The decision by NATO ministers to set up a cyber operations center is an important step toward implementing recognition of cyberspace as a domain of operations in which the Alliance must defend itself as effectively as it does in the air, on land, and at sea.
The announcement, made in Brussels on November 8, signaled a first concrete step in the shifting of NATO’s focus from information assurance to mission assurance. It recognizes that there is no such thing as absolute cybersecurity and that the Alliance will have to operate in contested environments and have a command structure fit for this role.
The decision to include a cyber operations center is the result of a heightened understanding of NATO’s dependence on communications and information technologies, and the growing number of cyberattacks that have the potential to impact its missions.
Clear roles in NATO’s command structure with respect to cyber capabilities are a fundamental step for the Alliance to enable mission assurance. The cyber operations center will provide a structure to integrate cyber into NATO’s planning and operations at all levels, and also help integrate allies’ cyber capabilities into NATO’s missions and operations.
NATO has always used its capabilities in a proportionate manner with the aim of achieving maximum impact with minimum force. Accordingly, the center will support the operational commander’s use of cyber capabilities in operations or as standalone capabilities.
While little is known from the official communique of the ministerial meeting about the role and makeup of the center, it can be assumed that it combines existing stovepiped organizations within NATO with operational cyber responsibilities, rather than a completely new organization.
A decision to centralize and streamline cyber operations is a natural step in organizational adaptation proportional to the challenge that the Alliance faces. The announcement in Brussels comes at a time of growing concern over Russian cyber operations and meddling, such as the recent hacking of the phones of US troops deployed in Poland.
The cyber operations center was one of two major decisions to come out of the meeting in Brussels. The other was the announcement of new commands to facilitate the mobility of troops and equipment across the Atlantic and in Europe.
Over the years, reviewing and changing command arrangements has been a vital step for NATO to ensure and maintain the agility and relevance of the Alliance.
NATO, just as any other process-driven organization, struggles to achieve operational agility in the face of cyberattacks. Cyber operations require timely decisions and actions, capabilities that are challenging to achieve within a complex organization. The new cyber center should help to ensure that NATO commanders have the right capabilities at the right time.
NATO has a lot on its plate with the implementation of the concept of cyber as a domain of operations, such as formulating a cyber doctrine and adapting its cyber education and training. While the symbolism of moving the implementation of operational domain is important to show progress and resolve within the Alliance in the face of the growing cyber threat, the ministerial decision will serve as more of a bookmark for the issue to consider at the next NATO summit planned for July 2018.
Klara T. Jordan is a nonresident fellow with the Atlantic Council’s Brent Scowcroft Center on International Security. Follow her on Twitter @JordanKlara.