Prix Henri La Fontaine pour les meilleurs mémoires en relations internationales The Engagement of NATO in Cybersecurity: Securing the 5th Battlefield Marion KOKEL 2013 – 2014 PRIX DECERNE PAR LE REPI RECHERCHE ET ENSEIGNEMENT EN POLITIQUE INTERNATIONALE UNIVERSITE LIBRE DE BRUXELLES, UNIVERSITE D’EUROPE FACULTE DES SCIENCES SOCIALES ET POLITIQUES Mémoire présenté par Marion KOKEL Directeur : Pr. Christian OLSSON Assesseur : Pr. Barbara DELCOURT En vue de l’obtention du grade de Master en sciences politiques, Orientation Relations internationales - Finalité Sécurité, paix, conflits Année académique 2013-2014 ii What is cybersecurity today? Example of a common perception1 - KAL. 1 KAL, KAL’s cartoon, 2009. iii Acknowledgements First and foremost I would like to thank my research supervisor, Professor Christian Olsson, for his availability and precious insights. His active involvement and expertise helped me shape and complete this thesis. I would also like to express my very sincere gratitude to Professor Barabara Delcourt, for her advice and constructive feedback to my questions. I thank NATO HQ for letting me use their library. I especially want to thank Dr. Jamie Shea, Dr. Detlef Puhl, Mr. Christian-Mark Lifländer, Mr. Jean-François Agneessens and his colleagues for their kindness and the interviews I had with them. Their contribution was of significant importance for the realisation of this thesis. Above all, I owe a lot to my fiancé, Rocky De Wiest, for his presence and continuous support and especially for coping with my difficult character. Writing this thesis required more than academic support and he encouraged me every single day in this journey. Finally, I want to thank my aunt and dear cousins for letting me stay with them during the completion of this thesis, as well as the rest of my family for supporting me throughout all my studies. iv List of abbreviations and acronyms ACT Allied Command Transformation APT Advanced Persistent Threat CIA Central Intelligence Agency CIS Communication and Information Security COTS Commercial Off-The-Shelf ESCD Emerging Security Challenges Division CCD COE Cooperative Cyber Defence Centre of Excellence CERT Computer Emergency Response Team CDMB Cyber Defence Management Board COE Centre of Excellence CSSL Cyber Security Service Line DDoS Distributed Denial of Service DPPC Defence Policy and Planning Committee EU European Union ICT Information and Communication Technologies IR International Relations IT Information Technology IMO International Military Organisation MOU Memorandum Of Understanding NAC North Atlantic Council NCI NATO Communications and Information NCIRC NATO Computer Incident Response Capability NATO North Atlantic Treaty Organisation NDPP NATO Defence Planning Process OSCE Organisation for Security and Co-operation in Europe RRT Rapid Reaction Team TC Technical Centre USA United States of America WMD Weapons of Mass Destruction v Table of Contents ACKNOWLEDGEMENTS ................................................................................................... IV LIST OF ABBREVIATIONS AND ACRONYMS .............................................................. V TABLE OF CONTENTS ....................................................................................................... VI SUMMARY ......................................................................................................................... VIII INTRODUCTION .................................................................................................................... 1 1 METHODOLOGICAL AND THEORETICAL FRAMEWORK ................................ 7 1.1 STATE OF THE ART .......................................................................................................... 7 1.1.1 Contextualising NATO’s transformation: an historic overview ............................. 7 1.1.2 From cyberspace to cybersecurity ........................................................................ 11 1.1.3 Literature review on NATO’s identity in the post-Cold War era .......................... 15 1.2 THEORETICAL FRAMEWORK ......................................................................................... 18 1.2.1 The Copenhagen School of security studies .......................................................... 19 1.2.2 A new sector? ........................................................................................................ 21 1.2.3 Limitations of this analytical grid ......................................................................... 24 1.3 METHODOLOGY ............................................................................................................ 25 1.3.1 Content analysis: a practical implementation of language theory ....................... 25 1.3.2 Indicators .............................................................................................................. 27 1.3.3 Empirical material ................................................................................................ 28 2 ON THE CONCEPTION OF CYBERSECURITY: NATO’S TAKE ON CYBER ‘MENACES’ ........................................................................................................................... 31 2.1 NATO’S STRATEGIC DOCTRINE IN CYBERSPACE ........................................................... 33 2.1.1 The referent objects of cybersecurity .................................................................... 33 2.1.2 Threats, menaces and their specificities ............................................................... 39 2.2 POLITICO-STRATEGIC APPROACH .................................................................................. 44 2.2.1 The referent objects of cybersecurity .................................................................... 45 2.2.2 Threats, menaces and their specificities ............................................................... 49 2.3 TECHNICAL-EXPERT APPROACH .................................................................................... 53 2.3.1 The referent objects of cybersecurity .................................................................... 55 2.3.2 Threats, menaces and their specificities ............................................................... 59 2.4 RESULTS ....................................................................................................................... 62 3 ON THE OPERATIONALIZATION OF CYBERSECURITY: THE RECONSTRUCTION OF NATO’S INSTITUTIONAL IDENTITY? ............................. 66 vi 3.1 OFFICIAL DISCOURSE ON NATO’S INVOLVEMENT IN CYBERSECURITY ......................... 68 3.1.1 The main actors of cybersecurity .......................................................................... 68 3.1.2 The primary functions of the Alliance ................................................................... 70 3.2 POLITICO-STRATEGIC APPROACH .................................................................................. 75 3.2.1 The main actors of cybersecurity .......................................................................... 76 3.2.2 The primary functions of the Alliance ................................................................... 78 3.3 TECHNICAL-EXPERT APPROACH .................................................................................... 81 3.3.1 The main actors of cybersecurity .......................................................................... 81 3.3.2 The primary functions of the Alliance ................................................................... 83 3.4 RESULTS ....................................................................................................................... 86 CONCLUSION ....................................................................................................................... 89 REFERENCES ....................................................................................................................... 92 GLOSSARY .......................................................................................................................... 101 vii Summary With the introduction of cybersecurity in its 2010 Strategic concept and its 2011 Policy on Cyber Defence, the North Atlantic Treaty Organisation (NATO) has implicitly introduced this aspect on the international agenda as an essential security issue. Since the creation of the Internet in the late 1960s, cybersecurity gradually sparked people’s interest for concerns regarding the development of cyberspace activities. However, it is only recently that this complex field has been extensively analysed and debated by scholars, policy makers, think tanks and international organisations. The present thesis argues that NATO’s narratives on cybersecurity are representing something more than an abstract buzzword: their content illustrates security practices constitutive of the Alliance’s identity formation. In this regard, it is argued that the transatlantic partnership might be transforming into an enlarged security organisation through its engagement in cybersecurity. To study this possibility, discursive practices of different NATO sources are examined through content analysis. Building on the Copenhagen School’s approach to security, the present study endorses the view that cybersecurity is theorised as a sixth sector of security, which frames particular referent objects, threats, key actors of security and the specific functions performed by these actors. We argue that mapping these different units in NATO’s discourse demonstrates that the Alliance is expanding