Cybersecurity Defense Technologies Europe & Eurasia NATO Security & Defense Turkey United States and Canada
Report July 1, 2026 • 10:00 am ET

How NATO is facing mounting cybersecurity challenges

By G. Alexander Crowther

NATO, like every other major international organization, is greatly challenged in cyberspace. NATO has embraced cyber as a challenge since the 2002 NATO Summit in Prague. The subsequent growth of cyber operations against NATO allies, such as the major attacks from around the world against the Estonian government in 2007, have only strengthened allies desires to strengthen their cyber capabilities, however criminal- and state-executed operations remain the greatest challenge NATO faces in cyberspace while cyber force development is a major issue. The subsequent growth of cyber operations against NATO allies—from the major attacks against the Estonian government in 2007 to recent cases prompting warnings by officials and agencies in the United Kingdom and Germany—have only strengthened allies desires to increase their cyber capabilities. Criminal- and state-executed operations remain the greatest challenge NATO faces in cyberspace, while cyber force development is a major issue.

Although the popular view is that NATO commands vast forces, NATO has very few organic capabilities (e.g., NATO AWACS) in its command structure and most forces, including almost all cyber capabilities, reside in allied security services and is available to NATO when requested and agreed upon. NATO itself has a circumscribed role in cyber operations but is very active in setting policy for NATO cyber forces. Like conventional forces, allies have differing cyber capabilities.

NATO says that its “focus in cyber defense is to protect its own networks, operate in cyberspace (including through the Alliance’s operations and missions), help Allies to enhance their national resilience and provide a platform for political consultation and collective action.” NATO does not conduct offensive cyber operations, however, its view is  that cyberattacks on NATO allies may be “considered as amounting to an ‘armed attack,’” which allows invoking Article 5; NATO also understands the validity of offensive cyber operations conducted by allies in support of Alliance defensive operations.

Article 3 of the NATO Treaty requires allies to defend themselves. Cyber capability is no different, hence the mission to “help Allies to enhance their national resilience.” NATO does not provide cyber security for allies but assists allies to build their own cyber capability. This concept was developed to prevent what could be called “free riding in cyberspace.”

Allied cyber forces, like their fellow air, ground, and maritime forces, run a spectrum of both size and capability. Several larger allies such as France, Germany, the United Kingdom, and the United States are rated as major cyber powers. Several smaller countries also have robust cyber capabilities. Some, like the Netherlands, have these capabilities due to a combination of an excellent education system and a strong network of information technology companies, which creates a robust cyber ecosystem. Others, like Estonia, have developed their cyber capabilities in response to major threats, mainly from Russia. However, other smaller countries or countries without a strong cyber ecosystem lack well-developed cyber capabilities, the second of the two greatest challenges NATO faces in cyberspace.

NATO works with allies to track capabilities and supports national efforts to mitigate malicious cyber activities via the NATO Virtual Cyber Incident Support Capability (VCISC). They integrate allies’ capabilities into the NATO force structure during a NATO operation and, if necessary, will request support from national cyber capabilities under national command and control in support of NATO operations.

In Warsaw in 2016, the first summit after digesting initial lessons learned from Russian operations in Ukraine, NATO declared cyber to be a domain of warfare and announced the NATO Cyber Defense Pledge. They updated that pledge in 2026 and now require:

  • Mandatory cybersecurity maturity assessments for all critical infrastructure sectors
  • Standardized incident reporting requirements with 24-hour notification windows
  • Joint cyber exercise participation requirements for all member states
  • Transparent resource allocation reporting for cybersecurity investments

The updated pledge also identifies three major policy objectives:

  • Enhanced real-time threat intelligence sharing
  • Standardized capability-building programs
  • Expanded Asia-Pacific cooperation

In addition to policies, NATO has also built organizations to support cyber defense. The NATO Cyber Security Centre (NCSC) at the Supreme Headquarters Allied Powers Europe (SHAPE) in Mons, Belgium, protects NATO’s own networks; at the 2024 NATO Summit in Washington, NATO announced the plan to develop it into the NATO Integrated Cyber Defence Centre by 2028. NATO also has Cyber Rapid Reaction Teams to assist allies as approved by the North Atlantic Council, the senior decision-making body of NATO, consisting of the heads of state and government of the allies. .

These capabilities are necessary for NATO; however, the organization needs to integrate cybersecurity into all operations. That integration must extend to policy, doctrine, and professional military education. For these purposes, NATO can use education, training and exercises, all under the purview of Allied Command Transformation (ACT), which is responsible for alliance doctrine and ensures that NATO integrates cyber in all training and education. The NATO School in Oberammergau, Germany, conducts cyber defense-related education and training to support Alliance operations, strategy, policy, doctrine and procedures. The NATO Defense College in Rome, Italy, fosters strategic thinking on political-military matters, including on cyber defense issues. ACT also leads the NATO Centres of Excellence; the NATO Cooperative Cyber Defense Centre of Excellence in Tallinn, Estonia. It does cyber research, leads cyber exercises, and is well known for the Tallinn Manual, the global standard for discussing the legal aspects of cyber operations during both peacetime and wartime. NATO conducts more focused IT-specific cyber training at the NATO Communications and Information Academy in Oeiras, Portugal.

NATO also coordinates and collaborates with other international organizations. NATO works with the European Union (EU), the United Nations, and the Organization for Security and Co-operation in Europe; the Alliance also coordinates with industry on cyber defense issues. Of particular importance is the Technical Arrangement on Cyber Defense between the NATO Computer Incident Response Capability (part of the NCSC) and the Computer Emergency Response Team for the EU (CERT-EU) which includes close cooperation between NATO Rapid Response Teams and national CERTS through the Permanent Structured Cooperation program.

An excellent example of how NATO approaches cyber defense is Federated Mission Networking (FMN). It grew out of the Afghan Mission Network, which the International Security Assistance Force used and includes governance, a networking framework, and actual mission networks. Rather than providing a NATO network that replicates national networks, FMN provides information technology and cybersecurity standards for the national networks connecting to the network. So, an American unit picks up an American communications device and connects with a Portuguese unit that speaks on its national network, connected via FMN. NATO sets the technical and security standards and anyone connecting adheres to them. NATO provides guidance and connective tissue while the members use their own national capabilities. NATO defends NATO networks and allies defend their own networks.

NATO has a healthy cyber defense system, particularly in governance, policies, and training. Several allies boast the world’s best cyber forces; however, the alliance is challenged by improved and more aggressive cyber operations by criminals and state adversaries as well as a lack of cyber capability among some allies. These challenges cannot be resolved but can be mitigated by policies and cyber force development. NATO leadership understands the importance of cyber operations and will continue to prioritize them for the foreseeable future.


G. Alexander Crowther, PhD, is a cybersecurity and Europe specialist and a retired US Army strategist colonel. He was a special assistant to the supreme allied commander Europe at SHAPE and has lectured at Allied Command Transformation, the NATO Defense College, and various war colleges around Europe and Latin America. He publishes regularly on cyber and other national security issues.         

Explore other issues

Explore the program

Within the Atlantic Council’s longstanding commitment to strengthening the transatlantic relationship, the Atlantic Council Turkey Program conducts research, provides thought leadership, and offers a platform for strategic dialogue between the US, Turkey, and NATO allies to address the region’s toughest challenges and explore opportunities, including in the fields of energy, business & trade, technology, defense, and security.

Image: US Cyber Command members work in the Integrated Cyber Center, Joint Operations Center at Fort George G. Meade, Md., April. 2, 2021.