Rome '08 Workshop

NATO and Cyber-Defense 

Lieutenant General Ulrich Wolf

NATO CIS Service Agency Director 

Lieutenant General Ulrich Wolf


At the last International Workshop in Paris, I recommended an open, politically driven discussion and an in-depth threat assessment to support a common, realistic understanding of the cyber-defense situation. The aim was the development of a comprehensive strategy. We needed an effective multiorganizational and multinational defense capability. Since that time, NATO has moved forward on this work and achieved major progress. 


My organization, the NATO Communication and Information Systems Services Agency (NCSA), has been in the driver’s seat in improving NATO’s operational capabilities in cyber-defense. We have also supported activities on the strategic and political levels. 

The role of NCSA is to “ensure the provision of secure end-to-end information exchange services and information processing services required for NATO consultation, command and control using fielded communication and information systems in the most cost-effective manner.” These services are provided to over 100,000 users in North America, Europe, and Asia, in operational field situations as well as in many static headquarters and the mobile situations between them. NCSA supports six current operations, ranging from Afghanistan and Iraq to the Balkans and the maritime counter-terrorism operation in the Adriatic. We support 10 different security levels of communication and information systems (CISs)—some of which are interconnected—that have distinct user populations. In short, we have a fairly complex cyber-environment. 

My agency is also involved in a seventh operation. Although largely unpublicized, every minute of every day we conduct an operation to defend NATO’s critical CIS infrastructure, protecting borders that are often obscure against threats that are asymmetric, dangerous, and constant. As the director of NCSA, I am the commander of NATO’s cyber-defense operations. 


After September 11, nations and organizations seriously began to consider protecting their critical communication and information systems infrastructure. NATO was one of them. In 2002, at the Prague Summit, our heads of state endorsed a formal Cyber-Defense Program. This three-phased program aimed to field a more coordinated and technologically modern defense of our networks and to further expand capabilities in subsequent phases. The first phase, which has been completed, enabled NATO’s Computer Incident Response capability and saw the installation of intrusion detection systems on our networks. 

Then, in 2007, we witnessed the distributed denial of service attacks against the communication and information systems infrastructure of Estonia, a NATO member-nation. NATO nations needed to be assured that our networks would be successfully defended in a similar situation. So NCSA was tasked to conduct a security assessment of NATO’s infrastructure. Our report was used as the basis for continuing work in the area of NATO cyber-defense. In April 2008, the following statement was included in the Bucharest Summit Declaration, which was issued by the heads of state and government participating in the meeting of the North Atlantic Council: 

“NATO remains committed to strengthening key Alliance information systems against cyber-attacks. We have recently adopted a Policy on Cyber-Defense, and are developing the structures and authorities to carry it out. Our Policy on Cyber- Defense emphasizes the need for NATO and nations to protect key information systems in accordance with their respective responsibilities; share best practices; and provide a capability to assist Allied nations, upon request, to counter a cyber- attack. We look forward to continuing the development of NATO’s cyber-defense capabilities and strengthening the linkages between NATO and national authorities.” 

We realize that our infrastructure within NATO crosses traditional boundaries, and that what happens on one part of this linked network can very quickly affect another, with potentially catastrophic results. So any true defense must involve all of the major NATO stakeholders, from the political leadership to the military commands and the communication and information systems service provider. 

This new organization is the NATO Cyber-Defense Management Authority (CDMA). The CDMA’s primary mission is to review and coordinate NATO’s cyber-defense capabilities, addressing in particular the cyber-threat to NATO, security risk management, vulnerability and assessment and business continuity with respect to communication and information systems that are critical to the functioning of the Alliance. The NATO CDMA has sole responsibility to act as a NATO-wide cyber-defense management authority and to initiate and coordinate immediate and effective cyber-defense action where appropriate. For the first time, the Alliance is addressing cyber-defense from a truly corporate perspective. 

But there is no silver-bullet solution to cyber-defense, and we realize that there is no such thing as total security. However, NATO’s work in modernizing its cyber-defense has been very successful so far, from the agreements and endorsements at the political level to the formation of strong and coordinated management structures through to the deployment of modern and effective operational defenses. Much of this, particularly at the front line of our cyber-defenses, has been achieved with the help of strong and effective partnerships with industry. 

Such partnerships with our member-nations’ cyber-defense capabilities are key to successful defense. For many years, NATO has survived on the tenet of “collective defense,” which has never been more necessary than in today’s globally connected world. Cooperation and sharing of information is critical for our collective effort. Within the Alliance, we strive to share information and learn best practices from each other. It makes me very proud that many of our nations have consulted my agency so that they can learn from and emulate our NATO Computer Incident Response capability. 


To conclude, I would like to mention another indication of NATO’s commitment to cyber- defense: The formation of the Center of Excellence for Cooperative Cyber-Defense (COE-CCD) in Tallinn, Estonia. The COE-CCD aims to further enhance NATO’s cyber-defense capabilities with its highly specialized staffs, all of whom are voluntarily contributed by member-states. 

I would also like to say that political interest in cyber-defense was triggered by September 11 and the events in Estonia in 2007. But we need to keep this interest alive in times without a major cyber-attack. The danger to our societies is too serious to leave it only in the hands of technical experts. 


Top of page | Home | ©2009 Center for Strategic Decision Research