“division of labour” whereby each Organization brings specific added value. If NATO remains essential in ensuring “hard security” capabilities and collective defence, the EU is indisputably better placed to encourage the adoption across Europe of common approaches toward cyberspace, to regulate the ICT industry and leverage the private sector, and to adopt cross-border crisis and consequences management procedures for dealing with cyber-related incidents.
If the broad sharing of membership of both Organisations were not a reason good enough for a deeper cooperation in all fields, the very essence of cyberspace makes it crucial for NATO and the EU to work together. Cyberspace is a continuum, and it is impossible to talk of cyber defence without considering cyber security, or to separate interventions to counter cyber threats depending on the goals pursued, the actors involved or the level of sophistication of the attack - as the nature, extent or level of complexity of an attack will seldom be clear, nor will the ultimate aim, be it criminal, ideological, political or military. Unless choosing to segregate its own networks from the rest of world (but also deploying their own hardware and software), no actor can counter the cyber threat in isolation, and without an integrated and holistic approach
. In this regard, the lack of cooperation between NATO and the EU is not only a wasteful duplication of efforts, but also, more worryingly, it weakens the action of each Organisation
In this paper I will try to make the case for a deeper cooperation between NATO and the EU in the protection of cyberspace. I will first briefly outline policies and instruments
On Cyberwarfare. DCAF Horizon 2015 Working Paper N. 7. The Geneva Centre for the Democratic Control of Armed Forces.
The Demand for International Regimes, Robert O. Keohane, 1982, International Organization
vol. 36, no. 2.
currently in place in each Organization and I will then turn the attention to potential areas where cooperation and better coordination would allow the greatest gains for both. The potential threat emanating from the global cyber domain can endanger the prosperity, stability and security of our societies
, and as such demands a global response to ensure the highest possible degree of cooperative governance.
NATO’s Cyber Defence
NATO is probably the most advanced International Organisation in terms of cyber defence, as it has always been crucial for the Alliance to ensure the highest level of protection of the Consultation, Command and Control assets established for international crisis- management and collective defence. Today, without a functioning ICT infrastructure the armed forces simply could not carry out their duties. The critical nature of this requirement was clearly demonstrated with the cyber attacks against Estonia (2007) and Georgia (2008), and fully acknowledged in NATO’s Strategic Concept, approved in November 2010
. Second only to the Washington Treaty in terms of importance for the Alliance, this document confirms that NATO “will develop further (its) ability to prevent, detect and defend against and recover from cyber attacks, (...) bringing all NATO bodies under centralized cyber protection.”
Thanks to an unprecedented acceleration in acquisition procedures and to the most significant call for tenders ever issued in this sector by an International Organisation, the NATO Computer Incident Response Capability
U.S. White House, Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, Washington, D.C.: Government Printing Office, May 2009.
“Active Engagement, Modern Defence. Strategic Concept
For the Defence and Security of The Members of the North Atlantic Treaty Organisation”, adopted by Heads of State and Government in Lisbon, November 2010.