’Today, a cyber-attack can be as destructive as a conventional attack, and practically every conflict has a cyber dimension‘.,Building upon these words of Jens Stoltenberg, Secretary-General of NATO, defence actors all over the globe scale up their security and defence policy and develop capabilities to quickly counter cyber-attacks. However, nowadays this is often not enough, and cooperation at a larger scale is needed.
This is a fact: cyber-attacks are on the rise, and the response time to these incidents is key to keeping the consequences down. Rapid reaction forces have thus been established within most governmental and intergovernmental structures.
As emphasised in July 2018 NATO’s Summit declaration, the cooperation between NATO and the EU is particularly important in face of common security challenges. The commitment to further strengthen this strategic partnership should be translated into practice, especially in cyberspace. Bringing teams closer and increasing their level of cooperation is crucial to building an effective response to cyber-attacks. Given that ’military capacities developed within PESCO remain in the hands of Member States that can also make them available in other contexts such as NATO or the UN’, teams can be led to work together, which will only reinforce them, and as such, should be encouraged. Building upon the 2016 Technical Arrangement on mutual cooperation and exchange of information and sharing best practices in the area of cyber defence, signed between NCIRC and CERT.EU, further information exchange and share of best practices between response teams should take place. When operational, EU’s CRRTs should also participate in the Locked Shield exercise along with NATO and national teams.
Since two layers of protection are better than one, establishing rapid cyber response teams at a national level seems desirable. As underlined in the 2018 EU Capability Development Plan, enabling capabilities for cyber response operations is a priority. National CRRTs could take the form of a team, built within CSIRTs, and consist of people dedicated to and trained for rapid action. The same people would be seconded to PESCO’s CRRTs when needed. In addition, keeping in mind that critical infrastructure is a frequent target of cyber threats due to its crucial role in state security and well-being, it is necessary to dedicate particular attention to them. Building upon the idea of mobile Incident Response Teams developed during the CYBERSEC 2017 European Cybersecurity Forum,, the primary purpose of national CRRTs should be to provide, upon request, technical support to critical infrastructure operators in case of a serious, large-scale cyber incident.
’NATO-EU cooperation is a showcase of long-standing fruitful relationship. The 2002 NATO-EU Declaration on a European Security and Defence Policy has defined the NATO-EU relationship as a strategic partnership. NATO and EU share strategic interests and face the same security challenges in the east and south. They also share a majority of members and have common values. NATO and the EU can and should play complementary and mutually reinforcing roles in supporting international peace and security. As stated in the Joint Declaration signed during the 2016 Warsaw Summit by the President of the European Council, the President of the European Commission, and the Secretary General of NATO, in the nearest future the focus of NATO-EU cooperation will be on: boosting the ability to counter hybrid threats, to include intelligence sharing; broadening operational cooperation, including maritime situational awareness; developing complementary defence capabilities; deepening cooperation between defence industries and facilitating shared research and development programmes; expanding coordination on cyber security and defence, in missions and operations, education training and exercises as well as daily functioning of the organisations.
In the 2017 iteration of NATO’s Crisis Management Exercise (CMX), the EU participated fully for the first time, enabling both organisations to assess the complementarity of their respective crisis response systems, and cyber incidents were a major component of the crisis replicated in CMX-17. EU representatives took part (partially as observers, partially as active participants) in both Locked Shields and Cyber Coalition exercises.
As already suggested by the Kościuszko Institute , cooperation between NATO and EU should be continued and enhanced, and progress in cooperative initiatives should be reviewed, to ensure that they are properly implemented’.
Author: Faustine Felici – CYBERSEC Project Manager
 Jens Stoltenberg, Why cyber space matters as much to NATO as land, sea and air defence, Financial Times, 12.07.2018.
 Lithuania, Estonia, Croatia, the Netherlands, Romania and Spain signed a declaration of intent. Finland, France and Poland are expected to sign it later, when national procedures will be completed. Bulgaria is said to have expressed the willingness to join, though unofficially.
 PESCO Factsheet, p.4.
 See CYBERSEC 2017 RECOMMENDATIONS: WE NEED TO RAMP UP INVESTMENTS IN CYBERSECURITY