National CERT/CSIRT: Mandate and Organisation paper

This study explores the regulatory frameworks governing the functioning of national CERT/CSIRT capabilities across NATO countries. Special focus has been given to civilian/military cooperation and the incorporation of military capabilities into national crisis management mechanisms.

The report contains three substantive sections. First, it looks in general at the cyber security governance frameworks in the target countries, identifying their main responsibilities and competent authorities, and further discusses the role of civilian and military CERT/CSIRTs in terms of their constituencies and their place in national crisis management mechanisms. The second section explores examples of civilian-military cooperation at both national and international levels. Mindful of the sensitivity, the primary aim was to determine whether such cooperation existed and, if so, then what categories of activity were covered in general. The final section of the report seeks to formulate recommendations for better crisis management and cyber security that might stem from the parallel existence of CERT/CSIRT capabilities across national civilian and military environments.

The research shows that all responding states have civil-military digital/cyber cooperation established at the national level, either by law or under specific agreements and arrangements, confirm that these states are not working within a cyber security vacuum and will collaborate as or when needed or required. The consequence of such a governance framework and its efficacy are reflected upon in a cyber context. Based on the findings, a set of recommendations is made for a further strengthening of civil/military cooperation within national cyber incident response capabilities.