Multinational coalition speeds cyber intelligence-sharing

By Communication 2/27/2017
A tool for NATO and partner countries to respond to cyber-attacks together more rapidly is making its debut in the Alliance's 24/7 cyber operations centre this week.

A tool for NATO and partner countries to respond to cyber-attacks together more rapidly is making its debut in the Alliance's 24/7 cyber operations centre this week.

The capability is part of a multinational effort to share intelligence, detect and thwart cyber threats at a faster pace and across multiple countries, with Finland set to join the coalition within weeks. 

CIICS (Cyber Information and Incident Coordination System) pronounced "kicks", was developed by the NATO Communications and Information Agency (NCI Agency), NATO's IT and cyber arm, as part of the Multi National Cyber Defence Capability Development (MN CD2) project.

CIICS is currently used by Canada, the Netherlands and Romania and will be deployed later this year to Norway, as well as Partner Nations Finland and Ireland, which have all already started trialling the tool.

It is an example of how NATO Nations can work together to fast-track capability development.

Manisha Parmar, Senior Cyber Security Scientist at the NCI Agency, explained: "CIICS not only alerts you about potential cyber-attacks but also allows you to respond to the attack with the help of other users.

So for example, if I'm Romania and I have detected a cyber-attack which might be replicated against Norway or the Netherlands, I can share that information with these countries and they will get immediately alerted if a similar threat shows up.

"It allows them to thwart the cyber-attack before it can take place."


Safer together

MN CD2 was created in 2013 after five NATO Member countries – Canada, the Netherlands, Romania, Denmark and Norway - decided to join forces, leveraging on their respective expertise to improve their cyber defences. 

 "The principle of MN CD2 is that instead of Nations taking on the R&D [Research and Development] themselves, they share it with other Nations, so that they benefit from economies of scale," Ms Parmar noted.

It's a much cheaper and quicker process for them."

Three of the MN CD2 founding Nations approached the NCI Agency seeking to develop a cyber intelligence sharing platform.

"Canada, the Netherlands and Romania quickly found that they shared common interests.

"So we spoke to the Nations, and established what they wanted or needed to develop a single tool that would suit them all, that's how CIICS came about.

The Nations came to the Agency because of our technical skills and our access to expertise from 28 Member Nations.

So it's not just the financial benefit of the partnership, it's also about collaborating, sharing knowledge and best practices.

The advantage of approaching a project this way is that we get a mature tool much quicker.

Within month of gathering information on each Nation's requirements, we deployed a first work package.

Nearly four years on, we're on our fifth work package, we have a mature tool, three countries are using CIICS – soon six – and CIICS has been deployed on a trial basis to NCIRC TC (NATO Computer Incident Response Capability Technical Center) this week… It's a success story."


Constantly evolving technology

 Ms Parmar remarked that being able to develop state-of-the-art technology quickly is essential to maintain strong and resilient cyber defences.

"When we sat down with Canada, they told us that they were interested in information sharing but they also wanted a tool to manage cyber-attacks… That's how the cyber incident management part of CIICS was born.

Within the envelope of money we were given, we managed to provide them with both.

And we're constantly enhancing CIICS, speaking to our community of users, adapting to new requirements.

Once the capability has been created, these Nations become torch carriers, they make the capability available to other Nations and encourage them to come on board."


Expanding the cyber defence coalition

MN CD2 is open to all NATO Nations, while partner Nations must receive approval from the project's board to join.  

So far, other nations such as Poland, Germany, the United Kingdom and Switzerland have expressed an interest in CIICS, but no formal agreements are in place yet. 

Sarah Brown, CIICS Technical Lead at the NCI Agency, remarked: "CIICS proved its value when it was used by Nations in Cyber Coalition, one of the world's largest cyber defence exercise, as it enabled them to operate as a coalition, defending networks together.

This showed that CIICS can be of great benefit to the Alliance, helping forces communicate, train and operate better together in a Federated Mission Networking (FMN) environment."

Mr Arnold Colijn, Senior Innovation Project Manager at the Dutch Ministry of Defence, noted that the tool has been extremely beneficial to the Netherlands.  

"The CIICS project is a meaningful project to our Nation, because it shows that capability-development with a few contributing NATO Nations can lead to an affordable capability.

CIICS as a system is designed to support (inter-)national coordination on cyber incidents and on cyber information sharing and thereby leverages the possibility that Nations will really work together on cyber defence.

We hope that the introduction of CIICS leads to a system that is used by all NATO Nations, supported at the NATO Secret level and used as one of the data-sources for creating overall Cyber Defense Situational Awareness."

More News