PESCO’s cyber ambition as a way towards strengthened EU-NATO cooperation [comment by Faustine Felici]

PESCO’s cyber ambition as a way towards strengthened EU-NATO cooperation

’Today, a cyber-attack can be as destructive as a conventional attack, and practically every conflict has a cyber dimension‘.[1],Building upon these words of Jens Stoltenberg, Secretary-General of NATO, defence actors all over the globe scale up their security and defence policy and develop capabilities to quickly counter cyber-attacks. However, nowadays this is often not enough, and cooperation at a larger scale is needed.

The context

This is a fact: cyber-attacks are on the rise, and the response time to these incidents is key to keeping the consequences down. Rapid reaction forces have thus been established within most governmental and intergovernmental structures.


  • In 2011, NATO established Cyber Rapid Reaction Teams (RRTs) within the NATO Computer Incident Response Capability (NCIRC). Based on the principle of mutual assistance and collective defence, the primary task of RRTs is to respond to computer incidents affecting NATO’s own capabilities. However, as agreed during the Wales Summit and reflected in the Enhanced Cyber Defence Policy (ECDP), RRTs may be deployed to assist NATO members and partners in defending their critical networks, in particular, those considered vital for the Alliance’s operations.


  • In the EU, the Permanent Structured Cooperation on Defence (PESCO) entails a recent but nonetheless valuable example of cooperation in the cyber field. One of the first 17 collaborative PESCO projects is the establishment of Cyber Rapid Response Teams (CRRTs) and Mutual Assistance in Cyber Security. Lithuania has taken the lead of the project and foresees civil-military capabilities pooling national experts from the participating states, proceeding on a rotational basis to ensure a higher level of cyber resilience and response to cyber incidents. The assistance of CRRTs will be granted to EU Member States, institutions and, eventually, partners. Nine countries, including Poland, expressed their willingness to take part in the project.[2],As cyber threats nowadays transcend country boundaries, response teams follow the same path. Regional teams, gathering more resources and expertise than national response teams, are quicker in determining the scale of the attack and more efficient in addressing the breaches. Thus, the broader the cooperation, the more effective the Cyber Response Force.In this regard, the PESCO cyber initiative is laudable, but involves a risk of remaining a duplicate of NATO’s work, or even of being counterproductive. In order to avoid this, further clarifications and steps regarding NATO-EU should be considered.Recommendations
    • Reinforce the cooperation between EU and NATO in managing Cyber Rapid Responses capacities

    As emphasised in July 2018 NATO’s Summit declaration, the cooperation between NATO and the EU is particularly important in face of common security challenges. The commitment to further strengthen this strategic partnership should be translated into practice, especially in cyberspace. Bringing teams closer and increasing their level of cooperation is crucial to building an effective response to cyber-attacks. Given that ’military capacities developed within PESCO remain in the hands of Member States that can also make them available in other contexts such as NATO or the UN’[3], teams can be led to work together, which will only reinforce them, and as such, should be encouraged. Building upon the 2016 Technical Arrangement on mutual cooperation and exchange of information and sharing best practices in the area of cyber defence, signed between NCIRC and CERT.EU, further information exchange and share of best practices between response teams should take place. When operational, EU’s CRRTs should also participate in the Locked Shield exercise along with NATO and national teams.

    • Promote the establishment of CRRTs at a national level

    Since two layers of protection are better than one, establishing rapid cyber response teams at a national level seems desirable. As underlined in the 2018 EU Capability Development Plan, enabling capabilities for cyber response operations is a priority. National CRRTs could take the form of a team, built within CSIRTs, and consist of people dedicated to and trained for rapid action. The same people would be seconded to PESCO’s CRRTs when needed. In addition, keeping in mind that critical infrastructure is a frequent target of cyber threats due to its crucial role in state security and well-being, it is necessary to dedicate particular attention to them. Building upon the idea of mobile Incident Response Teams developed during the CYBERSEC 2017 European Cybersecurity Forum[4],, the primary purpose of national CRRTs should be to provide, upon request, technical support to critical infrastructure operators in case of a serious, large-scale cyber incident.

    A comment by Commander Wiesław Goździewicz, Legal Adviser to the NATO Joint Force Training Centre in Bydgoszcz – Poland:

    NATO-EU cooperation is a showcase of long-standing fruitful relationship. The 2002 NATO-EU Declaration on a European Security and Defence Policy has defined the NATO-EU relationship as a strategic partnership. NATO and EU share strategic interests and face the same security challenges in the east and south. They also share a majority of members and have common values. NATO and the EU can and should play complementary and mutually reinforcing roles in supporting international peace and security. As stated in the Joint Declaration signed during the 2016 Warsaw Summit by the President of the European Council, the President of the European Commission, and the Secretary General of NATO, in the nearest future the focus of NATO-EU cooperation will be on: boosting the ability to counter hybrid threats, to include intelligence sharing; broadening operational cooperation, including maritime situational awareness; developing complementary defence capabilities; deepening cooperation between defence industries and facilitating shared research and development programmes; expanding coordination on cyber security and defence, in missions and operations, education training and exercises  as well as daily functioning of the organisations.

    In the 2017 iteration of NATO’s Crisis Management Exercise (CMX), the EU participated fully for the first time, enabling both organisations to assess the complementarity of their respective crisis response systems, and cyber incidents were a major component of the crisis replicated in CMX-17. EU representatives took part (partially as observers, partially as active participants) in both Locked Shields and Cyber Coalition exercises.

    As already suggested by the Kościuszko Institute [5], cooperation between NATO and EU should be continued and enhanced, and progress in cooperative initiatives should be reviewed, to ensure that they are properly implemented’.

    Author: Faustine Felici – CYBERSEC Project Manager


    [1] Jens Stoltenberg, Why cyber space matters as much to NATO as land, sea and air defence, Financial Times, 12.07.2018.

    [2] Lithuania, Estonia, Croatia, the Netherlands, Romania and Spain signed a declaration of intent. Finland, France and Poland are expected to sign it later, when national procedures will be completed. Bulgaria is said to have expressed the willingness to join, though unofficially.

    [3] PESCO Factsheet, p.4.


    [5] 2018 NATO Summit in cyber context