May 5, 2015
"The RRT can act on very short notice to deal with an attack that affects the operational capability of a NATO system during a crisis or to assist a member state, at its request, in the event of a significant cyber attack at national level," says Jean-François Agneessens, a cyber security expert at the NATO Communications and Information Agency (NCIA) in Mons, Belgium.
He is one of six civilian members of the RRT who can be deployed to NATO sites, in operational theatres or in support of an Ally, in order to provide technical assistance or respond to incidents arising from a cyber attack.
Cyber threats are becoming more intense and complex. Every day, NATO has to manage more than 200,000,000 events; after analysis, about ten on average turn out to be sophisticated attacks requiring remedial action.
Cyber attacks can have devastating consequences, potentially as serious as conventional attacks with bombs and tanks. For this reason, cyber defence is considered part of the Alliance's collective defence commitment under Article 5 of the North Atlantic Treaty. The decision to send the RRT to help an Ally is taken by the North Atlantic Council, the Alliance's highest political decision-making body....
In order to remain operational, RRT members take part in NATO exercises in which they can practise their ability to respond to a crisis, in realistic conditions.
Jean-François tested his responsiveness during the international exercise "Locked Shields", held on 22-23 April 2015 and organised by the NATO Cooperative Cyber Defence Centre of Excellence, the Alliance's cyber defence think-tank. During this 48-hour war game, which involved 15 experts from each of the 15 participating nations, he and the other RRT members simulated deployment to a fictitious country under cyber attack. Their mission was to restore the primary drone control facility of this fictitious NATO member state and help secure the auxiliary control system which can take command of the military drones.
In November 2014, during another exercise called "Cyber Coalition", cyber activists managed to take control of the aerial detection system of a NATO AWACS surveillance aircraft deployed on an operation. The RRT was sent to an airbase in Greece to identify the problem and put the aircraft back into service as quickly as possible....
"The RRT is actually a modest resource; however, it constitutes a strategic core capability which would be reinforced, as needed, by experts from nations, when NATO is responding to an assistance request from a nation," states Suleyman Anil, Head of the Cyber Defence Section of the Emerging Security Challenges Division at NATO Headquarters.