NATO’s cybersecurity chief as admitted that the agency ran through contingency plan A, B, C and D to cope with the impact of the Covid-19 outbreak as he also conceded that systems, protocol and planning may never come back as they once were.
Like many who prefer to describe a ‘new normal’ as opposed to a return to ‘business as usual’ Ian West described how the planning for NATO’s facilities around the world was fundamentally exposed - as has been the case for many organisations around the world.
Addressing the virtual conference, West said NATO was as relevant to any discussion on ‘progressing beyond this new normal’ as any other nation, government or organisation because it was “significantly impacted” by the pandemic.
West said: “We've all been forced to change the way we operate while maintaining as close to business as usual as is possible.”
He went on to explain the organisation's own experiences and challenges in defending NATO's critical communications infrastructure and talked about readiness for a second wave.
The agency provides, manages and protects almost all of NATO’s ICT Solutions including those that are mobile and deployable.
West said: “ We have full enterprise networks that span the length and breadth of the alliance’s bases, at numerous security classification levels.
“But almost all of our static enterprise is designed to be operated from within a base - within a building and within an office. We just didn't have a resource to cope with significant home or remote working. So the vast majority of our staff members, outside of our agency at least, because we do have a mobile solution, had no ability to work outside the office.”
The agency had to quickly field hundreds of mobile devices - laptops, tablets and smartphones to enable agency staff to work remotely. All of these needed to be secured and brought under its defensive umbrella. It was one of what West referred to as a “note to self” moment.
He added: “Of course NATO business has to go on and we found ourselves providing video and collaborative tools at the highest levels of the alliance. So that virtually North Atlantic Council and NATO Defence ministerial meetings could be held securely in places that just didn’t have that sort of capability - another note to self."
The agency has a team of around 200 specialists who design, build, procure and operate the cybersecurity solutions for the entire alliance, based mainly in Belgium.
There is a significant scientific team based in the Netherlands, with around 34 locations around the world including of Afghanistan, the Balkans and other operational areas.
The agency’s mission is to protect NATO’s networks. West was quick to emphasise this is NATO’s networks, not the networks of NATO’s member nations.
He admits that when NATO reached for a plan amid the Covid-19 lockdowns, there was a grim recognition that there wasn’t one.
“Certainly not to that level anyway,” West said. The 200 person team was split into two major groups, where one was identified as ‘essential service providers’.
These were people who could only do their job from NATO's facilities, who needed the specialised or highly classified systems.”
West described how when members of staff first contracted Covid-19, the team “..all told went through plan A, B, C and D as we struggled to maintain the integrity of social distancing while still defending our networks."
For the full interview catch up on the SC Digital Congress with the full proceedings available here.
Now looking to the future, West added: “Like most of the rest of Europe, we are engaged in a return to work programme. But where is work now?
"For the coming months, we will need to keep social distancing measures in place, which is difficult in some of our areas. So our phased plan gradually brings people back to our facilities, but only where essential, and only where social distancing can be maintained.
“Within my agency, our initial ambition was to return to 100 percent attendance in our facilities. Well, that’s been changed. Indeed we may never operate again at 100 percent staffing in office. So culturally and technologically we need to adapt to this new normal.”
West leads an integrated team of experts which provides a broad range of whole-lifecycle, cybersecurity services: from service design, through to implementation and operation of NATO’s cybersecurity defences.
From 2004 until his current appointment in January 2014, he was the director of the NATO Computer Incident Response Capability (NCIRC) Technical Centre.
From the initial declaration of the NCIRC’s operational status in 2004, he led the development of operational cyber defence within the Alliance, helping to transform the NATO Nations’ strategic vision for improved cyber defence into an effective capability. West’s appointments with the NCI Agency follow around 30 years’ experience in the military security arena.
He was formerly a law enforcement and security officer in the Royal Air Force of the United Kingdom and later responsible for INFOSEC policy, inspections and security accreditation for NATO’s Allied Command Operations.
In the SC Magazine (Europe)’s awards for 2016, the NCI Agency cybersecurity team was awarded a Highly Commended in the Best Security Team of the Year category and West was honoured with the cybersecurity industry’s highest award of ‘Chief Information Security Officer of the Year’.