NATO Cyber Security Centre Chief Ian West told delegates at a recent conference about how the agency faced-up to the challenges created by the Covid-19 pandemic.
Ian West explained that the agency ran through contingency plan A, B, C & D to cope with the impact of the Covid-19 outbreak as he also conceded that systems, protocol & planning ‘may never’ come back to what they once were.
There are those who prefer to describe a ‘new normal’ as opposed to a return to ‘business as usual’, & Ian West described how the planning for NATO’s facilities around the world was fundamentally exposed, as has been the case for many organisations around the world.
Addressing the virtual conference, West commented that NATO was as relevant to any discussion on ‘progressing beyond this new normal’ as any other nation, government, or organisation because it was “significantly impacted” by the pandemic.
West explained “We’ve all been forced to change the way we operate while maintaining as close to business as usual as is possible.”
He went on to describe the organisation’s experiences & challenges in defending NATO’s critical communications infrastructure & outlined readiness for a 2nd wave.
NATO’s ICT Solutions
The agency provides, manages & protects most of NATO’s ICT Solutions including those that are mobile & deployable.
West outlined “ We have full enterprise networks that span the length & breadth of the alliance’s bases, at numerous security classification levels.
“But almost all of our static enterprise is designed to be operated from within a base – within a building & within an office. We just did not have a resource to cope with significant home or remote working. So, the vast majority of our staff members, outside of our agency at least, because we do have a mobile solution, had no ability to work outside the office.”
The agency had to quickly field 100s of mobile devices – laptops, tablets & smartphones to allow agency staff to work remotely. All of these needed to be secured & brought under its defensive umbrella. It was what West referred to as a “note to self” moment.
He went on to say, “Of course NATO business has to go on and we found ourselves providing video and collaborative tools at the highest levels of the alliance.”
“So that virtually North Atlantic Council & NATO Defence ministerial meetings could be held securely in places that just didn’t have that sort of capability – another note to self.”
The agency has a team of around 200 specialists who design, build, procure & operate the cybersecurity solutions for the entire alliance, mainly based in Belgium.
There is a significant scientific team based in the Netherlands, with around 34 locations around the world including Afghanistan, the Balkans & other areas.
The agency’s declared mission is to protect NATO’s networks. West emphasised this is NATO’s networks, not the networks of NATO’s member nations.
He admitted that when NATO reached for a plan because of the Covid-19 lockdowns, there was a recognition that they did not have one.
“Certainly not to that level anyway,” West observed. The 200-person team was split into 2 major groups, & one was identified as ‘essential service providers’.
Plan A, B, C & D
These were people who could only do their job from NATO’s facilities, who needed the specialised or highly classified systems.”
West described how when members of staff first contracted Covid-19, the team “..all told went through plan A, B, C & D as we struggled to maintain the integrity of social distancing while still defending our networks.”
Looking to the future, West further added: “Like most of the rest of Europe, we are engaged in a return to work programme. But where is work now?
“For the coming months, we will need to keep social distancing measures in place, which is difficult in some of our areas. So, our phased plan gradually brings people back to our facilities, but only where essential, & only where social distancing can be maintained.
“Within my agency, our initial ambition was to return to 100% attendance in our facilities. Well, that is been changed. Indeed, we may never operate again at 100% staffing in office. So culturally & technologically we need to adapt to this new normal.”
West leads an integrated team of experts which provides a broad range of whole-lifecycle, cybersecurity services: from service design, to implementation & operation of NATO’s cybersecurity defences.
From 2004 until his current appointment in Jan. 2014, he was the Director of the NATO Computer Incident Response Capability (NCIRC) Technical Centre.
Operational Cyber Defence
After the initial declaration of the NCIRC’s operational status in 2004, he led the development of operational cyber defence within the NATO Alliance, helping to transform the NATO Nations’ strategic vision for improved cyber defence into an effective capability.
West’s appointments with the NCI Agency follow around 30 years’ experience in the military security arena.
Previously he was a law enforcement & security officer in the UK’s Royal Air Force & later responsible for INFOSEC policy, inspections & security accreditation for NATO’s Allied Command Operations.