Tallin Paper NATO on Its Way Towards a Comfort
Zone in Cyber Defence
Hannes
Kraus
Executive Summary
If NATO truly wants to pursue a
collective effort within the cyber realm, which could be anticipated as being
its natural comfort zone in cyber defence, its new policy will first have to
consider the lessons learnt following the adoption and implementation of the
present guidance. The steps it will introduce will have to be gradual and
realistic, while still increasing NATO’s collective efforts in cyber defence.
Archievments
since 2011
The new NATO policy will not only enable NATO to defend its own networks
more quickly and effectively but also provide much more assistance to Allies
and Partners in all the three crucial areas of cyber security: prevention,
coping with cyber attacks and limiting their impact, and helping countries
which are attacked to recover and restore their vital information
systems rapidly.
Cyber and Collective
Defense
A relatively easy and very NATO-like
solution would be to create a commonly funded capability that all Allies could
rely on to a certain degree. In fact, in 2011 NATO commenced work on a Rapid
Reaction Team concept in which cyber defence
experts would be deployed to assist a member state in the event that a cyber
attack of national significance had taken place.6 However,
either the Rapid Reaction Team concept has not received unanimous support
within the Alliance, or progress has stalled for some other reason. It may well
be that the uniqueness of cyberspace significantly hampers this solution’s
practicability when compared to a traditional military context in which NATO is
comfortable operating. For example, the Rapid Reaction Team would first need
time to acquaint itself with the targeted information systems, but in the face
of an on-going cyber attack action must be taken as quickly as possible.
Therefore, alternative and more flexible solutions for cooperative or
collective cyber defence should perhaps be considered.
Using NATO`s Defence Planning
The precondition for an
effective use of the defence planning process in cyber defence is not only
information about existing capabilities, but also differing national policy,
legislative and doctrinal approaches. While today it is natural to imagine NATO
asking its members to invest in armoured capabilities or transport planes, it
is not so easy with respect to cyber capabilities. For the latter to
materialise there is clearly a need for more openness on cyber matters,
particularly on national capabilities.
Cyber Defence Exercises
In this context, the Estonian
offer to NATO to use its national cyber range as the Alliance’s cyber defence
training field, including its use in exercises, should not be overlooked.
While focussed on the practical
cyber defence challenges and ways to address them, NATO should not
underestimate the political ramifications of advancing its cyber defence
exercise programme. Obviously, participants will acquire a better understanding
of each other’s capabilities and skill-sets through regular exercises, as is the case with all collective exercises. In cyber
defence, such exercises would also result in closer personal relationships,
thereby facilitating information sharing at the working level. These, in the
long run, build trust-based solid institutional relationships, which are a
precondition for any collective approach to cyber defence.
Keine Kommentare:
Kommentar veröffentlichen