Cooperative development speeds Nato cyber-intelligence-sharing

NATO and partner countries are sharing R&D in the development of cyber-security tools to achieve economies of scale, including the CIICS (Cyber Information and Incident Coordination System) which has just been deployed in the Alliance's 24/7 cyber operations centre.

CIICS was developed by NATO Communications and Information Agency (NCI Agency), NATO's IT and cyber arm, as part of the Multi National Defence Capability Development (MN CD2) project to share intelligence, detect and thwart cyber-threats at a faster pace and across multiple countries, with Finland set to join the coalition within weeks. 

CIICS is currently used by Canada, the Netherlands and Romania and will be deployed later this year to Norway, as well as partner nations Finland and Ireland, which have all already started trialling the tool.

Manisha Parmar, senior cyber security scientist at the NCI Agency, explained: “CIICS not only alerts you about potential cyber-attacks but also allows you to respond to the attack with the help of other users. So for example, if I'm Romania and I have detected a cyber-attack which might be replicated against Norway or the Netherlands, I can share that information with these countries and they will get immediately alerted if a similar threat shows up.”

Safer together MN CD2 was created in 2013 after Canada, the Netherlands, Romania, Denmark and Norway - decided to join forces, leveraging their respective expertise to improve their cyber-defences. Parmar noted. “It's a much cheaper and quicker process for them.”

She adds, “It's not just the financial benefit of the partnership, it's also about collaborating, sharing knowledge and best practices. The advantage of approaching a project this way is that we get a mature tool much quicker. Within a month of gathering information on each Nation's requirements, we deployed a first work package. Nearly four years on, we're on our fifth work package; we have a mature tool, three countries are using CIICS – soon six – and CIICS has been deployed on a trial basis to NCIRC TC (NATO Computer Incident Response Capability Technical Centre) this week… It's a success story.”

MN CD2 is open to all NATO Nations, while partner nations must receive approval from the project's board to join. Poland, Germany, the United Kingdom and Switzerland have expressed an interest in CIICS, but no formal agreements are in place yet.

Sarah Brown, CIICS technical lead at the NCI Agency, observed: “CIICS proved its value when it was used by Nations in Cyber Coalition, one of the world's largest cyber defence exercise, as it enabled them to operate as a coalition, defending networks together. This showed that CIICS can be of great benefit to the Alliance, helping forces communicate, train and operate better together in a Federated Mission Networking (FMN) environment.”

Arnold Colijn, senior innovation project manager at the Dutch Ministry of Defence, noted that the tool has been extremely beneficial to the Netherlands, saying, “CIICS as a system is designed to support (inter-)national coordination on cyber incidents and on cyber information sharing and thereby leverages the possibility that Nations will really work together on cyber defence.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.