James Appathurai, NATO
James Appathurai, NATO's deputy assistant secretary general for innovation, hybrid and cyber, speaks at the 2024 ENISA Cybersecurity Policy Conference in Brussels. Image: Alexander Martin / Recorded Future News

NATO to launch new cyber center to contest cyberspace 'at all times'

NATO will establish a new cyber center at its military headquarters in Mons, Belgium, a senior official confirmed to Recorded Future News on Wednesday. The new facility, details about which have not previously been reported, marks the fruition of a significant doctrinal shift in how the alliance approaches operations in cyberspace.

The shift, as officially set out in NATO’s Strategic Concept (2022), states that “cyberspace is contested at all times,” meaning it cannot just be a concern for the military alliance during moments of crisis or conflict. NATO needs to constantly engage with adversaries on computer networks — not just when Article 4 or Article 5 are triggered by allies.

Although allies last year endorsed the creation of a NATO cyber center during the cyber defense conference in Berlin, at that time the exact plan was unclear. Suggestions ranged from an institution that would help develop cyber competencies among allies through to a tactical-level command for combined operations, similar to NATO’s maritime (MARCOM), air (AIRCOM), and land (LANDCOM) command centers.

Speaking to Recorded Future News at the ENISA Cybersecurity Policy Conference in Brussels, James Appathurai, NATO’s deputy assistant secretary general for innovation, hybrid and cyber, said the structural changes that are being made flow from that doctrine about cyberspace. He said the model for the center was the United Kingdom’s National Cyber Security Centre — where civilian experts could work alongside those from industry, the military, and NATO’s political corps — to address potential threats.

The working name for the new facility is the NATO Integrated Cyber Centre (NICC).

The idea is the NICC would physically co-locate personnel in Mons to provide the Supreme Allied Commander Europe (SACEUR) — effectively NATO’s most senior military official, historically always a senior U.S. military officer — with 24/7 visibility over both NATO enterprise networks and other networks beyond where incidents risk impacting military operations in Europe.

SACEUR “needs to have visibility over what cyberspace looks like for him at all times. That’s the logic behind this, and that’s where we will get to in time for the summit, which is in only a few weeks,” explained Appathurai.

Delivering his keynote to the conference, Appathurai said: “For example, a port in Europe has been under a sustained cyberattack to try to lock the locks. So we have ships transiting through, [the attackers] try to lock it and drain the water to drop the ship inside of the lock, which would damage the ship and block the port.”

Appathurai did not name the port and did not confirm the port when asked by Recorded Future News. But for a major seaport such as Rotterdam, the potential impact of such an attack could severely disrupt the supply of critical military and civilian materiel. Officials in the United States are warning that cyberattacks pose a significant threat to ports.

“There is a lot more risk and a lot more capabilities out there. So what are we doing about it? First we have to recognise and act on it,” said Appathurai.

“We need to break down, in the NATO sense, bureaucratic barriers. For us, we have the military, we have the civilians, we have the intelligence world, we have industry. We are working on bringing them all together.

“I would commend for an example the U.K. National Cyber Security Centre, where they have everybody together in one building, with a less secure and then a more secure tier. And industry is there full-time with everybody else, with information on their networks, providing it and receiving intelligence or other forms of support. So aggregating what is disaggregated, and breaking down the barriers between the two,” he said.

No delineation between peacetime and conflict 

Acknowledging that “cyberspace is contested at all times” was “the most fundamental shift we’ve made in the last year,” said Appathurai. “Allies have now codified the understanding that unlike in other environments, you cannot have a clear delineation between peacetime, crisis, and conflict [in cyberspace].”

The concept is a comfortable one for some of NATO’s more mature cyber powers, particularly the United States has proactively conducted what it calls persistent engagement for a number of years — alongside similar operational activities by the United Kingdom and the Netherlands. 

But among some allies, the prescription that the concept calls for — engaging with adversaries in cyberspace — remains controversial. Appathurai said that key to understanding the prescription, and to understanding the risk facing Europe in general, was the conflict in Ukraine.

“It’s really important that people understand how important cyberdefense has been for Ukrainians. Without it, their military command and control wouldn’t work. Their civilian communications would not work. They would not have banks operating and providing people money. People wouldn’t know where to go and what to do when something happens. And President Zelensky would not be on the air motivating us to provide weapons — which we need to do faster — helping his people to have courage in this situation.”

Cyberdefense “underpins everything in our doctrine,” said the NATO official. This was also why the new cyber center would not be a command in the style of MARCOM or LANDCOM, because cyber underpins the other domains.

The ultimate structure of the center hasn’t been finalized, Appathurai told Recorded Future News, explaining that the plan was to get everything completed ahead of the summit in Washington in July, adding that “literally this morning was another meeting of our committee that’s looking at our political-military advice.”

“The direction we’ve already been given is clear, that we have to integrate political and military tools to give us a better picture of military and civilian networks, that this should be for deterrence and defense, so that’s very much the framework in which it’s in,” he explained.

“But also that this will parallel and complement a separate track of decisions that we’re taking in time for the summit, to give NATO a stronger role when it comes to, for example, enforcing cyber norms when it comes to allies, allies being able to work in other international bodies, to strengthen standards. So there’s a political aspect that will be strengthened as well as this very practical center, or whatever we end up calling it.”

“We’re working on the mechanics of the center. How exactly staff will relate to each other, who exactly, which parts exactly, but this is all mechanics and it can be worked out so there’s no problem there. So I’m actually 100% confident that we will arrive at a good solution.

“Then there’s the implementation. That’s always a bureaucratic struggle, but we’ll get through it, and we’ll get through it pretty fast because it’s NATO and you can give orders,” he said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.