Defending NATO in the Cybersphere
Senior VP of Security and Information Systems at Leonardo, Paul MacGregor, explains how Leonardo’s cyber security expertise is helping NATO defend its estate, using a combination of technology and people.
Since May 2014, Leonardo has been NATO’s ‘mission partner’ for cyber defence, and is fully embedded in NATO’s Computer Incident Response Capability - Full Operational Capability (NCIRC - FOC) programme. Our team of UK cyber experts work alongside NATO to defend the cyber security of information and ICT infrastructure across 75 NATO sites in 28 different member countries. The programme is continually being expanded and represents one of the biggest initiatives ever developed in this sector.
Delivering cohesion to a diverse cyber estate
Given the number of NATO members, there are varying levels of cyber maturity across the Alliance. Furthermore, NATO’s structure means that it has a combination of NATO networks and national-level networks – all of which must interconnect.
To address the differing maturity levels amongst members, NATO uses negotiated agreements such as the ‘Cyber Pledge’ from the Warsaw Summit – a joint commitment from Alliance members to “keep pace with the fast-evolving cyber threat landscape and that our nations will be capable of defending themselves in cyberspace as in the air, on land and at sea.” This is an ongoing and repeating requirement which includes investment in training capability and upgrading investment in technology to defend cyber networks.
This approach is similar to what the Ministry of Defence and the defence industry are jointly trying to do in the UK through the Defence Cyber Protection Partnership, where everybody is being actively encouraged to improve their cyber capabilities. In NATO’s case, as an Alliance member, if you want access to the Alliance’s information, you need to demonstrate a certain level of cyber security. However, in the UK, if you want to work on a government contract, you must be able to demonstrate that your IT systems and processes can defend against somebody trying to steal it.
Adapting to the ever-changing international cyber environment
NCIRC, NATO’s custom-built security system, is managed by Leonardo. The system is a central defensive hub, fed by defensive enclaves that are established across NATO sites and infrastructure in member nations, designed to protect other Alliance-owned information-centric systems at more than 75 locations.
During our partnership with NATO, our role has grown as more sites have been included, with new contracts awarded for IT Modernisation (ITM) and NATO Communication Infrastructure (NCI) - each having a specific requirement for cyber defence. As such, our remit now covers the deployment of an NCIRC defensive enclave into ITM and we will soon be doing the same for NCI. It’s ongoing, as once an IT system is deployed, you have to defend it and you have to keep the appropriate technology current.
Technology and people in sync
But cyber defence is not purely about technology! There’s a misconception by many people that cyber security is all about buying millions of pounds’ worth of technology. It’s like claiming you’re a concert pianist because you’ve bought a grand piano! The fact is, like anything, you have to learn to operate the tools – whether they’re musical instruments or the latest technologies.
As a result, whenever we start discussions with a new customer about cyber security, we always ensure that the workforce is considered early in the process. Often, governments initiate cyber programme discussions around the need to “build us a secure operations centre”. However, we ask them who is going to run the centre for them?
This is often complicated further because there are many instances where a customer will want the benefit of a contractor’s expertise, but will not want a foreign company having access to the sovereign data it is trying to secure. With this in mind, we have merged training with an exercise capability through our Cyber Academy and Cyber Range. These enable Leonardo cyber experts to establish procedures and impart knowledge to trainees without needing to access or observe the customer’s protected networks.
Based on our experiences with people like NATO and ministries of defence, our Cyber Academy and Cyber Range results is now a training facility that provides customers with a comprehensive cyber exercise capability, where they can have red-on-blue, attack-defend, explore the use of tools and techniques, and try to exercise against new and emerging threats. Like anything, repeated practice is the only way to achieve success.
Only through an in-depth understanding of the mission requirement, the application of appropriate technology and comprehensive training of our people to defend and hunt the enemy, can we begin to evolve cyber environment.