Defense chiefs from across NATO have begun to work on how to protect member countries from cyber attack, an alliance official tells Killer Apps.
Although NATO has been working for a while on protecting its own networks (meaning the in-house systems NATO relies on for everyday functions) from cyber attacks, it hasn't come up with any plans to defend its member states from cyber attack. (Sound familiar? It should. While the United States government is responsible for defending its own networks against cyber attack, it is still trying to figure out how to protect the U.S. private sector from such attacks.)
To help remedy this, NATO defense chiefs last week discussed a U.S.-proposed "cyber work plan" aimed at "breaking through policy impasses" to get the alliance in a "much better position" to protect its member countries from cyber attacks, the official told Killer Apps in an email.
What exactly does that mean? Basically, figuring out what roles and responsibilities NATO, the European Union, and all the national governments and private sector organizations that are involved in NATO and the EU have in defending against cyber threats. This could mean figuring out which law enforcement agencies would respond to criminal cyber attacks against alliance members; which government agencies would respond to cyber attacks by other countries; how the various government agencies within NATO would collaborate to defeat cyber threats; and how major corporations that provide critical services to the public would be protected from crippling cyber attacks.
Good luck with that. Twenty-eight member countries, three continents, just sayin'.
During a speech at Kings College in London last month, outgoing U.S. Defense Secretary Leon Panetta said NATO is not adequately prepared to respond to cyber attacks against its member countries. "I urge in the coming year that NATO ministers hold a session to closely examine how the alliance can bolster its defensive cyber operational capabilities," he said.
"The impasses have to do with discussion of roles among NATO and EU and national government and civilian sectors," said the official. "It's very similar to discussions that member nations are having within their own government on which agencies protect and respond."
It will be interesting to see how fast NATO can put any sort of plan in place. Remember, this discussion has been going on in the U.S. for years now. The failure of U.S. lawmakers to produce cyber security legislation prompted the White House earlier this month to release its cyber security executive order aimed at protecting a small group of U.S. banks, energy firms, transport companies, defense contractors and communications providers from a cyber attack that could harm millions of Americans.