External publications

10 February 2014 - Best Practices for Computer Network Defence: Incident Detection and Response

NATO is advancing its efforts to both confront and address the wide range of cyber threats faced by Allies each day and this includes engaging industry, academia, and public institutions in these efforts.  "Cyber security incidents are increasing in both scope and scale every day. Our defensive mechanisms have been outpaced by the scope and scale of malicious cyber activities and, as a result, this issue now sits as one of the most important emerging security challenges facing our countries today", says Melissa Hathaway, Council of Experts, Global Cyber Security Centre (GCSEC).

This NATO Science for Peace and Security (SPS) Programme supported event set out to explore common interest issues for improving Allied and Partner cyber defence practices. The workshop directly addressed the SPS Key Priority area for cyber defence as well as addressing NATO's cyber defence policy implementation. The workshop brought together a multi-disciplinary team of experts from sixteen countries and three international institutions to share experience, knowledge, and positions. Together they generated twenty-one specific findings and twelve papers to help improve the cyber defence posture of NATO Allied countries and their Partners.

Following the workshop, a collection of papers from the panel discussions formed the basis of a book that was published as part of the NATO Science Series. The Editor and Co-Directors of the project were invited to brief the relevant committee responsible for cyber defence at NATO on the findings of the workshop, and the publication was launched at a 'Book Talk' event held at NATO HQ on 10 February 2014.

The NATO Country Project Director and editor of the publication, Melissa Hathaway, said, "This demands that they collectively take action to reduce vulnerabilities of organizations' information systems, assets, infrastructures, and people. Accordingly, organizations are shifting their security approach toward monitoring ingress and egress routes, cataloguing the tactics, techniques, and procedures of adversary activity to better understand impacts and manage risk. Equally important, they are investing in advanced counter-measures to strengthen security postures and become more resistant to cyber threats. In the future they will need to focus initiatives toward the protection, resilience, recovery, and restoration of services that transcend national boundaries, like electric power, navigation, and telecommunications. After all, defence does not stop at the corporate enterprise or sovereign border."

The chapters of the publication are available at each of the author's institutions as follows:

Chapter 1: Advanced Research Workshop Findings
Author:
Melissa Hathaway, Council of Experts, Global Cyber Security Centre (GCSEC)

Chapter 2: Computer Network Defense: New Threats and Trends
Authors:
Andrea Rigoni and Gustav Lindstrom, Geneva Centre for Security Policy (GSCP)

Chapter 3: Advanced Technologies/Tactics Techniques, Procedures: Closing the Attack Window, and Thresholds for Reporting and Containment
Author: John Stewart, Cisco Systems and Council of Experts, Global Cyber Security Center (GCSEC)

Chapter 4: Beyond Perimeter Defense: Defense-in-Depth Leveraging Upstream Security
Author: Dave McMahon, The SecDev Group

Chapter 5: Back to Basics: Beyond Network Hygiene
Authors: Felix 'FX' Lindner (Recurity Labs GmbH, Germany) & Sandro Gaycken (Freie University of Berlin, Germany)

Chapter 6: Aligning National Cyber Security Strategies to International Guidance: A First Step Toward Improving Incident Response Capabilities Across NATO
Author: Matt Holt, CEO, Intellium

Chapter 7: Evolution of National and Corporate CERTs – Trust, the Key Factor
Author: Olaf Kruidhof, Capgemini, The Netherlands

Chapter 8: Standards for Cyber Security

Author: Steve Purser, European Union Network and Information Security Agency (ENISA)

Chapter 9: A Model for Positive Change: Influencing Positive Change in Cyber Security Strategy, Human Factor, and Leadership
Author: Will Pelgrin

Chapter 10: Coordination and Cooperation in Cyber Network Defense: The Dutch Efforts to Prevent and Respond

Authors: Elly van den Heuvel (National Cyber Security Centre in The Hague, the Netherlands) and Gerben Klein Baltink (Dutch Cyber Security Council)

The full book is available for purchase here