NATO has constituted Cyber Response Teams

Pierluigi Paganini December 24, 2013

The NATO has announced to be close to launch two Cyber Response Teams to protect the infrastructures of the Alliance in the case of cyber attacks.

NATO is establishing its reaction units to protect its infrastructure in case of cyber attacks, the organization will set-up exactly two teams for the purpose. NATO is considered a privileged target for hackers, in 2012 it suffered 2,500 “significant cases” of cyber attacks against its networks, during the 2013 the situation has remained almost unchanged but security experts believe that the number of sophisticated offensives is likely to increase.

A NATO representative explained that the two cyber-defense teams are expected to operative in a few weeks in response to significant incidents ans cyber-attacks.

“Exact 2013 figures have not yet been compiled. What we can see is that the incidents recorded by NATO experts so far this year are comparable to what similar organisations have faced and generally consistent with 2012 levels,” said the NATO official.

The NATO cyber experts succeeded in the mitigation of the attacks avoiding serious damage to the infrastructure, let’s remember that the organization invested nearly 58 million euro to upgrade the NATO Cyber Incident Response Centre (NCIRC).

In 2011 the NATO presented a Cyber Defence Policy that included the definition of a central structure responsible for the protection of all the structures of the alliance in case of cyber attacks. Below an abstract of the document:

Integrate cyber defence considerations into NATO structures and planning processes in order to perform NATO’s core tasks of collective defence and crisis management.
Focus on prevention, resilience and defence of critical cyber assets to NATO and Allies.
Develop robust cyber defence capabilities and centralise protection of NATO’s own networks.
Develop minimum requirements for cyber defence of national networks critical to NATO’s core tasks.
Provide assistance to the Allies to achieve a minimum level of cyber defence and reduce vulnerabilities of national critical infrastructures.
Engage with partners, international organisations, the private sector and academia

Last year Finmeccanica and Northrop Grumman were awarded a contract by the NATO Consultation, Command and Control (NATO C3) Agency for the development of the NATO Computer Incident Response Capability (NCIRC) – Full Operating Capability (FOC).

“The contract, worth around EUR 50 million, is for an extensive managed service which will provide information assurance to around 50 NATO sites and headquarters throughout 28 countries worldwide. The NCIRC will provide the capability to detect and respond to cyber security threats and vulnerabilities rapidly and effectively. The project is intended to meet the level of ambition of NATO Head of States as set out during the Lisbon Summit in November 2010.” reported AOS website.

Since 2011 important steps forward have been done, earlier 2013 NATO defence ministers approved the first step of integrating cyber defence capability targets into the defence planning process requesting allies to set up a minimum set of cyber defence capabilities and preparedness. The NATO requested to the members of the Alliance to define a national cyber policy, a national cyber authority and the creation of national cyber defence response capabilities.

The NATO Cyber Incident Response Centre deployed advanced technologies including sensors, scanners and “intelligent analytic capabilities” to prevent, detect and respond to cyber threats.

The effort spent for the stablishment and the support of a response center is essential for the defense of critical network belonging to the organization. In the next years according the officials we will see a meaningful increase of detection and reaction capabilities of the Alliance, we must considere that the investments are part of the emprovement project begun in 2011 when the concepts of Information warfare and state sponsored hacking were not considered like today.

“This upgrade will significantly enhance NATO’s ability to protect its own networks. The NCIRC has proven to be a vital hub for dealing with cyber incidents and for disseminating cyber security information across the Alliance,” the NATO official said.

We have to consider that the effor and the investment of the Alliance are a mandatory to responde a growing pressure of gangs of cyber criminals and hostile govenments.

The number of cyber attacks against critical infrastructures is increasing and according many cyber security expers it is question of time before a major incident could happen.

The offensives are even more sophisticated and it is necessary a joint effort to detect ongoing cyber threats and neutralize their effects, it’s my opinion that this is a first step to win the challende of the next future … protect the cyberspace.

“Looking to 2014, we expect to see the operational benefits of the increased detection and response capability which we are currently achieving by upgrading the NCIRC. Our defensive efforts will focus on tuning our new system to maximum effect.” stated the NATO official.

Pierluigi Paganini

(Security Affairs – NATO, cyber defense team)

Critical infrastructures cyber criminals cyber defense Finmeccanica Hackers hacktivists incident response NATO NATO C3 Northrop Grumman security state sponsored actors US

Pierluigi Paganini June 24, 2025

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Pierluigi Paganini June 24, 2025