Skip to main content


Cyber Defence

This LibGuide is intended to provide a few starting points to assist you with your research on issues related to cyber defence, in particular within the NATO context


"We have also decided that a cyber attack can trigger Article 5 and we have also decided and we are in the process of establishing cyber as a military domain meaning that we will have land, air, sea and cyber as military domains. All of this highlights the advantage of being an alliance of 29 allies because we can work together, strengthen each other and and learn from each other." - NATO Secretary General Jens Stoltenberg, ahead of a meeting of NATO Defence Ministers (28 June 2017).

 "Today, NATO has three key roles to play in cyberspace. To drive progress across the Alliance. To act as a hub for information sharing, training and expertise. And to protect our networks."  - Speech by NATO Secretary General Jens Stoltenberg at the Cyber Defence Pledge Conference (15 May 2018)

NATO's Cyber History

From the NATO Topic page:

  • Cyber defence is part of NATO’s core task of collective defence.
  • NATO has affirmed that international law applies in cyberspace.
  • NATO is responsible for the protection of its own networks.
  • In July 2016, Allies reaffirmed NATO’s defensive mandate and recognised cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea.
  • Allies also made a Cyber Defence Pledge in July 2016 to enhance their cyber defences, as a matter of priority.
  • Allies are and remain responsible for the protection of their national networks, which need to be compatible with NATO’s and with each other’s.
  • NATO reinforces its capabilities for cyber education, training and exercises.
  • Allies are committed to enhancing information-sharing and mutual assistance in preventing, mitigating and recovering from cyber attacks.
  • NATO signed a Technical Arrangement on cyber defence cooperation with the European Union (EU) in February 2016. In light of common challenges, NATO and the EU are strengthening their cooperation on cyber defence, notably in the areas of information exchange, training, research and exercises.
  • NATO is intensifying its cooperation with industry, via the NATO Industry Cyber Partnership.

"NATO was one of the first to announce a cyber defense policy package in response to cyber attacks against Estonia in 2007" (from a dissertation published by Tartu University Press in 2011, Comprehensive legal approach to cyber security by Eneken Tikk).

NATO drafted a NATO Cyber Defense Policy in 2007 and a NATO Cyber Defense Concept in 2008, both documents with restricted access. In the NATO Bucharest Summit Declaration (April 2008), the Heads of State and Government adopted a Policy on Cyber Defence (see para. 47). This summit prompted the creation of two new NATO divisions focused on cyber-attacks:

- on the operational level, the creation of the Cyber Defence Management Authority (CDMA) in Brussels, with the sole responsibility for coordinating cyberdefence throughout NATO Headquarters and its associated commands and agencies (Source: Defending against cyber attacks 2009-2014)

- the establishment of the Cooperative Cyber Defence (CCD) Centre of Excellence (CoE) in Tallinn, Estonia (May 2008).

On 7 February 2010, NATO nations met to boost cooperation on cyber defence through multinational projects. The session was a follow-up to the Lisbon Summit and a high-level cyber defence meeting held at NATO Headquarters on 25 January 2011. On 27 February 2011 General Stéphane Abrial outlined NATO's cyberdefense efforts since the adoption of the New Strategic Concept in the New York Times op-ed NATO Builds Its Cyberdefenses. Establishing multi-national efforts in Cyber Defence will further enhance their cyber defence capabilities in a collaborative, cost-effective manner.

On June 8, 2011 NATO Defence Ministers adopted a new cyber defence policy. The policy focused on prevention of cyber attacks and building resilience. The policy clarified political and operational mechanisms of NATO’s response to cyber attack and integrated cyber defence into NATO’s Defence Planning Process.

According to Colonel Ilmar Tamm, Director of the NATO Cooperative Cyber Defence Centre of Excellence from 2008-2012:

"...the North Atlantic Treaty Organisation cooperative cyber defence centre of excellence – or NATO CCD COE - is sponsoring and actively participating in the writing of the manual on international law applicable to cyber-warfare – or MILCW. This is expected to be published by the end of 2012. The manual is meant to address all the legal issues under a framework of both international use-of-force law and international humanitarian law. In addition, it examines related problems such as sovereignty, state responsibility and neutrality. We are confident that this manual will help the international community answer many unanswered questions, especially those regarding retaliation." (Source)

The NATO Rapid Reaction Team consisting of NATO cyber defence experts was operational in 2012. "The RRT capability will consist of a permanent core of six specialised experts who can coordinate and execute RRT missions. There will also be national or NATO experts in specific areas. Their numbers and profile will be determined on the basis of the mission to be carried out." (Source)

"And NATO is not immune. in 2012 alone, NATO's systems suffered over 2,500 significant cyber attacks" said NATO Secretary General Anders Fogh Rasmussen (The history of cyber attacks - a timeline - Nato, NATO Review magazine, October 2013).

In March 2013, five NATO countries (Canada, Denmark, the Netherlands, Norway and Romania) agreed to collaborate on the “Multinational Cyber Defence Capability Development Project". The countries will "improve the sharing of technical information; shared awareness of threats; and develop advanced cyberdefense sensors." (Source)

In their first-ever meeting dedicated to cyber defence on 4 June 2013, NATO Defence Ministers agreed that the Alliance’s cyber-defence capability should be fully operational by the autumn 2013, extending protection to all the networks owned and operated by the Alliance. The NATO Secretary General said: “Cyber attacks do not stop at national borders. Our defences should not, either.” (Defence Ministers make progress on cyber protection, 4 June 2013)

In 2013 was published the Tallinn Manual on the International Law Applicable to Cyber Warfare. This 300-page manual was written by a group of 20 researchers at the invitation of NATO's Cooperative Cyber Defense Center of Excellence in Tallinn, Estonia.

"Scholars involved in a project sponsored by NATO’s Cooperative Cyber Defence Centre of Excellence in Tallinn will meet in February 2014 to consider what options governments have, under international law, to respond to cyberattacks from other countries." The project, called the Tallinn Manual 2.0, is due to be published in 2016 and is a follow-up to the 2012 Tallinn Manual. (Source: "NATO-backed Project Explores Legal Options To Respond to Cyberattacks" in Defense News, 23 January 2014).

In order to keep abreast with the rapidly changing threat landscape and maintain a robust cyber defence, NATO has adopted a new enhanced policy, which was endorsed by Allied defence ministers in June 2014. The policy establishes that cyber defence is part of the Alliance’s core task of collective defence, confirms that international law applies in cyberspace and intensifies NATO’s cooperation with industry. The top priority is the protection of the communication systems owned and operated by the Alliance.

The new policy also reflects Allied decisions on issues such as streamlined cyber defence governance, procedures for assistance to Allied nations, and the integration of cyber defence into operational planning (including civil emergency planning). Further, the policy defines ways to take awareness, education, training and exercise activities forward, and encourages further progress in various cooperation initiatives, including those with partner countries and international organisations. It also foresees boosting NATO’s cooperation with industry based on information sharing and cooperative supply chain management.

The growing sophistication of cyber attacks makes the protection of the Alliance’s communications and information systems (CIS) an urgent task. This objective has been recognized as a priority in NATO’s Strategic Concept, and has been reiterated in the two most recent Summit Declarations (Chicago in 2012, art. 49 - and Wales, art. 72 &73 in 2014).

From 18 to 20 November 2014, the Exercise Cyber Coalition 2014 (Ex CC14) took place in Tartu, Estonia. It is one of the largest exercises of its kind in the world. It is designed to test the ability of NATO, Allies and Partners to collectively and rapidly respond to a mass cyber attack - hence the name 'Cyber Coalition'. (Sources: SHAPE and NCI Agency)

On 21 November 2014, Secretary General Stoltenberg stated: "Cyber is Part of NATO Collective Defence" (CCD COE).

In 2015, a team of NATO cyber defenders from the NATO Computer Incident Response Capability (NCIRC), based in Mons Belgium, won the largest international cyber defence exercise Locked Shields 2015’, which concluded on 24 April in Estonia.(NATO Team Tops Cyber Exercise, 24 April 2015).

7th Conference on Cyber Conflict, CyCon 2015: 26-29 May 2015.

Cyber Coalition 2015” exercise took place on 16-20 November 2015 at the Alliance’s Cyber Range in Tartu, Estonia and at locations in other participating nations. The five-day training event tested the ability of Allies and partners to defend their networks from a series of complex security challenges. (Experts put to the test during NATO’s largest annual cyber defence exercise, 18 November 2015)


There is regular cooperation between the EU and NATO experts.

On 10 February 2016, a Technical Arrangement on Cyber Defence was concluded between the NATO Computer Incident Response Capability (NCIRC at SHAPE - a team of 200 experts) and the Computer Emergency Response Team of the European Union (CERT-EU). The Technical Arrangement provides a framework for exchanging information and sharing best practices between emergency response teams. On 6 July 2016, the European Parliament's plenary adopted the Directive on Security of Network and Information Systems  (the 'NIS Directive'), which represents the first EU-wide rules on cybersecurity.

On 14 June 2016, Defence Ministers endorsed the recognition of cyberspace as a domain at the upcoming Warsaw Summit. In a Press conference following the North Atlantic Council meeting, NATO Secretary General added: "Cyber defence is part of collective defence".

In July 2016, NATO leaders adopted a Cyber Defence Pledge at the NATO Summit in Warsaw and underlined their commitment to enhance and strengthen the cyber defences of national infrastructures and networks as a matter of priority. On 8 July, NATO Secretary General Jens Stoltenberg published an opinion piece: "NATO and Cyber: Time to Raise our Game" (DefenseNews, 8 July 2016). At the Warsaw Summit in July 2016, Allies also recognised cyber defence as a new operational domain, to enable better protection of networks, missions and operations (NATO Collective Defence topic page)

On 17 October 2016, NATO Allied Command Transformation and the NATO Communications and Information Agency launched an independent research project to examine ways to streamline NATO’s cyber capability development and acquisition processes. Final report is expected in January 2017 (see also SIGNAL, 18 Oct 2016). Further information about this project can be found here.

From 21 November to 2 December 2016, NATO trains Iraqi experts in cyber defence. This course was supported by the Science for Peace and security (SPS) Programme.

On 2 December 2016, NATO holds annual cyber exercise in Estonia: the Cyber Coalition 2016.

Acting on the decisions adopted by the Heads of State and Government at the NATO Summit in Warsaw, the NATO Ministers of Foreign Affairs decided on 6 December 2016 to endorse over 40 proposals to deepen NATO-EU cooperation in concrete areas, including cyber security and defence (Statement on the implementation of the Joint Declaration signed by the President of the European Council, the President of the European Commission, and the Secretary General of the North Atlantic Treaty Organization)

In the Secretary General's Annual Report published on 13 March 2017, Jens Stoltenberg lists the important achievements which occurred in 2016 (p. 26).

Authored by nineteen international law experts, the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations”, the updated and considerably expanded second edition of the 2013 “Tallinn Manual on the International Law Applicable to Cyber Warfare”, is an influential resource for legal advisers dealing with cyber issues. The Tallinn Manual 2.0, published in 2017, is the most comprehensive analysis of how existing international law applies to cyberspace. The Tallinn Manual is available in both paper and electronic copies (paid subscription) from Cambridge University Press. The drafting of the Tallinn Manual 2.0 was facilitated and led by the NATO Cooperative Cyber Defence Centre of Excellence.

On 16 February 2017, NATO and Finland step up cyber defence cooperation.

Organized by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn (Estonia), the exercise Locked Shields 2017, the largest and most advanced cyber defence exercise in the world, involved around 800 participants from 25 nations. (NATO: World’s largest cyber defence exercise takes place in Estonia, 26 April 2017).

During the 9th International Conference on Cyber Conflict (Cycon), held in Tallinn from 30 May to 2 June 2017 and, organized by the NATO Cooperative Cyber Defence Centre of Excellence, NATO decided to “beef up cyber capabilities” (Source: Defense News, 31 May 2017).

1 June 2017: 1st NATO Cyber Defence Smart Defence Projects’ Conference (Source: NATO Industry Cyber Partnership).

Ahead of a meeting of the NATO Defence Ministers held on 28-29 June 2017, NATO Secretary General said: "We are in the process of establishing cyber as a military domain meaning that we will have land, air, sea and cyber as military domains." Jens Stoltenberg also added, following a question regarding the latest cyber attacks in Ukraine: "NATO helps Ukraine with improving its cyber defenses. NATO has established a trust fund for cyber defense where we finance the programs, the activities we do." (Press conference by NATO Secretary General Jens Stoltenberg ahead of the meeting of NATO Defence Ministers, 28 June 2017).

During the same Defence Ministers event, NATO Secretary General Stoltenberg announced: "The NATO and EU emergency cyber response teams are now able to share information and warnings in real time. And that’s exactly what they did during the global ransomware attacks earlier this week. Today, we agreed to look into ways to expand our cooperation even further, including in the fight against terrorism." (Press conference by NATO Secretary General Jens Stoltenberg following the meeting of the North Atlantic Council at the level of Defence Ministers, 29 June 2017).

On 19 July 2017, NATO and the Jordanian Armed Forces inaugurated the newly established Computer Emergency Response Team (CERT) in Amman. The CERT was set up as part of a NATO Science for Peace and Security (SPS) project to enhance Jordanian cyber defence capabilities. (NATO supports Jordan’s national cyber defence strategy, 20 July 2017).

On the occasion of the CyCon U.S. conference organized in collaboration of Army Cyber Institute at West Point and the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 at Washington, D.C., a new malicious campaign from the well known actor Group 74 (APT28 cyber espionage group**) occurred: a decoy document was used as a flyer (CyCon U.S. Website Info Used as Decoy in Malicious Campaign, NATO CCD COE, 23 October 2017)

Cyber Coalition, NATO’s biggest and most important cyber defence exercise, involved more than 700 participants from 25 Allies, as well as NATO partner countries, the European Union, industry and academia (NATO’s flagship cyber exercise begins in Estonia, 28 November 2017).

On 12 January 2018, Japan decided to join the NATO Cyber Defence Centre of Excellence in Tallinn (Estonian World, 13 January 2018)

On 13 February 2018, NATO launched a multi-year initiative to help develop the Moldovan Armed Forces’ cyber defence capability under the NATO Science for Peace and Security (SPS) Programme. (NATO launches second cyber defence project with Moldova, 20 February 2018).

On 23 April 2018, Australia and Portugal joined the Cooperative Cyber Defence Centre of Excellence (CCDCOE) based in Tallinn, Estonia. (Australia and Portugal join NATO cyber cooperative, Cyberscoop, 23 April 2018)

In April 2018, NATO won the world’s largest live-fire cyber exercise, Locked Shields 2018. (NATO wins the world’s largest live-fire cyber exercise26 April 2018).

On 15 May 2018, Jens Stoltenberg stated: "Today, NATO has three key roles to play in cyberspace. To drive progress across the Alliance. To act as a hub for information sharing, training and expertise. And to protect our networks." (Speech by NATO Secretary General Jens Stoltenberg at the Cyber Defence Pledge Conference, Ecole militaire, Paris, 15 May 2018)

Loading ...

Recommended Reading on NATO and Cyber Defence


Loading ...

Conference Report

The NATO Emerging Security Challenges Division teamed up with Carnegie Europe to organize the conference The World in 2020 – Can NATO Protect Us? The Challenges to Critical Infrastructure.

Threats to critical infrastructure, such as cyber attacks international terrorism and attacks on energy supply, can be devastating to the livelihoods of modern societies and cannot be met by military means alone. The conference with renowned speakers from NATO, academia and national administrations discussed NATO’s role in meeting security challenges to critical infrastructure.

The conference report can be downloaded here: