Home  /  What we do  /  Cyber Security  /  Multinational Cyber Defence Capability Development

Multinational Cyber Defence Capability Development
(MN CD2)

Through this multinational project the Nations have an opportunity to work together to develop new Cyber Defence capabilities. Capability development activities will be con­ducted as specific work packages organized under a yearly Programme of Work (PoW). Nations can decide what work package they want to be part of and can also recommend new work packages for inclusion into the MN CD2 PoW. Each work package will only be governed by the decisions of its partici­pants.

Established on 14 Mar 2013 by five founding Nations: Canada, Denmark, The Netherlands, Norway, and Romania.

Current participants are Canada, The Netherlands, Romania and partner nation Finland.

NCI Agency support to MN CD2

Under the MN CD2 legal framework the NCI Agency acts as an enabler and a coordination agent and is fully committed to the success of the MN CD2 Initiative.

NCI Agency support spans from running the MN CD2 Project Office to providing project management, contracting, legal and technical support to any work package under execution.

The NCI Agency will also facilitate discussions between the MN CD2 and the NATO Cyber Defence communities and will strive to ensure that the MN CD2 work packages leverage any relevant activity conducted under NATO common funding so as to avoid duplication or overlap of activities.

What are the objectives of the Multinational Cyber Defence Capability Development Initiative?

The overall objective of the MN CD2 initiative is to facilitate the development of national Cyber Defence capabilities through a collaborative effort. It provides a vehicle for the Nations to focus their efforts in areas of their choice, and within their financial constraints, while maintaining an overall approach and achieving a well-balanced Cyber Defence capability.

What services can Nations get through the MN CD2 Initiative?


This programme is established with a management structure ex­ecuting the primary coordination and interface activities required to align the various national and NATO efforts. This includes coor­dination of all facets of capability development including research, design and engineering, testing and experimentation, verifica­tion, and procurement. In addition, the programme ensures interoperability through validation and/or certification of the capabilities developed. One of the main objectives is to maintain flexibility and agility in each MN CD2 project.

Coordination and Joint Execution

The MN CD2 Initiative allows a coalition of willing Nations to leverage common interests and national activities to:

  • Conduct joint development and acquisition of interoperable Cyber Defence capabilities;

  • Coordinate national Cyber Defence scientific and technical activities;

  • Promote multilateral collaboration and information sharing.

In order to support Cyber Defence capability development, NATO's Allied Command Transformation (ACT) and the NCI Agency have developed a Cyber Defence capability framework which provides a clear overview of the Cyber Defence technical capabilities. This framework provides a structured way for the MN CD2 participants to assess the possible capability gaps in their Nations and come up with joint development plans.

Technical and Engineering Forum

The MN CD2 Initiative will provide a forum to:

  • Consolidate requirements from the Cyber Defence operational community;

  • Provide recommendations and guidance on the implementa­tion roadmap of interoperable Cyber Defence capabilities;

  • Liaise with Cyber Defence civil entities and national industries.

Test & Experimentation

A key element of joint capability development is an experimenta­tion and validation infrastructure that ensures that new Cyber Defence capabilities are validated and interoperable as required.

From experience gained in other technical areas, the vision is to establish a federated and shared experimentation and validation infrastructure which would possibly borrow concepts from other federated capabilities like the Distributed Networked Battle Labs (DNBL) Framework.

Legal Framework

The primary focus of the MN CD2 Memorandum of Understanding (MoU) is to establish the multinational project governance and management framework as well as to facilitate the execution of the multi-year PoW. The MoU will be supplemented by Task Orders detailing the exact scope and execution of the respective Work Packages. The MN CD2 MoU is a very flexible legal tool which allows any NATO Nation to join the MN CD2 initiative at any time. It also includes the possibility for participating Nations to offer Contributions in support of the execution of any work package.

Management Model

The MN CD2 Governance and Management model is composed of MN CD2 Board and MN CD2 Project Office. The MN CD2 Board is a group composed of the Work Package Participants and the NCI Agency. The MN CD2 Project Office is the executive staff of the MN CD2 Board responsible for carrying out the work related to the MN CD2 coordination, fund management, administration, and organization of the work packages into a 3-year Rolling Plan, as well as providing secretarial support to the MN CD2 Board, including preparation of the MN CD2 Board meetings. The work packages are services/deliverables and/or equipment to be delivered at the request of one or more participants, in the MN CD2 framework.


Past projects and outputs

Deception Techniques (HoneyNets, Honey Tokens)

Research on deception techniques, feasibility studies on cost-sharing of tool development, automated Honey Token Deployment tool for Windows based networks

Cyber Defence Situational Awareness

Identification and delivery of requirements and proof of concept for modern militaries to understand the mission-critical state of the CIS, its vulnerabilities and its exact contribution to operations

Cyber Defence Information sharing concepts

The Cyber Information and Incident Coordination System enables collaboration across National boundaries by supporting the joint coordination of cyber information and of cyber incidents handling

Threat Hunting Techniques (Multisource Correlation)

Research and assessment, development of prototype software/system for off-line analysis using intelligent correlation algorithms for detection of advanced persistent threats (APTs)

Cyber Attack Mitigation Through Semi-Automated Responses

Research and assessment, design and development of proof of concept architecture, evaluation against basic attack scenarios

Dynamic Network Enumeration

Research and development of a network enumeration tool based on Open Source Software and targeted for complex and highly segregated military networks

Cyber Security Assessment Team Concept

Research skeleton capability for multinational use of core Security Assessment team, organizational structure and staffing requirements

Current Projects

Proactive Detection Through Threat Hunting

Facilitation of establishment of proactive detection capabilities in participating nations by requirement analysis, best-practice research, development of a holistic threat hunting model and development of proof of concept to be distributed to participating nations

Enhancement of current Cyber Defence Situational Awareness tool

Enhancements to the MN CD2 developed tool with high priority functionality based on national requirements

Enhancement of current CIICS tool

Enhancements to the MN CD2 developed CIICS (Cyber Information and Incident Coordination System) tool with additional functionality based on national requirements

Potential future projects/areas of interest

Blockchain for supply chain management

Research and Roadmap proposal for on blockchain for ensuring auditable and trustworthy supply chain management

DevSecOps in Defence

Research on DevSecOps process in military environment, including adaptation of approval and accreditation processes to match increasing pace and intensity of development and deployment activities

Common Metrics for Evaluation of Artificial Intelligence and Machine Learning Methods in Cyber Defence

Admission and Contact

NATO Nations and Partner Nations may participate to MN CD2. For more detailed information on joining the project, Nations are invited to send their electronic mail to the NCI Agency, Demand.Management@ncia.nato.int.