NATO’s fifth domain: Shoring-up cyber defense needs public-private partnerships

In July 2016, Heads of State and Government from NATO member states attending the Warsaw Summit officially recognized cyberspace as “a domain of operations in which NATO must defend itself.” This was an unprecedented, yet necessary step. Never before have online threats been viewed through the same prism as threats from the air, on land, at sea, or in space. But it’s clear that the increase in nation-state-led cyberattacks has alarming implication not only for national security and infrastructure, but also for the safety of civilians – both on and offline.

As the NATO Information Assurance & Cyber Defense Symposium (NIAS), NATO’s key cyber defense conference, convenes in Mons, Belgium, this week, we are reminded of the critical importance of public-private partnerships in the realm of cybersecurity. In this context, the NATO Industrial Advisory Group (NIAG) and the NATO-Industry Cyber Partnership (NICP), as well as bilateral collaboration between industry players and NATO’s Communication and Information Agency (NCIA), are vital. At Microsoft, we have worked to support NATO’s cybersecurity efforts through our Government Security Program (GSP) of which NCIA is a member. This includes enhanced information-sharing on cyber threat intelligence, documentation, online training and tools to bolster cybersecurity.

Having recognized cyberspace as the “fifth domain of warfare”, NATO will need to ensure that the Alliance’s cyber defenses continue to evolve. This includes deploying modern and secure technologies. A key element to this is NATO’s recently adopted “cloud-first approach”. Moreover, NATO allies at the Warsaw Summit in July 2016 adopted a “Cyber Defense Pledge” which committed Member States to “strengthen and enhance the cyber defenses of national networks and infrastructures.” Through this pledge, NATO can play a critical role to harmonize and strengthen Member States’ commitment to cybersecurity. This is an important addition to the EU’s cybersecurity efforts such as the NIS Directive which does not include baseline security obligations for public sector entities.

In addition to laying a technological foundation rooted in cyber resilience, NATO is an important voice in international cyber policy discussions. This includes ensuring the application of international law in cyberspace, as well as developing additional rules for nation-state behaviour in cyberspace where needed. NATO Member States have long considered the protection of civilians from nation-state cyber-attacks as a priority. From Microsoft’s perspective, a Digital Geneva Convention would be key to this process as it could help prevent governments from targeting the private sector or critical infrastructure, or from using online hacking to steal intellectual property. We will continue to discuss these ideas with both NATO’s Emerging Security Challenges Division and the allied Member States which make up NATO’s Cyber Defense Committee.

While the future of cybersecurity and cyber defense will continue to evolve, there is an opportunity to be proactive in tackling these challenges collectively, to emerge stronger and better prepared. This week’s NIAS Symposium is a great opportunity to demonstrate industry’s commitment to help NATO prepare for tomorrow’s cyberthreats and we look forward to contributing to this important event.

Jan Neutze
Director of Cybersecurity Policy, Microsoft EMEA

Jan Neutze is Director of Cybersecurity Policy responsible for cybersecurity policy matters in Europe, Middle East, and Africa. Before taking on Microsoft's EMEA security portfolio, Jan worked in Microsoft's Trustworthy Computing group at Microsoft Corp. in Redmond. In this role, he led engagement with governments and industry partners at an EU-level and in Germany, and developed corporate strategies on emerging cybersecurity policies, risk management, critical infrastructure protection, cybersecurity norms, and internet governance. Jan Neutze joined Microsoft from the United Nations Headquarters, where he served for three years in the policy planning staff of the UN Secretary-General and the Department of Political Affairs, leading a range of cybersecurity and counterterrorism projects. Prior to this, Jan served as program officer for foreign policy at the German Marshall Fund of the United States and as assistant director of the Program on Transatlantic Relations at the Atlantic Council of the United States. Jan Neutze holds a law degree from the Westphalian Wilhelms-University in Munster, Germany and an M.A. in security studies from Georgetown University's School of Foreign Service.