NATO has launched an initiative to boost cooperation on cyber treats and challenges with the private sector. In light of this news, Toyin Adelakun, VP of Products at Sestus, has given the following comment on what the initiative could mean:
“After tiny Estonia — a 2004 intake to NATO as part of the Alliance’s Fifth Enlargement — was subjected to a sustained cyber attack in the spring of 2007, growing resolve crystallised a year later into the establishment of the Cooperative Cyber Defence Centre of Excellence in Talinn. The Centre’s objectives are, broadly, to develop knowledge, insight and capacity with regard to detecting and thwarting cyber attacks on NATO itself and NATO members. In that sense, the Centre is the proactively-inclined intellectual complement to NATO’s incidence response centre (NCIRC), which by definition is more reactive and pragmatic. Over the years, in addition to its contributions to the development of the NATO Cyber Defence Policy, CCDCOE has publicly agonised over the whys and wherefores of engaging with the private sector. This recent announcement of the NATO Industry Cyber Partnership (NCIP) looks like another attempt at public-private engagement, albeit under separate and wider auspices.
A sustained, targeted cyber attack can potentially have a crippling effect on at least parts of a nation’s critical infrastructure — and that effect can be similar to that of a ballistic attack. (For real-world examples, look beyond Estonia to Stuxnet.) So from a certain perspective, there is ample justification for NATO’s initiatives in cyber defence to parallel its established practices in respect of traditional military defence. Now, NATO has not said that ‘any cyber attack on one Member is a cyber attack on all’, which would match the underpinning sentiment expressed in the military domain as per Article 5 of the founding treaty. To many, that may be going too far. But then — and with the caveat that it is still early — it is unclear what the NICP’s concrete objectives are and who would benefit from such objectives being met. There is mention of eventual interlock with the long-running Defence Planning Process (NDPP), and it would seem to be a logical pooling of resources amongst putatively friendly nations, but unless there are standardisation agreements (STANAGs) or other specific deliverables that arise, the NICP may emerge as a collaboration that is — on account of privacy and industrial-espionage concerns — too edgy, too limited or both.”
By Toyin Adelakun, VP of Products, Sestus
About Sestus
Sestus is an online security company offering a suite of ground-breaking security products used to satisfy multi-factor authentication requirements (FFIEC, CJIS, PCA, HIPAA). Sestus’ products are used by both regulated and non-regulated companies who wish to improve their online security.
Sestus, LLC is a privately-held, member-managed limited liability corporation organized under the laws of the State of Arizona (USA). Sestus, LLC (formerly Sestus Data Company, LLC) is the successor to Willis Software, a software development and consultation company established in 1992. Sestus began commercial operations in 2005, with product licensing commencing in early 2007. Sestus has maintained a steady growth rate and currently enjoys one of the highest customer retention rates in the online-security industry. Sestus is 100% member-owned at this time.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.