NATO Smart Defense and Cyber Resilience:
A Methodological Approach to Adapting to Emerging Challenges (*)
Dr. Marios Panagiotis Efthymiopoulos
Assistant Professor of Strategy and Security &
Program Coordinator of the MA in Strategy and Security
American University in the Emirates
This paper aims to evaluate NATOs’ “Smart Defense”1 policy in the view of the continuing significance and global roles of the Alliance. Smart Defense being an integrative part of the collective defense of NATO, it is required to respond to existing threats and challenges through the use of new operational and tactical elements, which should include flexibility and the adaptive use of technology.
Current and future strategic threats and challenges require NATO to re-examine policy and operational posture. This includes building on NATOs future strategy, through adaptable poli-cy and procedure. Through NATOs’ cyber-defense policy, greater resilience when dealing with threats can be achieved.
A methodological approach will be presented on to how to integrate NATOs collective de-fense, through cyber-defense policy, to the 21st challenges and threats. NATOs resilience poli-cy, if adopted at the Warsaw Summit in July 2016, will become an integrated part of NATO’s Smart Defense and collective defense. It will create a new standardized form of procedure, which will afford flexible strategic and operational forces but also commanding forces, through the use of multi-level and multi-dimensional tools.
At NATOs Warsaw Summit in July 20162, NATO members are to welcome all possible clauses for cyber-security and cyber-safety procedures, considering chal-lenges and threats, as well as strategic elements for operational capacity building options; in essence allowing for optimum adaptability in technology, through in-formation resilience of NATO forces. Technological evolution of NATO means operational and strategic change for the alliance. It is up to NATOs leaders and decision-makers, to decide about the future of NATO and how it is going to be operating strategically and operationally, considering the multidimensional level of threats and challenges. Therefore, in regard to the policy of Cyber-Defense and/or Cyber-security it needs to be decided as to whether they are going to be adopted and or centrally used, as core elements of defense policy. Leaders are yet to show truthful political resilience in decision making at the level of the 28 mem-ber states, for NATOs’ business and operational continuity, could be at stake.
Operationally, forces need to continue to be agile and technologically advanced at all levels, in an asymmetrical world, which is complete with unforeseen challeng-es and threats. Currently NATO forces, require a flexible and adaptable opera-tional and strategic command, based on high technologically sophisticated infor-mation ‘coming in’ but also being used while in training or active operations.
Possible operations, require tactically coordinated network-centric, standardized, oriented operational capability and capacity. NATO’s current “Smart Defense” policy therefore should be updated. It needs to be automatically adaptable to a new range of e-environment threats. Through ‘resilience of forces’, a new termi-nological characteristic, which will become the buzz word, for the next ‘opera-tional period’ to come, NATO will be adapting to new security challenges.
This paper proposes a tactical military and civilian capacity building approach, based on the strategic needs for resilience in collective defense and/or smart secu-rity policies of NATO. Leaders should, through consensus, jointly decide on ef-fective measures for strategic capacity building. New operational and strategic elements need to be procured and applied, considering the technological advances with which modern threats and challenges appear. The policy of resilience and continuity of NATO should be decided so that NATO may continue be relevant as a security organization.
NATOs cyber-defense and cyber-security, is a core policy, which requires the Al-liance to become resilient when referring to collective defense. According to
“NATO Review”, “…NATO’s experience and expertise can help partners im-prove their own capacity for resilience3”.
This paper provides the reader with updated information on Cyber-Defense poli-cy, Smart Defense and the North Atlantic Alliance considering the forthcoming policy adaptation of resilience as a key methodology for collective defense.
This is a research area which appears to be simultaneously challenging from a scholarly perspective and hugely significant in terms of policy and practice4. This paper is an approach to what we can refer to as “NATO’s Cyber-resilience poli-cy”. It proposes a new strategy in operational and defense capability, built on the necessity to minimize current and future threats, whether these are coming from the North-East, East or South.
We aim to examine current steps taken for a resilient alliance policy. It considers cyber-policy in defense and security, as the most important policy reflecting the need for NATO to adapt to new strategic and operational environments. It looks at the strategic ‘lessons learned’ to this day, on NATO’s cyber-resilience. It recom-mends strategic and operational management elements, based on the need to hold a flexible and adaptable alliance. The paper finally considers current administra-tive and fiscal costs, considering cyber-defense and security in a resilient strategic networked environment.
Let us also note that the present paper aims to build on previous research pub-lished by the author on NATO Cyber-security5.
Issues analysed and proposed in this article, are the sole opinion of the author. They are not related in any official way with NATO or any government. They represent ongoing academic research and a proposed analysis that is shaped from primary and secondary sources of information. Current positioning, statements and arguments are based on academic research, experience, judgments and coop-eration established in the framework of this current research.
The issues presented hence forth, are for consideration. They solely reflect the op-erational and tactical levels
NATO and the Policy of Resilience
Resilience as a terminological and operational factor, will become the newest ‘brand’ and communication name for the Alliance. Resilience, as a terminological word will create a re-orientation policy for NATO. It will and should reflect all possible crises and strategic management procedures. It should apply to NATO’s operational capacity of deployment of forces, through more flexible and effective means of countering threats. It will be adaptable to mitigation and/or negotiation procedures with non-NATO members and will allow for cooperative members’ joined cooperation and training, in consequence, to relative past or currently emerging challenges and threats (i.e., NATO-Russia Relations and NATO-ICI members considering the threat of ISIS and other terror groups).
NATO’s resilience will re-define strategic plans and re-assess risks. Heads of State and Governments at NATO should create a ‘modern administrative and op-erational format of the alliance’ that is flexible and e-oriented. NATO truly needs to hold agile and technologically advanced forces with added value, through civil-ian capabilities and social media training and action among others.
Resilience therefore should become also an adaptation process for NATO; a phase to consequently strategize and draw new scenarios. This is in order to operational-ly process and counter in an effective manner, current, new and upcoming chal-lenges and threats. Resilience is therefore a policy that is being given way from “NATO’s Smart Defense” clause. A result and constant request of NATO is to boost change, if it wants to remain relevant and most importantly a global asset value to security and strategy.
The policy of ‘resilience’, should open way to operational and strategic flexibility. It will be applied at all levels. When strategically managed and operationally ap-proved, resilience will include a further and concrete, development of an “updat-ed” cyber-defense policy for NATO among other policies that will add value to the needs of NATO to counter threats in a multi-dimensional level.
NATO’s Smart Defense should be resilient. It should ensure stability. The Atlan-tic Council of the USA refers to a ‘stability generation’ policy6, adding that NATO’s collective defense itself should be re-strategized. It should be adaptable to the constantly increasing needs, for a technologically secure and agile environ-ment, in a period of great challenges and threats from outside but also within NATO space.
A resilient smart defense, requires agile network e-centric cyber methods. NATO requires operational capacity steps to be adopted. Through a methodological rea-soning and step by step deployment of forces in security and e-security led opera-tions, NATO will be able to secure its e-space, secure its infrastructures but also provide defense and cooperation, as NATO should “confront where we must and cooperate when we can”, referring to the NATO-Russia relations, according to Stavridis, the Dean of the Fletcher School at Tufts University.
Due to the importance of a resilient policy to collective defense, cyber-defense as a policy should become a core asset value policy for the Alliance. It should be used as a core element for a renewed flexible, otherwise resilient smart defense policy, for the benefit of collective defense but also cooperative adaptability.
NATO’s Cyber-Resilient Policy
“Future war-like operations will be held in a far more complicated level of mili-tary operations”7. Current military operational and tactical needs, considering the asymmetrical and multi-dimensional environment, require good and agile capaci-ties and capacity building. Joined forces themselves, require proper command and operations. They require agility but also resilience.
We live in an age “…in which more people have access to highly sophisticated technologies and almost every social, economic or military asset has become ‘se-curitized’ or vulnerable to disruption – whether temporary or more lasting – from
an outside attacker or even an inside source…In a globalized but also more con-frontational and complex world, resilience will remain an ongoing concern for Allies, requiring constant adaptation as new vulnerabilities and threats emerge…8”.
Operations are conducted today within a complex environment. The use of tech-nology necessitates, accurate ‘tools’ for possible success. They require interoper-ability of forces, in a constant adaption environment. The same applies for net-work-centric oriented operations where cyber-resilience is required.
Technology is therefore used as an asset tool. Its capabilities are used for the suc-cess of military operations. Knowledge and good use of technology, and in specif-ic cyber-defence are added values that minimize among others human cost.
When NATO leaders first considered cyber-security as a policy requirement, questions were raised on how to find a smart way and operational way to use technology for its benefit both operationally and strategically in a fast and techno-logically advancing world.
In 21st century security affairs, NATO forces are required to be well prepared for possible rules of engagement at all levels and dimensions. They should be able to counter symmetrical and asymmetrical battles, threats or challenges. At the level of cyber-resilience preparedness, scenarios, of possible attacks and battles, can be anticipated. There are or should be proposed operational methods for action whether this is for defence or cooperation.
The use and necessity today of technology is limitless to both military and civilian assets. So is the virtual world of defence, where technology and cyber-defence merge. These are the tools for action. Technology plays a key role in a global reach and so does NATO, through the framework of a limitless technology. NATO uses technology for the preparation of its forces, as tools for knowledge as to defend but also to counter-assaults, where counter-measures are needed.
Since the adoption of the NATO Cyber-Defence policy9, NATO trains its military and civilian assets for possible action against possible threats. NATO is constantly training its forces on Cyber defence. Training can be achieved through national, bilateral even multilateral levels of NATO, through the association of member states, at the level of Centres of Excellence, such as the CCDCOE10. Training is anticipated to expand. While NATO gets more engaged in the field of cyber-defence, in both operations and tactics. It is anticipated within the Alliance that NATO is well prepared, both for current and future challenges, countering multi-ple and multileveled dimensions of cyber-attacks. Yet, it also holds an open op-tion if necessary, to conduct counter-offensives to prevent further escalation of cyber or military actions11.
NATO Missions, “will continue to require agile and interoperable, well-trained and well-led military forces”12. This new technological and operational environ-ment through cyber-defence, provides NATO with a new level of technological possibilities; new tools for use against possible threats but also protective ‘cyber-objectives’. Allies have an added policy, mission and value. Ongoing and constant transformation through its Operational and capacity building resilience, aims to reach in updated capabilities and political excellence, in 2016. NATO aims for well-coordinated missions in cooperation with and/or participation with other in-ternational organizations, when prompted to react on international threats or chal-lenges. As such, NATO has the ability to continue to be a force and security pro-vided in future potential of, what we may call it, as the ‘online’ security protection initiative against all possibly known threats.
Now it seeks excellence, in achieving the best smartest way to protect but also counter-attack. By ‘nature’ NATO exists to prevent and defend member states from attacks.
Through smart ways and agile training, NATO can counter, most known ways of interface (whether virus or virtual) attacks or spying attempts.
As previously noted, cyber-defence capabilities in a smart and resilient way, is the
‘operative goal’. NATO members prepare well and at joint levels. NATO’s Smart
Defence13, a policy framework for defence tactical advice and operations, used to be the method that among others branded the need for a cyber-defence policy. Through a possible upcoming Cyber-resilience of NATO, which could be adopted as a policy, among other resilience policies, during the Warsaw Summit in July 2016, NATO will be expected to take preliminary actions through standardized procedures of protection effectiveness. What is well known through policy analy-sis is that NATO military forces should reach an appropriate level, so as to oper-ate in and around “article and non-article 5 operations”14–meaning not only defen-sive-clause operations but also in counter-offensive operations15. Cyber-protection is needed when defence of allies is associated with possible threats or challenges such as the one of ISIS.
This article stresses, that NATO Cyber-Defence policy, should never stop trans-forming, while technology progresses and threats expand to a new and deeply dig-itized world of insecurity starting with the case with the cyber-attacks in Estonia in 200716. Past events in Estonia, showed early on, a strong smart cyber-defence
‘umbrella’ which is certainly needed by 2016, in which agility and resilience needs to be achieved.
There is a need of a resilient policy method approach for continued practical allied update and practical preparation to counter cyber-attacks. Innovative methodology and ideologies are needed to process such a policy approach.
In turn, a preparatory resilience policy applied, will allow for the 28 member states, to be even more agile for defence or crisis management purposes, electron-ic warfare methods. Interoperability of forces for joint use in Cyber-defence should be achieved through adaptability and standardization processes. NATO should ‘e-volve’ as should Allied ‘e-networked’ States. NATO should innovate and manage. NATO should administer change on methods of smart resilience in defence through cyber-defence, strategically and operationally.
Cyber-Resilience in Cooperative Defense
During the Chicago Summit, NATOs’ policy on “Smart Defense17” was presented in which, “…NATO leaders agreed to embrace Smart Defence to ensure that the
Alliance can develop, acquire and maintain the capabilities required to achieve the goals of ‘NATO Forces 2020…18”. Following this, during the Wales summit19 NATO Allies, confirmed and reaffirmed the commitment of all member states to consider the cyber-resilience of each nation to the aims and objectives of the alli-ance. They affirmed NATO’s policy vis a vis the international and inter-connected environment, which are complete with challenges and threats. They also affirmed the raising importance of the element of cyber-security and cyber-defence. The upcoming NATO summit in Warsaw in July 2016, is yet to show the policy or resilience and cyber-resilience in the framework of cooperative defence. At a time of much needed proposal for practical and smart defence, there is a new security culture comprehension, which is now considered as multi-levelled and multi-dimensional.
Defense capacity building for the 20th century requires a modern way of thinking. It is about encouraging cooperative defence at the level of expected outcomes considering global but also regional risk assessments. NATO is still to enhance but also maintaining military capacities and military capabilities.
The new strategic concept of NATO requests the alliance to move forward. 21st century needs and challenges, require agile and compatible forces at all levels, including network-centric operations and defence.
NATO forces cannot be static. They need to technologically advance, progress methodologically, to accommodate the increasing need for multi-dimensional ways of security and defence. NATO needs to have interoperable, capable and well equipped technologically agile forces.
Planning and budgeting for operations needs to be “smart”. Directed funds should now, at a period of specialized or tailored fiscal management, build such capaci-ties, in which planning should be effectively applied in practice. This includes where operational viability of forces is realised, on a minimum budget level with equalised costs, and enhanced technology and minimum engagement in regard to both time and operations.
Throughout the attempt to achieve a truly cooperative defence, ‘Smart Defence’ stands out on renewing operational and tactical effectiveness; operational alliance and coordination. It is all about specialization of forces including the element of resilience of forces mainly through technological agility.
Smart Defence is to soon prioritise to meet the NATO forces command and struc-ture of 2020, through the following steps: 1. Sound strategic structuring and plan-ning, 2. Good operational coordination in exercises and in the field, 3. specializa-tion of force structure, command and operations 4. Achieving collective defence, through collective efforts, 5 burden sharing 6 technological advancements, con-sidering the threats and challenges of the 21st century.
By 2016, in a period of much needed strategic and tactical resilience, smart de-fence stands out as a request for geo-political capability and capacity, implemen-tation and operational effectiveness, in both the regional and global fields. In envi-ronments which are symmetrical but also asymmetrical; with minimum cost pos-sible, through the optimum use of technology provided. While also trying to avoid duplication of efforts, Member states should hold joined operational strategic cen-tres, on and for among others, ballistic missile defence, intelligence, surveillance, reconnaissance, cyber-defence and security, maintenance of readiness, training and force preparation but also agile deployment bases for effective engagement; All aforementioned should be expected to work with minimum cost, casualties and high level of technology preparedness that is both beneficial and practical.
Smart Defence is a priority policy for NATO. And so should Cyber-resilience in the Alliance. Through a methodological period, NATO should continue to be able to counter current and emerging challenges. Defense planning, operations and les-sons learned are therefore a continued process of evolution of NATOs capabilities which always need to be taken into account.
Resilience through smart and cooperative defence requires NATOs Cyber-defence effectiveness. It also requires decision-making and leadership in this policy con-text. In the framework of cyber-defence, NATO needs to align supranationalised national capability priorities and standardize through NATO processes. In the framework of Cyber-Resilience at NATO, policies on standing management of operations need to be agreed upon. Therefore, cooperative and consensus levelled agreements need to come forth; NATO should produce a cost-effective projection planning and application for all operational exercise theatres reflecting the real yet also virtual worlds.
Cyber-Resilience and methodological specialization through leaders’ policy deci-sions at the level of Heads of State and government in operational planning and practically applied, are key components of and for success for the Alliance, con-sidering threat assessments. Resilience with coordinated efforts may lower costs, fiscal, administrative and human, but will require developed technology infra-structure. It will guarantee national engagement of states to NATO policies, when correctly pointed out. Let us not forget that specialization as a key national policy is and will always remain a form of national interests, which examined changing variables based on geographical interests, strategic sharing of costs, technological information and intelligence sharing or operating in regional or global environ-ments.
Associating Smart Defence with Cyber-Resilience: “Engagement Through Policy Adaptation”
Not many steps take haven been achieved in the framework of Smart Defence ca-pabilities when resilience is applied. The inability and/or unwillingness of mem-ber states, for political and military national engagement has still to be confronted, mainly as fiscal austerity measures are applied and cutbacks are in effect20. Ac-cording to the Atlantic Council, “…The Alliance, given the new strategic land-scape it currently finds itself in, requires a new strategy. NATO’s current three core tasks—collective defense, crisis management, and cooperative security—are “tasks” but not strategies—they do not identity the full spectrum of ends, ways, and means, and therefore do not tell the Alliance and its members either what to do or the risks involved. NATO has been working diligently but without great clarity or common agreement as to its end goals21”.
Heads of state and governments however do listen and observe and therefore con-sult and call on NATO to hold Summit meetings, and to negotiate or mitigate is-sues such as the upcoming Warsaw Summit of July 2016. In the framework policy ‘Smart Defence’, which is yet to be achieved by 2020, Smart defence renders cheaper the cost for the total sharing of burden by member states while attracted more to elements or variables where technology is used to minimize costs. Surely, not all members share the same burden to this day, as also the cost differs from state to state and so does as aforementioned national interests.
In a time of austerity measures and political challenges and changes, states are still to realise how cost can be measured, in a smart ‘budget and operations’ way. While Smart Defence lowers overall long-term cost, and if burden sharing is actu-ally increased but equalled to lower levels of fiscal sharing, long-term results will show, that in fact, less cost will be achieved.
The cost will be equally associated with the value of services provided reflect the needs of strategic management and planning of all 28 member states, which to be fair cannot yet be achieved.
While, national and collective defence remains at the forefront of interests of states, a new ‘rapprochement’ is needed between member states as threats are now borderless.
Cyber-defence being a key core policy for smart defence and resilience, attracts attention to stake holders. Through evolving and constant communication and marketing perspectives, social media and workshops, conferences, cyber-defence should continue to be promoted and have a clear aim. Reflecting on the needs for a global element of cyber-security against current and emerging challenges, ex-change of scientific information and operational processes, promote such ideolo-gy, where experts from around the world exchange information and discuss the risk assessments and how to manage.
Cyber-defence, a core policy in Smart Defence itself, works as a ‘decree of spe-cialization, which now requires adaptation if not done so already for each member state’; politically, strategically, tactically and operationally but also legally.
Cyber-defence policy must and should always be provided as a methodological tool for operational success of NATO against current and emerging threats. It is and will always be a tool for a joint framework of cooperation, globally.
As Smart Defence is being upgraded and developed, Cyber-defence “…not a con-ception but a real-politic issue…22”, should remain an element of specialization policy, a key for concrete strategic engagement of all resilient member states. It will emerge to become a policy of unity among states (political) and business con-tinuity (strategic orientation) about the future of NATO.
NATO’s strategic approach post Warsaw Summit is estimated to reflect a much need realistic plan of operations and engagement in the field of cyber-security and defence. NATO should continue to be a collective to be a force projector and force protector. It should not limit its role and actions but should allow and seek out enlarged cooperations tailored to the global and regional needs to counter the existing challenges or emerging challenges, considering that as aforementioned challenges are now borderless.
Cyber-defence and technological progress within NATO, can therefore be seen as the core of collaborative smart defence, to be finalized and achieved by 2020 standards. Cyber-Security being technologically advanced is resilient to changes. It does provide adaptable technological architecture and posture which will dis-cuss below considering the opportunities but also challenges. It will provide ro-bust deliverables with minimum human capital, fiscal but requests technical de-liverables.
With the Internet of all things, cyber-defence and security as a strategy becomes necessary and absolutely important as a legal framework, political framework and economic framework of burden sharing at NATO.
At the same time it will simply ‘market’ NATO in the ‘smartest and easiest way’ at a time of financially and socially emerging markets, where non-member states require individual or tailored cooperation with NATO. It will facilitate NATOs expeditionary role for force projector, trainer and crisis management operator, as an “…active leader in peace and security23”.
Cyber-Security Liability and NATO
NATO’s role is expeditionary. We could state that NATOs role is as a force pro-jector, force planner, force multiplier, force initiator and force applicator. It does apply these ‘rules’ for the benefit of a safe and secure environment when risk are constantly assessed24.
Between the years 2001-2016, among others, the Alliance has responded through actions such as the following:
1. Invoking article 525, as a consequence of the terror attacks in the USA, on September 11th 2001,claiming its right to defence against external ag-gression
2. Allied states agreed on an everlasting transformation, political, military, operational and strategic as was approved in during the Prague summit of 200226,
3. Agreed to be involved in outer-areas of traditional operations Kosovo27, Afghanistan in 200128 onwards via operation International Assistance Force29
4. By 2012 at NATOs Chicago summit and confirmed at the Wales Summit of 2014, agreed on a Smart Defence initiative, that is of qualitative and quantitate value, for among others, agreed into joint interoperability ef-forts, including efforts to establish a concrete strategy and policy Cyber-Defence30.
In an emerging globalized world, where complexity may become the key charac-teristic in strategy and security, resilience will become an integrated part of NA-TOs policy orientation and application. New vulnerabilities and threats continue to emerge. Political pressure will require NATO leaders to take decisions about the organization’s future. Yet all agree that NATO is a necessity. As such NATO should become more open, more adaptable and more flexible. With more burden sharing, better smart budgeting, long-term planning and operational application and continued success, NATO should continue be re-branded as an adaptive secu-rity organization, that does more to offer security and strategic alignment to truly current but also future challenges and threats, that we may not yet anticipate or think of.
In the not so long past, such similar actions reaffirmed by the Heads of States, in-cluded among others, the Treaty of London in 1990 Summit, to the 1994 Summit in Brussels, and in 1999 over its 50th year anniversary Summit in Washington, to the immediate decisions taken in 2001 after the terrorist acts in the USA31 to its 60th anniversary, which was held in Strasbourg and Kiehl accordingly in April 2009 to the Chicago Summit of 2012 and the Wales Summit of 2014, which add-ed value to the Alliance and Allies reaffirming NATOs long-term necessity but now also strategic resilience to multi-dimensional challenges and threats.
Vulnerabilities and threats considering multidimensional challenges require NATO to be both strategically and operationally agile. It requires NATO to be adaptable to conditions unforeseen.
Considering technological advancements, we are yet to acquaint ourselves, our institutions, governments and international organizations with true phenomena of a new, yet networked global society. In this borderless society, where, electric grids, information or installations failures may have in the past solely affect a country, now affect a region and possibly a larger area. It may also affect global financial systems and social structures. Current financial situations in regions and areas, such as in the South of Europe, like Greece, Italy and Portugal among oth-ers, affect the larger European Union as a community of union states.
The Refugee issue and the fear of mass illegal migration, deriving from current wars in Syria, Iraq and other areas such as Afghanistan, affect countries, giving rise to suspicion on cooperative effectiveness, participation in defence against threats and challenges. Even more so, when a global society is e-wired, in which education, training, health but also security are part of this ‘grid’, the threats and challenges are greater.
In this new virtual world of things, where the internet has managed to eliminate, distances and borders but also time, NATO should be set to comply with the new
‘global rules’. It should create agile and limitless policies, security basic and spe-cialized military and civilian installation if NATO is to continue to be a crisis management institution.
NATO Resilience in Crisis Management and Communication
Societal Security, an emerging phenomenon in the field of strategy and security, requires good crisis management skills but also communication effectiveness in both the real and virtual worlds. Business continuity at NATO, requires as fore-said the Alliance, to be resilient; and surely for the purposes of this research pa-per, the Alliance and allies to be or become cyber-resilient.
By methodological approach, societal vulnerability continues and will always continue to exist, so far and as long as threats are there. Considering the current civil need to be always preparing for a new “cold era”, among others, considering the annexation by Russia of Crimea in 201432 and following the disintegrating re-lations of NATO due to the unlawful act of Russia to Ukraine, the establishment of US and then taken over by NATO, of the Missile installation in Romania33 and the immediate reaction and accusation of Russia in regard to these develop-ments34, the refugee challenges as an outcome on the constant fight against ISIS35, but also the phenomenal changes in the financial world (ie. The Panama Papers36), NATO is required to become truly resilient NATO, as should also nations and leaders.
All aforementioned elements are crisis management factors. NATO provides the tools and methodologies, in which the Alliance is requested to reply to strategical-ly and operationally. To mitigating plans for pre-crisis, during crisis and after cri-ses situations. For and during operations, logistics of deployment or information gathering and or training purposes, among others.
In such similar cases, the legal and political perspectives also on cyber operations should be clear. The success of an operation, lays to effective logistical and opera-tional support. Therefore the legal aspects that come with sharing of information, on how to deploy forces, identify key threats and elements in cyber-space, are im-portant. The Internet has no borders. And threats can be easily infiltrate the na-tional e-space and boundaries. Leaders are welcomed upon to take strong strate-gic-led decisions.
NATO is to ensure protection of all infrastructure. The Allies should be able to anticipate, identify, mitigate and recover from “hybrid attacks37” – the dimen-sion(s) of simultaneous attacks, while reducing the threat of destabilization and or spreading fear.
In a civic society, it is our responsibility to ensure adequate awareness on cyber-defence and security. To learn about the necessity to protect all infrastructures, NATO’s collective defense should be characterized by burden sharing, openness, flexibility and transparency in cooperation and information flow among member states. Through preparedness, strategic and operational awareness, strategic resili-ence can be achieved. Response time and framework will then allow NATO to counter threats as they emerge.
Tendencies in the Cyber World
The 21st century is characterised by the use of advanced technology. By 2016, technology is merely a tool, interconnected with services provided through the internet. Our wired-society includes online services such as: banking, communica-tions, security services, shopping, and media-services to name a few, which now take place in cyberspace. These services are by now vulnerable to cyber-attacks. As countries steadily move forward in becoming dependent on technology and wider networks, the security stakes also increase.
Current security risk assessments, consider that there is constant development of cyber-organized crimes that need to be countered. ‘Cyber-crimes’, are executed by organized groups. Hackers are considered illegal users that know how to get access to personal, classified or other unauthorized information by informal and unaccepted means at all levels and in all places. The use of personal, unauthor-ized, or private information to get access to other resources such as funds or weapons, is a crime, as is the use of the web to terrorize citizens, states, institu-tions or organizations.
In terms of applying these issues in military policy, through national or NATO command on cyber-defence policies, NATO or national armies, use the internet and technology to protect, defend and secure governments, infrastructures and people. Therefore, the creation of a Cyber-Defence policy was in fact a necessity, and more importantly, was seen as a necessity that we clearly pointed out follow-ing the first truly organized cyber-attacks in Estonia in 200738.
“…NATO has now moved on to help Allies improve their cyber resilience by in-troducing capability targets into the NATO defense planning process and devising a new memorandum of understanding between NATO and individual Allies to
establish secure connectivity and arrangements for information-sharing and crisis management…39”.
As pointed out by NATO Review, Cyber-Resilience is a tendency for building capabilities. Fields include but not limited to network protection infrastructure, awareness and training and education, systems configuration and infrastructure protection among others40.
The NATO’s (CCDCOE) Cooperative Cyber Defense Centre of Excellence in Es-tonia, an outcome of the full scale cyber-attack of 200741, is a supportive element to NATO, through which it achieves, resilience policies and capacity building processes. Through its exercises and conferences CCDCOE raised awareness on the policy of Cyber-Defense. A recent contribution to the national framework42 and legal elements43 and framework for cyber-security and cyber-defense contrib-utes towards standardization processes that will be discussed in the Warsaw Summit in July 2016. To allow for resilience in skill building of and about cyber-operators. Cyber-resilience will expand to the appropriate NATO agency, which is the NCIA agency “NATO Communication and Information Agency44”. The
NATO Agency will adapt and standardize procedures, following agreement at the Warsaw Summit of Heads of State and Government and will allow better coordi-nation and collaboration with the market stake holders which hold the already provided infrastructure on cyber-issues and will allow for NATO to align technol-ogy global standards.
NATO’s Concept of Cyber-Defence
It was NATO’s Military Committee decision to adopt a ‘Cyber-Defence Con-cept’45. The Committee’s aim was and still is to deliver business continuity and military resilience. As NATO is a provider of collective defence and as a collec-tive organization in a globalised and currently unsafe e-world, it needs to be agile. In an environment of insecurity the Alliance’ delivers new policy results. Taking into perspective new forms of asymmetrical threats, such as cyber-attacks.
Historically, the 2002 Prague Summit first marked NATO’s tasking authority committee with regards to all activities that should be held in relations to Cyber-Defence. As technical achievements was delivered, so policy-makers delivered policy results on Cyber-Defence. That is why, Allied leaders during the Riga Summit of 2006 acknowledged the need to include these as is stated on its deci-sions at the Press Communiqué: 1) to protect NATO’s operational information systems, and 2) to protect its allied countries from any e-, or in other words cyber-attacks by new forms and means developed by NATO’s Allied Command Trans-formation (ACT) In Norfolk Virginia.
The output of the informal Meeting of the Ministers of Defence in October 2007 of NATO46, gave way to the inauguration of NATO’s Center for Excellence
(COE), which at a later stage got accredited to have become the Allied Command Transformation on Cyber-Defence, named as Cooperative Cyber-Defence Centre of Excellence, CCDCOE47. It was based, on the Concept and early understanding of cyber-resilience for NATO’s future policies in countering challenges and threats, as was agreed by NATO’s Military Committee.
The central and final decision-making role over the policy of Cyber-Defence however, is the North Atlantic Council (NAC), which accordingly is led by Heads of State and Governments. This is the highest deciding political authority which decides, creates and overviews policy. It also evaluates, considers and adopts NATO’s policies and activities with regards to political and military affairs or standing issues on challenges and threats, among others. Below the NAC, is
NATO’s Consultation Control and Command Agency (NC3A)48 now transformed to the NCIA agency and the NATO Military Authorities (NMA). The latter au-thority has implementation as its major task.
The implementation of NATO’s Cyber-Defence policy is considered as the sec-ond most important decision by now, once the decisions are taken by the NAC.
The ‘Concept of Cyber-Defence’ “adds practical action programmes, to fit within the overarching policy”51. The ‘Cyber-Defence Management Authority’ that is tasked upon its policy concept “brings together the key actors in NATO’s Cyber-Defence activities”. Its aim is to manage and support all NATO communication and information networked systems and individually allies upon request52.
NATO’s policy creation and activity is ‘encouraged’ by Allies. The aim is to adapt the alliance to the new strategic and security environment that is “hybrid”.
To engage as many as possible governments, industry related market companies and individuals. In accordance to its best practice policy, NATO considers that its
‘operational forum’ can and should be considered as the best joint operational co-operation between states and market, as to also avoid duplication of efforts and use the necessary global knowledge to achieve interoperability of force action and command also in cyber-space.
Practically, in military policy, implementation or operational areas, NATO has adopted ‘three phases of practical activity and cooperation’: The initial phase in-cludes a NATO Computer Incident Response Capability (NCIRC). It was estab-lished as ‘interim operating capability’ for NATO to build up on both security risk and manage the element of cyber-threats. Its second phase involved an ever more realistic and pragmatic perspective that required the co-ordination of all initial ‘of-fering’ states to the attempt to establish a Cyber-Centre, (under the NATO agree-ment between states of a voluntary national contribution -VNC), in bringing the NCIRC to a full operational capability53.
New policies came about. Proposed and came to effect (well-known procedure of internal NATO working process) until the adoption of ‘MoU’. A so-called ‘Mem-orandum of Understanding’ was drafted and proposed to NATO, by a sponsoring state which would establish a centre for cyber-training, in this case in Estonia.
From that point on, it became an administrative decision of the Allies, that once the aforementioned stages would be put into effect, then a third phase would come into existence: Needless to say, this third phase was a complete implementation and rule based operational procedure that would soon enough bring about into ex-istence NATO’s request for technological agility and resilience, which is also yet to be finalized at the Warsaw Summit of July 2016. “It consists of incorporating – lessons learned – from the prior two phases as using new and latest Cyber-Defence measures (use of new technology and getting more knowledge on the security en-vironment), in order to enhance Cyber-Defence posture. Once the third phase was evaluated, the Allied Command Transformation (ACT) decided, to accredit the operational centre – in this case the Cooperative Cyber Defence (CCD) COE (Es-tonia), what is called as a ‘Centre of Excellence’-. In turn, this resulted to the in-auguration of the CCDCOE by May 2008.
Cyber-Defence Put to the Test: The Estonian Case of 2007
The Centre of Excellence in Tallinn, was primarily supported for two reasons: 1) it was already scheduled by the time of its inauguration as an idea. Estonia would have been the host country for such an operational centre. Today the Centre of Excellence is yet to welcome more members, the latest ones to join being Greece, Turkey and Finland54. 2) Estonia had already been witness of modern asymmet-rical hybrid warfare attacks by 2007. It is estimated that what triggered an attack from inside and outside the country’s infrastructure, was the action of Estonians removing the bronze statue of a Red Army soldier, during Soviet times, from the centre of Tallinn. It was an honorary statue, honouring the dead of the Second World War. This matter sparked social outrage between Russian speaking popula-tions. (News Scientist, 2007). It resulted to continuous cyber-attacks on Estonia’s e-infrastructure, public and private, military and civilian.
By 2008, 7 Alliance countries according to the Memorandum of Understanding on the cyber-defence centre, supported Estonia to get full operational capability (Germany Italy, Latvia, Lithuania, Slovakia and Spain), which lead to an evolu-tion period. By 2016, NATO Allies, are expected to discuss further and finalize the framework, logistics and operations, elements of cyber-resilience and proce-dures on the policies, when considering threats and challenges in a changing envi-ronment. NATO is yet to decide on the resilience policy, as hybrid warfare is de-veloping, at a time when Smart Defense of NATO nations are expected to achieve the goals and aims which are to be seen by the year 2020.
The cyber-attacks in Estonia of 2007 are still today the biggest and most orga-nized electronic attack, with a duration period of several weeks, provided NATO with a motive and multipurpose task for years to come. NATO’s leadership was in fact correct in its judgment that: 1) Such an operational centre and policy was needed 2) Its operational centre would constantly be evaluating and evaluated. Would research on prospective evolutions in technology, malware and cyber-security 3) that NATO requires resilience when considering the current or future threats and challenges.
The inauguration of its Co-operative Cyber-Defence Centre of Excellence (CCD-COE) in Tallinn Estonia in May 2008, led to a mission, which holds a clear vision and statement. It is yet to be ‘politically ratified’ and adopted as a key core policy by Allies. Its raison d’être as stated is “to enhance the co-operative Cyber-Defence capability of NATO and NATO nations, thus improving the Alliance’s interoperability in the field of cooperative Cyber-Defence”, therefore reflecting on the key core elements to counter hybrid threats and be constantly resilience to strategic requests and needs. The vision is for the CCDCOE to become “a special-ized and expertise centre for NATO in cooperative cyber-defence55.
The domain of the cooperative cyber defense center in the framework of coopera-tive security within NATO, focusses in the fields of research which include:
“Legal and Policy elements
Concepts and Strategy
Critical Information Infrastructure Protection” 56
The Centre’s core policy created an outcome of research and policy-orientation, as already analysed. It was presented primarily as a first outcome, then accepted by the Supreme Commander Allied Command Transformation (SACT), deriving from a request of NATO HQ (Head Quarters) and by the North Atlantic Council (NAC) level. This included: Doctrine and Concept Development, Awareness and Training, Research and Development Analysis and Lessons learned and finally Consultation. Now we are at the stage of Heads of State agreement as policy and action reflecting key core policy of NATO resilience to counter emerging chal-lenges. Procedure that will be discussed, negotiated and agreed upon by consensus by the Allies in Warsaw.
NATO Approaches Issues Relevant to Cyber-Security
For the concept of Cyber-Defence, the Centre for Excellence in Tallinn continues to portray and project NATOs need for a methodological cyber-resilience policy. If agreed, at the upcoming NATOs Warsaw Summit, Cyber-security will become NATOs core policy. It will be an integral part of Smart Defence in the hope to enhance the cooperative defence system.
The ideology and methodology behind the policy recommendations is not a new one. As example by February 6th and 7th 2009, NATO’s Science for Peace and
Security (SPS), sponsored a workshop. It foresighted a similar argument which we also recommend in our paper, that Cyber-security approach and cyber-defence is and should become a core policy of resilience at NATO.
The workshop titled ‘Operational Network Intelligence: Today and tomorrow’ aimed at adaptation knowledge procedures considering the evolving and fast growing technology. Its overall purpose was “to rethink present strategies and identify urgent measures to be taken in order to minimize the strategic and eco-nomic impacts of cyber-attacks”57. This was the level of anticipation at the time; considering future correlation of Smart-Defence with the policy of Cyber-defence at its core.
Today, considering both the risk assessments on hybrid threats and challenges58 but also the need for better civil awareness and readiness, at a time of much need-ed cooperative defence, Allies, have to decide for a robust long-term planning strategy and operations of NATO. Keeping in mind the need for strong success in field operations, including success in and at a multi-dimensional level of opera-tions against all threats.
NATO increasingly recognizes that organized cyber-attacks seek to take ad-vantage of ‘gaps’ in the ‘system social and market matrix’. Therefore it should be a request from member states to examine the increasing need for co-ordination of human factors related to the issues of electronic warfare, operational network, in-telligence and Cyber-Defence, whether for training, scientific exchange and or operations.
NATO is currently aiming to involve experts in e-systems, security, IT engineers, researches, officers dealing with network operations and operational centres as well as professionals and academics. Specialists in the field on both strategic and tactical levels should be systematically involved at organized levels of research, sharing, discussion and dissemination of outcomes, which will in turn enrich the abilities, capabilities and capacities of rendering current smart-defence and cyber-defence as a key and successful resilient and collaborative defence policy to NATO.
NATO’s level of ambition considering a much needed resilient policy in Cyber-Defence should be decided upon the Warsaw Summit of 2016. Specialized policy against hybrid threats should be adopted. A specialized commitment of Allies to share information and simplify procedures for cooperation with cyber-companies in electronic warfare should increase.
NATO could do more at a strategic level by:
1) Sharing concrete information on security led affairs of Cyber-defence within and among member states but also with non-NATO members.
2) NATO should enhance global cooperation with non-member states in the field of electronic security and safety, as there is an increasing of coopera-tion level, such as the United Arab Emirates59.
3) Allies at the upcoming Warsaw summit meeting in July 2016, should jointly agree on a robust and resilient Cyber-Defense Policy; in which CCDCOE should stand out as a tool for NCIA cooperation methodology for smart defence achievement.
4) NATO should hold a clear budget on smart defence, based on the techno-logical necessities that allow lower but shared budgets for the long-term and a policy of cyber-defence that looks operationally viable and globally market-oriented.
5) NATO should reach out for interoperability levels for NATO forces 2020 Smart Defense standards as well for Cyber-Defense.
6) Through joined co-operation at the level of electronic-warfare prevention, detection and reaction to attacks towards member allied states, the duplica-tion of efforts by nations can be avoided.
7) Legally, cyber-resilience can be achieved through clarification of what constitutes an e-crime or e-terrorist attack. It should be clarified if not yet done so and adopted not only by Allies but proposed at the level of the United Nations for universal adaptation.
8) The capability or capacity for NATO to operate at an e-world should be clarified. Under which conditions and under which crisis situations and most importantly with what tools and infrastructures.
It is crucial for NATO to achieve interoperability of force command and struc-tures through a methodological application.
Tactically, NATO needs to do the following:
1. Adopt a operational policy procedure reflecting hybrid threats in a Cyber-environment.
2. Tactically align new policies with regulatory agreements based on NATO regulatory and strategic rules, relating to defence clauses and rules of en-gagement.
3. An assessment on future warfare should be considered and agreed upon.
4. A foresight agency which provides prime information on constantly evolv-ing technology, robotics and smart attackers should be created.
5. As NATO holds a joined center for warfare so should NATO be proposed to have a cyber-resilient military operational command and control centre on electronic warfare it will apply current rules and regulations, consult the CCDCOE, and provide a time action plan for a hybrid threat assess-ment accreditation on Cyber-NATO standards.
6. NATO should allow for alliance progress through resilience on all opera-tional levels which involve the creation of interoperable cybernetic com-mand structure and technologically agile forces for all levels of ‘analogical and digital’ engagement of forces in electronic warfare.
7. NATO should enhance its national protection plan of major infrastructure through a complete and jointly by consensus agreed cooperation of nation-al states.
8. NATO base infrastructures, should be resilient and be constantly ready-protected from possible fraudulent attacks.
In conclusion, the main aim of this paper was to project the importance of cyber-resilience at a time of NATOs strategic evaluation. The aim was to methodologi-cally approach how to integrate NATOs collective defense, through cyber-defense policy, to the 21st challenges and threats.
In anticipating the outcomes of the upcoming Warsaw summit meeting in July 2016, NATOs resilience policy, if adopted to become an integral part in cyber-defense as well, will constitute a methodological and strategic step forward for NATO. NATO’s smart defense and collective defense overall will have to be reexamined to meet the high expected standards of security. It will create a new standardized form of procedures, adaptable to the reality of risk hybrid assess-ments and threats as analyzed in the paper. NATO will be able to afford flexible strategic and operational forces agile and technologically advanced.
The creation of a concept and later policy of Cyber-Defense, the inauguration of the Centre of Excellence for Cyber-Defence in Tallinn Estonia, provided an early impetus for future operations but also administrative and operational upgrading in the field of today’s smart defence policy a result of the renewed strategic concept.
Cyber-defense is a policy within the framework of NATO. Yet is not a key core policy just yet until the final results of the Warsaw Summit meeting.
This article aimed to show why cyber-defence should become a core policy for resilience at NATO. The article conceptualized from a strategic and policy con-centration. It analyzed the policy of smart-defence, cooperative defense, cyber-security, hybrid threats and crisis management and communication among others. It examined strategically overviewing current past current and future events to come. It assessed and concluded that there is a growing necessity for constant pro-tection against current of future challenges and threats which are now multidi-mensional and as such NATO should be adaptable at all times.
The policy of Cyber-Defence through the prism of Smart Defence allows for a truly and united allied effective engagement; an engagement that should be opera-tionally resilient in military operating environments at all levels. On the way to adapt to the cyber-realities of the internet of all things, NATO should adopt a le-gal and political framework, a tactical and operational framework in a methodo-logical easily adaptable way that competes the current and future as we referred to hybrid challenges and threats. Any decision made at the level of Heads of State and Government should include the legal element of operation. As Cyber-threats are borderless so should NATO work as an operational and capacity building or-ganization that does more to provide effective crisis management solutions through a wide-range of nations cooperations which are NATO and non-NATO members, when national and supranational security of allies is or may be com-promised.
This paper provided the reader with updated information on Cyber-Defense poli-cy, Smart Defense and NATOs expectations for a resilient strategy and made a number of policy recommendations for both strategic and tactical considerations on future capacity management building, administrative decision-training and making, limiting fiscal costs, levelling operational methods in cyber-defense in current or future networked operations.
• NATO’s Smart Defense policy: Smart Defence is a cooperative way of thinking about generating the modern defence capabilities that the Alli-
ance needs for the future http://www.nato.int/cps/en/natohq/topics_84268.htm [seen on April 26th 2016].
• NATO Warsaw Summit 8 & 9 July 2016: http://www.msz.gov.pl/en/foreign_policy/nato_2016/ [seen on April 22nd
• NATO Review, NATO Defense and Cyber-Resilience http://www.nato.int/docu/review/2016/Also-in-2016/nato-defence-cyber-resilience/EN/ [assessed April 230th 2016].
• Efthymiopulos Marios P (2013), in (Carayannis et all), NATO’s Cyber-Security Policy, Chapter in Cyber-Development, Cyber-Democracy and Cyber-Defense, London, New York Published by Springer.
• Franklin D. Kramer, Hans Binnendijk, and Daniel S. Hamilton, (2016),
NATO’s New Strategy: Stability Generation, Washington D.C., Published by the Atlantic Council of the USA, Brent Scrowcroft Center on Interna-tional Security.
• Efthymiopoulos, M. P., (2008), JIW Vol. 8, Issue 3, (Journal of Infor-mation Warfare), NATO’s Security Operations in Electronic Warfare: The
Policy of Cyber-Defense and the Alliance New Strategic Concept, Aus-tralia, http://www.jinfowar.com/.
• NATO’s Cyber-Defense Policy (2011), http://www.nato.int/cps/en/natolive/topics_78170.htm.
• NATO Cyber-Defence Centre for Excellence, https://www.ccdcoe.org/.
• Hughes. R. B. (2009) Atlantisch Perspectief,.Ap:2009 Nr. 1/4, NATO and Cyber-Defense: Mission Accomplished, Netherlands, Netherlands Atlantic Committee.
• Sendmeyer S. A. (Maj), (2010) August, NATO Strategy & Out-of-Area Operations, School of Advanced Military Studies, US Army Command & General Staff College, http://www.hsdl.org/?view&did=713508.
• NATO (2008), Briefing on Transforming Allied Forces for Current and Future Operations, NATO Public Diplomacy Division, Brussels.
• Scheherazade Rehman, (2013) January, Estonia’s Lessons in Cyber War-fare, US News, http://www.usnews.com/opinion/blogs/world-report/2013/01/14/estonia-shows-how-to-build-a-defense-against-cyberwarfare.
• NATO Chicago Summit: http://www.chicagonato.org/ May 20 & 21 2012.
• Wales Summit 4 September 2014, http://www.nato.int/cps/en/natohq/events_112136.htm [seen May 1st
• Chicago Council on Global Affairs, (2012), Conference: Smart Defence and the Future of NATO, Can the Alliance Meet the Challenges of the 21st
Century, March 28-30 2012 Chicago Illinois, USA.
• NATO, (2016), Operations and Missions: Past and Present, http://www.nato.int/cps/en/natohq/topics_52060.htm [seen May 4t] 2016.
• Efthymiopoulos, M. P. (2008), NATO in the 21st century: The need for a renewed Strategic Concept and the ever Lasting NATO-Russia relations, Athens, Thessaloniki, Published by Sakkoulas A.E. (in Greek).
• NATO (1949), NATO Treaty: Basic Document of the Treaty: http://www.nato.int/docu/basictxt/treaty.htm#Art05.
• NATO, (2002), Prague Summit, http://www.nato.int/docu/comm/2002/0211-prague/ [assessed May 4th 2016].
NATO (1999), Operation Allied Force on Kosovo: http://www.nato.int/issues/kosovo_air/index.html.
• Brookings Institution (2009), Afghanistan: The Taliban Resurgent and NATO, Published by Brookings Institution, March 31 2009: http://www.brookings.edu/opinions/2006/1128globalgovernance_riedel.as px
• NATO (2001), International Security Assistance Force (ISAF): http://www.nato.int/isaf/index.html.
• NATO (2001), Information on immediate NATO reaction: http://www.nato.int/docu/update/2001/0910/index-e.htm.
• BBC, (2014), Crimea Profile, http://www.bbc.com/news/world-europe-18287223 [seen May 10 2016].
• Reuters, (2016), US activates Romanian Missile Defense http://www.reuters.com/article/us-nato-shield-idUSKCN0Y30JX [seen May 12 2016].
• New York Times, “Russia calls new US Missile Defense system a direct threat”,
http://www.nytimes.com/2016/05/13/world/europe/russia-nato-us-romania-missile-defense.html, [seen May 5th 2016].
• US Homeland Security Committee, (2015), Syrian Refugee flows, Security Risks and
https://homeland.house.gov/wpcontent/uploads/2015/11/HomelandSecurit yCommittee_Syrian_Refugee_Report.pdf [seen May 5 2016].
• The International Consortium of Investigative Journalists (ICJ), https://panamapapers.icij.org/ [seen May 12 2016].
• NATO Review, Hybrid War, Does it Even Exists? http://www.nato.int/docu/Review/2015/Also-in-2015/hybrid-modern-future-warfare-russia-ukraine/EN/index.htm [seen May 2 2016].
• Cyber-Policy in Estonia: http://www.nato.int/cps/en/natolive/75747.htm.
• NATO Cooperative Cyber Defense Centre of Excellence, https://ccdcoe.org/ [May 1st 2016].
• National Cyber-Security Framework, (2012) NATO Science for Peace Program, https://ccdcoe.org/publications/books/NationalCyberSecurityFrameworkM anual.pdf [seen May 14 2016].
• CCDCOE, (2016), International Norms of Cyber-Security, https://ccdcoe.org/international-cyber-norms-analysed-new-book.html [seen May 12] 2016.
• NATO Communication and Information Agency (NCIA), https://www.ncia.nato.int/Pages/homepage.aspx [seen May 2nd 2016].
• NATO Defence Ministers Meeting (2007), Informal Meeting of NATO De-
fence Ministers: http://www.nato.int/docu/comm/2007/0710-
• NATO (2008), CCDCOE, URL: from: http://www.ccdcoe.org/11.html.
• NATO NC3A (2002), NC3A Agency, URL: http://www.nc3a.nato.int/Pages/Home.aspx.
• NATO’s Cyber-Defence policy, (2008d), Defending against cyber-attacks, Focus Areas: http://www.ccdcoe.org/37.html.
• NATO (2009), A Road Map to the Strategic Concept of NATO: http://www.nato.int/strategic-concept/index.html.
• NATO (2008), NATO Defence Against Cyber Attacks: http://www.nato.int/issues/cyber_defence/practice.html.
• CCDCOE, (2016), Greece, Turkey and Finland to join the CCDCOE, https://ccdcoe.org/greece-turkey-and-finland-join-nato-cooperative-cyber-defence-centre-excellence.html.
• CCDCOE, Training Catalogue, https://ccdcoe.org/sites/default/files/documents/Training_Catalogue_2016. pdf.
• NATO (2009), SPS workshop rethinks approaches to cyber security: http://www.nato.int/docu/update/2009/02-february/e0206a.html.
• John R. Davis Jr. Major, (2015) Joined Warfare Center, “Continued Evo-lution of Hybrid Threats”, Three Sword Magazine, 28/2015, http://www.jwc.nato.int/images/stories/threeswords/CONTINUED_EVOL UTION_OF_HYBRID_THREATS.pdf [seen may 12 2016].
Photo Source: http://www.nato.int