the Alliance’s cyber defence, bringing all NATO networks under centralised protection and introducing a number of upgrades to the NCIRC – NATO cyber defence capability.
The NATO Communications and Information Agency (NCIA) was established in July 2012 as part of the reform of NATO agencies.
In February 2014, the Ministers of Defence of the Allies tasked NATO to develop a new enhanced cyber defence policy covering collective defence, assisting the Allies, streamlined command and control, legal aspects and relations with industry.
In April 2014, the NAC renamed the Defence Policy and Planning/Cyber Defence Committee as the Cyber Defence Committee.
At the Wales summit in September 2014, the Allies endorsed a new cyber defence policy and action plan, which will contribute to the Alliance’s core tasks with the policy. Cybersecurity was recognised as part of NATO’s core mission of collective defence, and the Allies agreed that international law applies in cyberspace.
On 17 September 2014, NATO launched an initiative to enhance cooperation with the private sector on cyber threats and challenges. The NATO Industrial Cyber Partnership (NICP) was presented by Allied leaders at the Wales summit during a two-day cyber conference held in Mons, Belgium, where 1,500 industry leaders and policymakers gathered to discuss cyber cooperation. The NICP recognises the importance of working with industry partners to enable the Alliance to achieve its cyber policy objectives.
On 10 February 2016, NATO and the EU signed the Technical Arrangement on Cyber Defence to help both organisations better prevent and respond to cyber attacks. This technical arrangement between the NCIRC and the EU Computer Emergency Response Team (CERT-EU) provides the framework for exchanging information and sharing best practices between emergency response teams.
On 14 June 2016, the Ministers of Defence of the Allies agreed to recognise cyberspace as a domain at the Warsaw summit in July. This does not change NATO’s mission or mandate, which is defence. As in all areas of action, NATO exercises restraint and acts in accordance with international law. The Alliance also welcomed the efforts made in other international forums to develop national codes of responsible conduct and confidence-building measures to promote a more transparent and stable cyberspace.
At the Warsaw summit held in July 2016, the NATO Heads of State and Government reaffirmed NATO’s defence mandate and recognised cyberspace as an operational domain where NATO must defend itself as effectively as it does in air, on land and at sea. This improved NATO’s ability to defend and conduct its missions and operations.
The Allies also committed, through the Cyber Defence Pledge, to enhance the cyber protection of their national networks and infrastructures as a priority. Each Ally is fulfilling its responsibility to improve its resilience and its ability to respond quickly and effectively to cyberattacks, including attacks in hybrid campaigns.
On 6 December 2016, NATO and the EU agreed on more than 40 actions to boost cooperation between the two organisations – including on countering hybrid threats, cyber defence and making our common neighbourhood more stable and secure. In the area of cyber defence, NATO and the EU will reinforce mutual participation in exercises and promote research, training and information exchange.
On 16 February 2017, the Allied Ministers of Defence endorsed the updated Cyber Defence Action Plan, as well as the roadmap to implement cyberspace as a domain of operations. This increased the ability of the Allies to cooperate, develop capabilities and share information.
On 16 February 2017, NATO and Finland also strengthened their ties by signing a Political Framework Arrangement (PFA) on cyber defence cooperation. The agreement will allow NATO and Finland to better protect and improve the resilience of their networks.

On 8 November 2017, NATO Ministers of Defence expressed their agreement in principle to the creation of a new Cyberspace Operations Centre as part of a revised NATO Command Structure Master Plan. The aim is to strengthen NATO’s cyber defence and help integrate the cyber sphere into NATO planning and operations at all levels. The ministers also agreed to integrate the national cyber contribution of the Allies into the Alliance’s operations and missions. The Allies retain full ownership of their contributions, just as they retain ownership of the tanks, ships and aircraft of NATO missions.
On 5 December 2017, NATO and EU ministers agreed to strengthen cooperation between the two organisations in a number of areas, including cyber security and defence. Cyber threat analysis and cooperation between incident response teams is an area for further cooperation; another is the exchange of best practices on cyber aspects and consequences of crisis management.
At the Brussels Summit in 2018, the Heads of State and Government of the Allies agreed to establish a new Cyberspace Operations Centre as part of a strengthened NATO command structure. The Centre provides situational awareness and coordinates NATO operational activities in and through cyberspace. The Allies also agreed that NATO would be able to use national cyber capabilities for its missions and operations. The Allies also reviewed their progress in building national resilience through the Cyber Defence Pledge.
In February 2019, NATO Ministers of Defence endorsed a NATO roadmap that includes a number of tools to further strengthen NATO’s ability to respond to significant malicious cyber activities. NATO must use all the tools at its disposal, including political, diplomatic and military ones, to tackle the cyber threats it faces. The response options set out in the NATO Guidelines help NATO and its Allies raise their situational awareness of what is going on in cyberspace, increase their resilience and cooperate with partners in order to combat all cyber threats by using deterrence and protecting themselves.
On 3 June 2020, the North Atlantic Council issued a statement condemning the destabilising and malicious cyber activities taking place in the context of the coronavirus pandemic. The statement expressed the solidarity and mutual support of the Allies to those dealing with the consequences of these malicious cyber activities, including health service providers, hospitals and research institutes. The statement also called for respect for international law and national standards of responsible behaviour in cyberspace.
At the Brussels summit in June 2021, the Allies acknowledged the changing threat landscape, recognising that cyberspace is constantly being challenged. The Allies endorsed a new Comprehensive Cyber Defence Policy to support NATO’s three core missions of collective defence, crisis management and security cooperation, as well as NATO’s common deterrence and defence posture. NATO must actively deter, protect and counter the full spectrum of cyber threats at all times – peacetime, crisis and conflict – at political, military and technical levels.
NATO Cyber Defence Centre
The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) is located in Tallinn, Estonia. Its task is to develop the NATO cyber defence standards and capabilities, and to provide cyber defence expertise. The goal of the Centre of Excellence is to develop new cyber defence methods, concepts and technical solutions. Other functions of the NATO Centre of Excellence are to prepare cyber defence analyses, produce educational and information materials and organise training.
The establishment of the NATO Cooperative Cyber Defence Centre of Excellence was proposed by Estonia already in 2004 and it was primarily related to Estonia’s achievements in the development of IT and the information society. The launch of the NATO Centre of Excellence will allow Estonia to involve its experience and experts in NATO projects and activities. In addition to projects directly addressing NATO’s needs, the Centre of Excellence is also able to take into account the interests and needs of its different member countries.
Cyber threats to the security of the Alliance are complex, devastating and aggressive, and are becoming increasingly more frequent. NATO is constantly adapting to the evolving cyber threat landscape. NATO and its Allies rely on strong and resilient cyber defence to deliver on the Alliance’s core missions of collective defence, crisis management and common security. The Alliance must be ready to protect its networks and operations from the increasingly sophisticated cyber threats and attacks.