NATO Agrees to Create Cyber Defence Management Authority

The North Atlantic Treaty Organisation has finally gotten around to finalizing plans for fighting cyber-attacks against its members. It has committed to creating a cyber-defence command to shield allies against crippling online assaults on national infrastructures. This group is named the Cyber Defence Management Authority and will function by co-ordinating NATO member defenses from a central command, according to the NATO summit in Bucharest. Leading the new cadre will be Major General Georges D'hollander, already chief of the NATO agency of cyber-defence. This move shifts strategy away from NATO's normal policy of stressing defense of its own internal systems, by employing the NATO Computer Incident Response Capability (NCIRC) unit. The meeting released the “Bucharest Final Declaration” on cyber defense, which reads: "NATO remains committed to strengthening key Alliance information systems against cyber attacks. We have recently adopted a Policy on Cyber Defence, and are developing the structures and authorities to carry it out. We look forward to continuing the development of NATO's cyber defence capabilities and strengthening the linkages between NATO and national authorities." One reason NATO leaders agreed to a common policy on cyber defense at the Bucharest summit is to create a command center to coordinate NATO's "political and technical" reactions to cyber attacks. NATO decided to act after the troubling Internet attack launched on NATO member Estonia in spring 2007, which had apparent political and military motivations, and threatened to take down entire economic sectors. Such massive distributed denial-of-service attacks (DOS) are fairly easy to launch and can create massive damage and chaos. The Net incursion occurred immediately after Estonia relocated a Red Army soldier statue to the Estonian capital Tallinn. The cyber-attack targetted key public and private infrastructures such as banks and telecom servers. It was a simultaneous blast from thousands of computers delivered to the same Estonian servers which resulted in crippling essential services based on the Internet, such as payment of salaries. The Brussels-based CDMA will augment member cyber-defences by reinforcing national systems and creating new lines of communication and developing strategies for future threats. In a show of support, a “Center of Excellence” for training cyber-defense professionals will be set up in Estonia, educating NATO's extensive civilian and military staff. A NATO spokesman spoke abut the new team, saying "It has become clear that the challenge we face has become quite significant and needs a more comprehensive approach. We need to be ahead of the bad guys; the threat can come from many sources: cybercrime, cyberterrorism or state activity." The legal warrant for the new group springs exclusively from Article 4 of the North Atlantic Treaty. This is a very important fact. It means that members will "consult together" in case of cyber attacks, but are not duty bound to aid each other as described in Article 5 of the Treaty. The EU communicated full support for the new group. Martin Selmayr, spokesperson for EU Information Society Commissioner Viviane Reding, made clear the EU welcomed the goals of the new cadre, and will support every initiative drafted to defend security of state networks. Selmayr claimed the Commission's goal is to strengthen existing EU agency which is dedicated to telecommunications security, named the European Network and Information Security Agency (ENISA), based in Crete. Selmayr said, "We need a rapid reaction force. What ENISA is doing now is sitting around a table and drafting reports. They are very accurate but this is not enough. We need a body that operationally deals with the security.” The move by NATO will be welcomed by Washington, as the Bush administration is now lobbying Congress to earmark $6 billion for cyber security in 2008, according to the Wall Street Journal.