The NATO-developed Cyber Information and Incident Coordination System (CIICS) is debuting at the alliance’s cyber operations center this week, the NATO Communications and Information Agency (NCI Agency), said Monday.
The CIICS was developed by the NCI Agency as part of the Multi National Cyber Defence Capability Development (MN CD2) project, an effort to share intelligence as well as detect and thwart cyber threats at a quicker pace across several countries.
Manisha Parmar, senior cyber security scientist at the NCI Agency, said CIICS alerts countries about potential cyber attacks and also allows them to respond to it with the help of other users.
“So for example, if I’m Romania and I have detected a cyber-attack which might be replicated against Norway or the Netherlands, I can share that information with these countries and they will get immediately alerted if a similar threat shows up. It allows them to thwart the cyber-attack before it can take place,” Parmar said in a statement.
CIICS is currently being used by Canada, the Netherlands, and Romania. Later in 2017 it is set to be deployed to Norway as well as partner countries Finland and Ireland, which have started trialing it.
An NCI Agency spokeswoman said CIICS was developed with the Belgium-based contractor Rhea Group. The company has over 300 scientists and engineers globally working on cyber security and space issues. It previously contributed to a NATO cyber defense exercise, led the first cyber range for space systems and operations for the European Space Agency (ESA), and has supported over 100 ESA spacecraft.
MC CD2 was created in 2013 after Canada, the Netherlands, Romania, Denmark, and Norway decided to work together to leverage their respective expertise to improve cyber defenses.
“The principle of MN CD2 is that instead of Nations taking on the R&D [Research and Development] themselves, they share it with other Nations, so that they benefit from economies of scale,” Parmar said.
The MN CD2 is open to all alliance countries, although partner nations must receive approval from the project’s board to join.
Canada, the Netherlands, and Romania later approached the NCI Agency, seeking to develop a cyber intelligence sharing platform. The agency spoke with the countries and established what they wanted to develop as one tool that would work for all of them, leading to CIICS, NATO said.
Parmar said the partnership is not just a financial benefit of pooling resources with the NCI Agency, but also how the agency has technical skills and expertise from the alliance’s 28 member nations.
“The advantage of approaching a project this way is that we get a mature tool much quicker. Within month of gathering information on each Nation’s requirements, we deployed a first work package,” Parmar said.
Now almost four years after the initial request, the NCI Agency is on its fifth work package, a mature tool, and three countries using CIICS. The tool has also been deployed on a trial basis to the NATO Computer Incident Response Capability Technical Center (NCIRC TC) this week. The agency said it is constantly enhancing the CIICS, speaking to a community of users, and adapting to new requirements.
Poland, Germany, the UK, and Switzerland have also expressed interest in CIICS, although none have formal agreements in place yet, the NCI Agency said.
Sarah Brown, CIICS technical lead at the NCI Agency said the system proved its usefulness when nations used it in the Cyber Coalition, one of the world’s largest cyber defense exercises. It allows several countries to operate as a coalition and defend networks together.
“This showed that CIICS can be of great benefit to the Alliance, helping forces communicate, train and operate better together in a Federated Mission Networking (FMN) environment,” Brown said in a statement.
Arnold Colijn, senior innovation project manager at the Dutch Ministry of Defence highlighted the tool has been very beneficial to the Netherlands as it shows capability-development with just a few contributing NATO nations can lead to an affordable capabilities.
“CIICS as a system is designed to support international coordination on cyber incidents and on cyber information sharing and thereby leverages the possibility that Nations will really work together on cyber defence. We hope that the introduction of CIICS leads to a system that is used by all NATO Nations, supported at the NATO Secret level and used as one of the data-sources for creating overall Cyber Defense Situational Awareness,” he said in a statement.