Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
3Activity
0 of .
Results for:
No results containing your search query
P. 1
The Case for NATO-EU Cooperation in the Protection of Cyberspace

The Case for NATO-EU Cooperation in the Protection of Cyberspace

Ratings: (0)|Views: 6,246|Likes:
Published by Silendo
The Case for NATO-EU Cooperation in the Protection of Cyberspace
The Case for NATO-EU Cooperation in the Protection of Cyberspace

More info:

Published by: Silendo on Apr 18, 2014
Copyright:Traditional Copyright: All rights reserved

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/04/2014

pdf

text

original

 
 1
 The Case for NATO-EU Cooperation in the Protection of Cyberspace Fabio Rugge
1
 
“We are caught in an inescapable network of mutuality, tied in a single garment of destiny”.  Martin Luther King, Alabama, 1963
 The low level of cooperation between NATO and the European Union is a known cause of frustration for the members of both Organisations. Historically, the differing mandates of NATO and the EU have made it less urgent to reach an enhanced level of collaboration, which until now has been blocked by the vetoes wielded by individual members in both institutions. The dialogue between NATO and the EU has therefore been limited to occasional exchanges of information, and coordination between the two Organizations is either carried out in a decentralised manner - in the 21 capitals - or restricted to specific agreements such as the “Berlin Plus”.
 
 The introduction of the Lisbon Treaty, however, has broadened the EU’s mandate on Common Foreign and Security Policy, thereby making closer coordination with NATO’s policies and tools a more pressing matter. Synchronization is required particularly in crisis management, where there is an increasing overlap in competencies.
1
Counselor Fabio Rugge is a diplomat who worked at the Delegation of Italy to NATO, where he was responsible for the negotiation of the new NATO Cyber Defence Policy and its implementation. The views expressed in this article belong solely to the author and do not necessarily reflect those of NATO or the Italian Government. 
Moreover, the economic and financial crisis makes any duplication of efforts all the harder to justify, especially in the sector of Defence spending, which is subject to particular scrutiny by public opinions. Lastly, NATO’s main shareholder increasingly expects the Europeans to “do more” and raise their investments in defence and force-planning to collectively correct the uneven balance of capabilities between the two shores of the  Atlantic
2
. And the European Union is, of course, the natural setting and best facilitator for such a European coordination, especially in areas where a mix of civilian and military capabilities and expertise is required
3
.
 
 As I will try to demonstrate in this paper, one of the sectors in which constant and more thorough coordination between NATO and the EU is essential in order for both Organisations to be effective, credible and mutually reinforcing in their respective interventions (and where, consequently, the opposing vetoes wielded within both appear instrumental to achieving alternative aims) is cyber security. Although sharing the same  values and approaches to cyberspace, NATO and the EU have not yet put in place any formal coordination in this new foreign and security area. Collaboration today is in practice limited to informal staff-to-staff contacts, and despite the existence of an agreement between the two parties on the sharing of classified information, official documents do not getexchangedeasily 
4
. This situation has led to a lack of collective situational awareness and real time information sharing on threats, vulnerabilities, incidents, intentions and techniques used in the attacks. It has also prevented an efficient
2
 I.e.: Robert Gates speech in Brussels, June 2010: http://www.defense.gov/speeches/speech.aspx?speechid=1581
 
3
Surviving austerity. The case for a new approach to EU military collaboration, Tomas Valasek, The Centre for European Reform.
 
4
Cyber Warfare. Dutch Advisory Council on International  Affairs / Dutch Advisory Committee On Issues Of Public International Law (AIV CAVV), 2011, p.33
 
 
 2
“division of labour” whereby each Organization brings specific added value. If NATO remains essential in ensuring “hard security” capabilities and collective defence, the EU is indisputably better placed to encourage the adoption across Europe of common approaches toward cyberspace, to regulate the ICT industry and leverage the private sector, and to adopt cross-border crisis and consequences management procedures for dealing with cyber-related incidents.
 
If the broad sharing of membership of both Organisations were not a reason good enough for a deeper cooperation in all fields, the very essence of cyberspace makes it crucial for NATO and the EU to work together. Cyberspace is a continuum, and it is impossible to talk of cyber defence without considering cyber security, or to separate interventions to counter cyber threats depending on the goals pursued, the actors involved or the level of sophistication of the attack - as the nature, extent or level of complexity of an attack will seldom be clear, nor will the ultimate aim, be it criminal, ideological, political or military. Unless choosing to segregate its own networks from the rest of world (but also deploying their own hardware and software), no actor can counter the cyber threat in isolation, and  without an integrated and holistic approach
5
. In this regard, the lack of cooperation between NATO and the EU is not only a  wasteful duplication of efforts, but also, more  worryingly, it weakens the action of each Organisation
6
.
 
In this paper I will try to make the case for a deeper cooperation between NATO and the EU in the protection of cyberspace. I will first briefly outline policies and instruments
5
On Cyberwarfare. DCAF Horizon 2015 Working Paper N. 7. The Geneva Centre for the Democratic Control of  Armed Forces.
 
6
 The Demand for International Regimes, Robert O. Keohane, 1982, International Organization
 ,
 vol. 36, no. 2.
 
currently in place in each Organization and I  will then turn the attention to potential areas  where cooperation and better coordination  would allow the greatest gains for both. The potential threat emanating from the global cyber domain can endanger the prosperity, stability and security of our societies
7
, and as such demands a global response to ensure the highest possible degree of cooperative governance.
 
NATO’s Cyber Defence
 
NATO is probably the most advanced International Organisation in terms of cyber defence, as it has always been crucial for the  Alliance to ensure the highest level of protection of the Consultation, Command and Control assets established for international crisis- management and collective defence. Today, without a functioning ICT infrastructure the armed forces simply could not carry out their duties.  The critical nature of this requirement was clearly demonstrated with the cyber attacks against Estonia (2007) and Georgia (2008), and fully acknowledged in NATO’s Strategic Concept, approved in November 2010
8
. Second only to the Washington Treaty in terms of importance for the Alliance, this document confirms that NATO “will develop further (its) ability to prevent, detect and defend against and recover from cyber attacks, (...) bringing all NATO bodies under centralized cyber protection.”
9
 Thanks to an unprecedented acceleration in acquisition procedures and to the most significant call for tenders ever issued in this sector by an International Organisation, the NATO Computer Incident Response Capability
7
U.S. White House, Cyberspace Policy Review: Assuring a  Trusted and Resilient Information and Communications Infrastructure, Washington, D.C.: Government Printing Office, May 2009.
 
8
 “Active Engagement, Modern Defence. Strategic Concept
 
For the Defence and Security of The Members of the North Atlantic Treaty Organisation”, adopted by Heads of State and Government in Lisbon, November 2010.
9
 ibidem, par.19.
 
 
 3
(NCIRC) for protecting the Alliance’s networks will reach Full Operational Capability in 2012. Meanwhile, timely internal reforms have ensured a governance structure that is able to deliver oversight and coordination on every aspect of cyber defence throughout the Alliance, and is directly linked to the North Atlantic Council and NATO’s Chain of Command.
 
NATO’s Level of Ambition in the sector of cyber defence goes beyond protecting its own networks and being capable of working in a degraded cyber environment
10
. The Alliance is reviewing its defence posture to account for the cyber dimension of future conflicts in its doctrine, strategy and force planning - a task assigned to the NATO Defence Planning Process
11
. In the absence of a historical precedent or a clear legal framework of reference, and with the current impossibility of quick and indisputable attribution of a cyber attack, the threshold for invoking  Article 5 of the Washington Treaty calling for collective defence is purposefully ambiguous. However, there is no doubt that with the new Strategic Concept the bond of solidarity that ties Allied members in the “conventional” defence domains of maritime, air, ground and space now also extends to cyberspace.
 
 Although protecting national civilian and military assets is the responsibility of individual member states, the risk of a cyber attack propagating within the Alliance and endangering its collective response mechanisms has induced NATO to assume a specific preventative role. The new NATO Cyber Defence Policy 
12
 approved in June
10
Keeping NATO Relevant, Jamie Shea, The Carnegie Endowment for International Peace, Policy Outlook, April 2012
 
11
 The Posture of the United States Strategic Command (USSTRATCOM)’, Hearing Before the Strategic Forces Subcommittee of the Committee on Armed Services, House of Representatives, 8 March 2007: http://www.fas.org/irp/congress/2007_hr/stratcom.pdf  .
12
NATO Policy on Cyber Defence and Cyber Defence
2010 tasks the Alliance with strengthening its awareness, warning and response capabilities  with member states and being able to assist them upon request, including through deployment of technical Rapid Reaction  Teams (RRTs) sent by the NCIRC. The bond of confidentiality developed over 60 years of shared threat analysis is essential to allow for exchanges of data among Allies in a sector  where information on capabilities and specific threats constitute the very essence of strategic advantage. To this end, NATO has signed  various Memoranda of Understanding for establishing Points of Contact and procedures for the exchange of information, including at classified level, with national authorities in charge of protecting networks; NATO is also an important axis for sharing information on vulnerabilities, advanced persistent threats, incidents, best practices and technical security requirements for protection of critical national networks and infrastructures. The Alliance also encourage and advise upon request Allies designing their national cyber policies. Lastly, regular exercises (Cyber Coalition) help to test national response capabilities and the effectiveness of NATO crisis management procedures.
 
 The upcoming EU Cyber Security Strategy
 
 The EU also has increasing competencies in safeguarding European critical infrastructures from cyber threats and reinforcing collaboration between member states in the fight against cybercrime
13
. However, for years
 Action Plan, 7 June 2011 (classified). Public version at http://www.nato.int/nato_static/assets/pdf/pdf_2011_09/20111004_110914-policy-cyberdefence.pdf  .
13
Commission communication of 12 December 2006 on ‘The European Programme for Critical Infrastructure Protection (EPCIP)’; Council Directive of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection; Council conclusions of 19-20

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->