NCI Agency and Industry experts gathered in Rome to exchange views and best practices on the detection and prevention of insider threat.
The workshop, hosted by Leonardo on 3 November 2016, was the fourth in a series of events held since February, aiming to strengthen NATO and Industry cyber defences through collaborative identification of cyber threats as well as techniques, practices, and procedures to counter those threats.
"Sometimes we can focus too much on external threats, however, the unfortunate reality is that staff members pose a continuous and significant challenge to our operations and business by causing accidental or intentional security breaches," said Ian West, NCI Agency's Chief of Cyber Security and co-chair of the workshop.
"Numerous very serious security breaches remind us that we ignore the insider threat at our peril. Through the Threat Vector Analysis workshops, we have already made advances in our understanding of an array of cyber threats and how to defend against them, and I am confident that NATO and industry participants will come away from this discussion better prepared to detect and prevent insider threats."
At this year's Warsaw Summit, Allied Heads of State and Government pledged to ensure the Alliance keeps pace with the fast evolving cyber threat landscape and highlighted the importance of information sharing with Industry to improve understanding of cyber threats.
The Threat Vector Analysis Workshops (TVA) are a key activity of the NATO Industry Cyber Partnership (NICP). They are are focused on developing a common taxonomy for threats, as well as the use of standards in exchanging cyber threat information, in order to improve information sharing, ultimately leading to a better collective cyber defence.
Alliance leaders endorsed the NICP at the Wales Summit in September 2014, recognizing that NATO and Industry face shared risks in the cyber domain. They recognized that addressing these challenges requires new frameworks for action. Executives representing security and defence, IT, financial and critical infrastructure sectors later formed an informal cyber defence working group to focus on priority areas where NATO and Industry can work together for their mutual benefit, both at a technical level and at an operational level, in order to develop greater momentum for information sharing and collaboration.