NATO Industry Cyber Partnership (NICP)

"We will intensify our cooperation with industry through a NATO Industry Cyber Partnership. Technological innovations and expertise from the private sector are crucial to enable NATO and Allies to achieve the Enhanced Cyber Defence Policy's objectives."
- Wales Summit Declaration Issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in Wales, 5 September 2014.


NATO launched the NATO Industry Cyber Partnership on 17 September 2014
Welcome to the NATO Industry Cyber Partnership! 

 

The interconnected and open character of cyberspace has offered unprecedented opportunities for our economies and has transformed the fabric of our societies. By the same token, this open and interconnected space also makes us vulnerable, with cyber threats growing both in numbers and in sophistication.    
              
The private sector is a key player in cyberspace. Technological innovations and expertise from the
private sector
"Cyber-attacks can be as dangerous as conventional attacks. They can shut down important infrastructure. They can have a great negative impact on our operations…We are prepared for attacks that might happen in the future. Cyber-attack is something which is happening every day. And we are responding every day to different kinds of cyber-attacks."
- NATO Secretary General Jens Stoltenberg, Joint Press Point with Sven Mikser, Minister of Defence of Estonia in November 2014.
are crucial to enable NATO and Allies to achieve the Enhanced Cyber Defence Policy’s objectives. Cooperation with the private sector, in particular information sharing on threats and vulnerabilities, can reinforce the resilience of networks and help to prevent, respond to, and recover from, cyber attacks.

NATO has a long-standing tradition of cooperation with industry. We are looking to build on, reinforce and provide coherence with initiatives already underway. In this spirit, the NICP is guided by the following principles:

  • NATO will cooperate with the private sector for the primary purpose of reinforcing the protection of its own networks; it is not about procurement per se, which is governed by well-defined rules and regulations;
  • NATO cooperation with the private sector should be open, transparent and inclusive. The involvement of the most innovative and capable enterprises of NATO nations will be promoted. No enterprise should be under any obligation to participate, nor will they be at unfair advantage as a result of any participation in this partnership;
  • The implementation of any standards will be necessary and proportionate to the risk, to ensure that they are not over-burdensome;
  • To ensure best value for money to defence and industry, cooperation should build on, reinforce and provide coherence to existing initiatives already in place in NATO under the existing policies;
  • International and national regulation, in particular regarding data protection, will apply;
  • Allies will be regularly kept informed of NATO’s cooperation activities with the private sector through the relevant bodies;
  • This partnership will also apply to those national academia and scientific institutes that are involved in cyber defence capability development or capacity building.

The NICP provides a framework to facilitate voluntary engagement for the mutual benefit of both NATO and Allies’ industry. The partnership seeks to bring this engagement to the next level and in a coordinated fashion, thereby adding depth and making this cooperation more diverse. With the ultimate goal of improving NATO cyber defence, a particular emphasis is placed on the following objectives:

  • Improve cyber defence in NATO's defence
    "Industry is a key player in cyberspace, since the private sector owns the majority of the word's information systems and provides technical solutions for cyber defence. Simply put, industry is often our first line of defence; it is industry that has the 'tanks and the soldiers' for cyber defence. At Wales, Alliance leaders endorsed a NATO Industry Cyber Partnership to encourage voluntary engagement between us in an open and inclusive manner. And only two weeks after the Summit, that partnership was launched at the NATO Information Assurance Symposium which brought together some 1500 industry leaders and policy-makers."
    - NATO Deputy Secretary General Alexander Vershbow at the 2014 NATO Industry Forum, Croatia.​
    supply chain;
         
  • Facilitate participation of industry, where relevant, in multinational Smart Defence projects;
  • Contribute to the Alliance’s efforts in cyber defence education, training and exercises;
  • Improve sharing of best practices and expertise on preparedness and recovery (to include technology trends);
  • Build on existing NATO initiatives for industry engagement, providing specific focus and coherence on the cyber aspects;
  • Improve sharing of expertise, information and experience of operating under the constant threat of cyber attack, including information on threats and vulnerabilities, e.g. malware information sharing;
  • Help NATO and Allies to learn from industry;
  • Facilitate access by Allies to a network of trusted industry/enterprises;
  • Raise awareness and improve the understanding of cyber risks;
  • Help build access and trust between NATO and the private sector;
  • Leverage private sector developments for capability development to reach NDPP cyber defence objectives, and;
  • Get efficient and adequate support in case of cyber incidents.
"We have over these many years concentrated primarily on dealing with kinetic and physical threats like tanks and missiles; however today as an alliance we are taking on a less seen but very destructive threat from a new source…cyberspace."
- Gen. Breedlove, Supreme Allied Commander, Europe, June 2013.​

Who will be involved in the NICP?

This partnership relies upon existing structures and bodies and it brings together NATO entities, national Computer Emergency Response Teams (CERTs) and NATO nations’ industry representatives. Academia also makes an important contribution to the cyber defence debate and its role is recognised in the NICP.

We face similar threats and challenges. But these threats and challenges also present us with opportunities. The NICP represents a solid framework upon which to take our efforts forward in a concerted and constructive manner. NATO recognises that cyber defence plays a critical role for our societies, and ultimately for ensuring that the Alliance remains ready and resilient in the wired world.

          In the last years we have seen cyber attacks with increasing frequency, intensity and sophistication. They target individuals, the private sector, government and nongovernmental institutions, as well as international organizations. Threats transcend borders as well as specific institutional delimitations and so too must our cooperation. Working with industry through the NICP reflects a new way of doing business in cyber defence and is an essential way of enhancing cyber resilience. Cyber defence is a “team sport” among trusted and capable partners.”
– Ambassador Sorin Ducaru, Assistant Secretary General for Emerging Security Challenges,
NATO HQ, September 2014