Assemblée parlementaire de l'OTAN
HomeDOCUMENTSPolicy Recommendations2011RESOLUTION 387 on CYBER SECURITY

RESOLUTION 387 on CYBER SECURITY *

Facebook
Twitter
Delicious
Google Buzz
diggIt
RSS

The Assembly,

1. Recognizing the benefits offered by the cyber domain to our societies as well as to the defence and security sector, including opportunities for greater situational awareness and co ordination among the armed forces of the Allies as well as for the Alliance's public diplomacy;

2. But also concerned with the emergence of a new category of threats that target national information infrastructures, and that could seriously undermine the security interests of the Alliance and its member states;

3. Anxious that cyber defence capabilities and awareness of cyber threats vary significantly across NATO member states thereby weakening the Alliance's overall cyber security;

4. Welcoming the decisions made by the leaders of the Alliance at the NATO Lisbon Summit and the meeting of NATO Defence Ministers in June 2011, identifying cyber security as one of the key priorities of the Alliance;

5. Welcoming the recent start of the procurement process to pursue full operational capability for the new NATO Policy on Cyber Defence, which will result in significantly higher levels of protection of the Alliance's networks;

6. Saluting NATO's approach aimed at expanding its cyber defence policy to include centralised cyber protection of all NATO bodies and the use of NATO's defence planning processes in the development of the Allies' cyber defence capabilities;

7. Believing that, in view of the growing scope and severity of cyber attacks, in addition to exploiting fully the opportunities offered by Article 4, the potential application of Article 5 of the Washington Treaty in case of a serious cyber attack against the Alliance or its individual members, should not be ruled out;

8. Noting that legislative "black holes" still exist both at a national level and in terms of international law when it comes to setting security standards for the cyber domain;

9. Emphasizing that stricter security regulations for the cyber domain should not come at the cost of reduced civil liberties and rights, such as freedom of speech and the right to communicate over the Internet, and noting the key role of the Internet in mobilising democratic movements in authoritarian countries;

10. URGES member governments and parliaments of the North Atlantic Alliance:

a. to ensure swift implementation of the revised NATO Policy on Cyber Defence and the related cyber defence Action Plan, adopted in June 2011, introducing the cyber dimension in all three of NATO's core tasks: collective defence, crisis management and co operative security;

b. to promote domestic awareness of cyber threats, taking into account lessons learned from milestone events including the cyber attacks against Estonia in 2007 and against Georgia in 2008 as well as the emergence of Stuxnet malicious software;

c. to scrutinize domestic legal frameworks, ensuring that coherent and effective laws are in place to address the evolving cyber threats;

d. to provide necessary support for the efficient functioning of national Computer Incident Response Teams, and to invest sufficiently in the training of national cyber security experts;

e. to promote closer partnerships between governments, the private sector and civil society organizations in order to ensure the security of government networks and improve the exchange of expertise in case of a breach of security;

f. to ensure that the introduction of additional security measures in the cyber domain are accompanied by adequate mechanisms of parliamentary and public oversight over their respective government institutions;

g. to support international efforts to develop universal norms of acceptable behaviour in the cyber domain against the use of cyber attacks on civilian targets, and that would promote exchange of best practices and establish mechanisms of international assistance to stricken nations, while ensuring full universal access to the Internet as a venue for the exchange of ideas and information;

h. to ensure that adequate attention is paid to the physical protection of networks, including undersea fibre-optic infrastructures;

11. URGES relevant NATO bodies:

a. to ensure that NATO Computer Incident Response Capability is fully operational by the end of 2012, and that NATO's cyber defence services are centralized;

b. to facilitate, if requested, national efforts of NATO member states to acquire adequate cyber defence expertise and state-of-the-art technologies;

c. to test the efficacy of NATO and member states' cyber defence efforts through NATO's periodic international exercises, and to ensure that these exercises are fully funded, staffed and well-attended;

d. to use capabilities such as NATO Cyber Defence Management Board and NATO Co operative Cyber Defence Centre of Excellence, to analyse rapid developments further in the cyber domain and to develop strategies for strengthening cyber defences across the Alliance, while exploiting the advantages of the information age through initiatives such as NATO Network Enabled Capability;

e. to develop further the existing co-operation mechanisms with the relevant EU institutions, with the particular aim of supporting the EU's legislative efforts to establish robust cyber security standards across the private sector;

f. to increase assistance, if requested, to NATO partner countries in the field of cyber security, particularly by sharing best practices and raising awareness of cyber threats

 

[*] Presented by the Committee on the Civil Dimension of Security and adopted during the Plenary sitting on Monday 10 October 2011, Bucharest, Romania.
Share