Through this multinational project the Nations have an opportunity to work together to develop new Cyber Defence capabilities. Capability development activities will be conducted as specific work packages organized under a yearly Programme of Work (PoW). Nations can decide what work package they want to be part of and can also recommend new work packages for inclusion into the MN CD2 PoW. Each work package will only be governed by the decisions of its participants.
Established on 14 Mar 2013 by five founding Nations: Canada, Denmark, The Netherlands, Norway, and Romania.
Current participants are Canada, The Netherlands, Romania and partner nation Finland.
NCI Agency support to MN CD2
Under the MN CD2 legal framework the NCI Agency acts as an enabler and a coordination agent and is fully committed to the success of the MN CD2 Initiative.
NCI Agency support spans from running the MN CD2 Project Office to providing project management, contracting, legal and technical support to any work package under execution.
The NCI Agency will also facilitate discussions between the MN CD2 and the NATO Cyber Defence communities and will strive to ensure that the MN CD2 work packages leverage any relevant activity conducted under NATO common funding so as to avoid duplication or overlap of activities.
What are the objectives of the Multinational Cyber Defence Capability Development Initiative?
The overall objective of the MN CD2 initiative is to facilitate the development of national Cyber Defence capabilities through a collaborative effort. It provides a vehicle for the Nations to focus their efforts in areas of their choice, and within their financial constraints, while maintaining an overall approach and achieving a well-balanced Cyber Defence capability.
What services can Nations get through the MN CD2 Initiative?
This programme is established with a management structure executing the primary coordination and interface activities required to align the various national and NATO efforts. This includes coordination of all facets of capability development including research, design and engineering, testing and experimentation, verification, and procurement. In addition, the programme ensures interoperability through validation and/or certification of the capabilities developed. One of the main objectives is to maintain flexibility and agility in each MN CD2 project.
Coordination and Joint Execution
The MN CD2 Initiative allows a coalition of willing Nations to leverage common interests and national activities to:
In order to support Cyber Defence capability development, NATO's Allied Command Transformation (ACT) and the NCI Agency have developed a Cyber Defence capability framework which provides a clear overview of the Cyber Defence technical capabilities. This framework provides a structured way for the MN CD2 participants to assess the possible capability gaps in their Nations and come up with joint development plans.
Technical and Engineering Forum
The MN CD2 Initiative will provide a forum to:
Test & Experimentation
A key element of joint capability development is an experimentation and validation infrastructure that ensures that new Cyber Defence capabilities are validated and interoperable as required.
From experience gained in other technical areas, the vision is to establish a federated and shared experimentation and validation infrastructure which would possibly borrow concepts from other federated capabilities like the Distributed Networked Battle Labs (DNBL) Framework.
The primary focus of the MN CD2 Memorandum of Understanding (MoU) is to establish the multinational project governance and management framework as well as to facilitate the execution of the multi-year PoW. The MoU will be supplemented by Task Orders detailing the exact scope and execution of the respective Work Packages. The MN CD2 MoU is a very flexible legal tool which allows any NATO Nation to join the MN CD2 initiative at any time. It also includes the possibility for participating Nations to offer Contributions in support of the execution of any work package.
The MN CD2 Governance and Management model is composed of MN CD2 Board and MN CD2 Project Office. The MN CD2 Board is a group composed of the Work Package Participants and the NCI Agency. The MN CD2 Project Office is the executive staff of the MN CD2 Board responsible for carrying out the work related to the MN CD2 coordination, fund management, administration, and organization of the work packages into a 3-year Rolling Plan, as well as providing secretarial support to the MN CD2 Board, including preparation of the MN CD2 Board meetings. The work packages are services/deliverables and/or equipment to be delivered at the request of one or more participants, in the MN CD2 framework.
Past projects and outputs
Deception Techniques (HoneyNets, Honey Tokens)
Research on deception techniques, feasibility studies on cost-sharing of tool development, automated Honey Token Deployment tool for Windows based networks
Cyber Defence Situational Awareness
Identification and delivery of requirements and proof of concept for modern militaries to understand the mission-critical state of the CIS, its vulnerabilities and its exact contribution to operations
Cyber Defence Information sharing concepts
The Cyber Information and Incident Coordination System enables collaboration across National boundaries by supporting the joint coordination of cyber information and of cyber incidents handling
Threat Hunting Techniques (Multisource Correlation)
Research and assessment, development of prototype software/system for off-line analysis using intelligent correlation algorithms for detection of advanced persistent threats (APTs)
Cyber Attack Mitigation Through Semi-Automated Responses
Research and assessment, design and development of proof of concept architecture, evaluation against basic attack scenarios
Dynamic Network Enumeration
Research and development of a network enumeration tool based on Open Source Software and targeted for complex and highly segregated military networks
Cyber Security Assessment Team Concept
Research skeleton capability for multinational use of core Security Assessment team, organizational structure and staffing requirements
Proactive Detection Through Threat Hunting
Facilitation of establishment of proactive detection capabilities in participating nations by requirement analysis, best-practice research, development of a holistic threat hunting model and development of proof of concept to be distributed to participating nations
Enhancement of current Cyber Defence Situational Awareness tool
Enhancements to the MN CD2 developed tool with high priority functionality based on national requirements
Enhancement of current CIICS tool
Enhancements to the MN CD2 developed CIICS (Cyber Information and Incident Coordination System) tool with additional functionality based on national requirements
Potential future projects/areas of interest
Blockchain for supply chain management
Research and Roadmap proposal for on blockchain for ensuring auditable and trustworthy supply chain management
DevSecOps in Defence
Research on DevSecOps process in military environment, including adaptation of approval and accreditation processes to match increasing pace and intensity of development and deployment activities
Common Metrics for Evaluation of Artificial Intelligence and Machine Learning Methods in Cyber Defence
Admission and Contact
NATO Nations and Partner Nations may participate to MN CD2. For more detailed information on joining the project, Nations are invited to send their electronic mail to the NCI Agency, Demand.Management@ncia.nato.int.