NATO’s cyber Rapid Reaction Team to be operational in 2012

NATO prepares Rapid Reaction Team to fight cyber attacks

From NATO:  By the end of 2012, a rapid reaction team (RRT) capability of NATO cyber defence experts will be operational.

The technical centre of the NATO Computer Incident Response Capability (NCIRC) is the nerve centre of the Alliance’s fight against cyber crime.

"The NCIRC is responsible for the cyber defence of all NATO sites, whether they are those of static HQs or HQs deployed for operations or exercises," says Ian West, NCIRC TC Director.

In the event of an attack against a NATO information system, the experts concerned meet immediately and draw up a plan of action. The aim is to restore the systems so that everything gets back to normal operation as quickly as possible. . . .

"The number of cyber attacks is rising every day, whether they be against NATO systems or against the vital systems of our member nations. NATO must be able to offer cyber defence assistance to its members to help them guard against these attacks, to detect them, and – once they have happened – to react swiftly to limit the damage", says Jamie Shea, Deputy Assistant Secretary General for Emerging Security Challenges at NATO.

Rapid Reaction Team operational by end 2012

In 2011 NATO started to formulate a rapid reaction team concept for this purpose. "These cyber defence experts are responsible for assisting member states which ask for help in the event of an attack of national significance," Alex Vandurme explains.  The creation of this team was a result of the NATO cyber defence policy, which was revised by defence ministers in June 2011. In future, additional efforts will be devoted to risk prevention and enhanced resilience.

"The types of cyber attacks experienced by Estonia and Georgia will become the most frequent form of cyber attack in the future. A mixture of protest, or traditional war, and a cybernetic element," Alex Vandurme continues. The rapid reaction teams must therefore by ready to act when assistance is requested. They should be operational by the end of 2012.

So far, a number of steps have already been taken, and the NCIRC should achieve full operational capability in early 2013. . . .

Rapid Reaction Team profiles, training and equipment

The RRT capability will consist of a permanent core of six specialised experts who can coordinate and execute RRT missions. There will also be national or NATO experts in specific areas. Their numbers and profile will be determined on the basis of the mission to be carried out.

The RRTs will have all the equipment they need: IT and telecommunications equipment, such as satellite telephones, and equipment for digital evidence collection, cryptography, digital forensic analysis, vulnerability management, network security, etc.

"All these experts will be trained in NATO procedures and in the handling of the equipment," says Alex Vandurme., "They will also be involved in the Cyber Coalition exercise which we hold in November every year."

Activating a Rapid Reaction Team

Any NATO member nation suffering a significant cyber attack will be able to ask for NATO’s help. The request will be considered by the Cyber Defence Management Board (CDMB). Requests for help which come from non-NATO countries will have to be endorsed by the North Atlantic Council.

"During the 2010 Cyber Coalition exercise, we practiced the consultation and decision-making mechanisms for the RRTs at CDMB-level. We learned lessons from this on improving our procedures. In November 2012, we will move on to phase two: testing the RRT intervention phase and, specifically, the usefulness of the handbook which has just been prepared."

Once activated, the RRTs will be able to respond within 24 hours of the incident.  (photo: Europe Security News)

Image: europe%20security%20news%203%2026%2012%20NATO%20cyber.jpg