NATO Cooperative Cyber Defence Centre of Excellence

NATO Cooperative Cyber Defence Centre of Excellence We support our member nations and NATO with cyber defence expertise.

At the CyCon Commanders Forum (CCF) last week in Tallinn, our Irish national representative at the CCDCOE, Commandant Ro...
02/06/2026

At the CyCon Commanders Forum (CCF) last week in Tallinn, our Irish national representative at the CCDCOE, Commandant Robert Gallagher, introduced his current project.

Robert is currently leading the development of the “Cyber in Operations Handbook” (CiOHB) at the CCDCOE. This handbook aims to provide practical guidance for operational planners and commanders on effectively integrating cyber capabilities into all phases of military operations.

The presentation attracted significant interest among the attending cyber commanders representing 33 nations, highlighting the relevance of this work within the international military community.

The handbook is due for publication in May 2027.

And that’s a wrap of !On behalf of the organisers, thank you to all speakers, moderators, authors, workshop leaders, vo...
29/05/2026

And that’s a wrap of !

On behalf of the organisers, thank you to all speakers, moderators, authors, workshop leaders, volunteers, and participants who made CyCon 2026 such a remarkable event.

Special thanks also go to our sponsors: TrendAI, Palo Alto Networks, Siemens, CrowdStrike, Microsoft, Cloudflare, CybExer Technologies, Antisyphon Training, Silent Push, Silobreaker, HWG Sababa, GreyNoise Intelligence, VMRay, Nortal and IEEE.

Having closed CyCon 2026, we are happy to announce the theme for CyCon 2027, which will be Unified Response. See you back in Tallinn on 25-28 May 2027!

📖 Proceedings: https://ccdcoe.org/library/publications/18th-international-conference-on-cyber-conflict-securing-tomorrow/

📷 More photos: 133800821@N02/albums" rel="ugc" target="_blank">https://www.flickr.com/photos/133800821@N02/albums

Before closing an incredible week of discussions, debates, and new ideas at , we turned our attention to a challenge th...
29/05/2026

Before closing an incredible week of discussions, debates, and new ideas at , we turned our attention to a challenge that sits at the intersection of law, technology, military operations, and humanitarian protection: how do we protect medical and humanitarian services in cyberspace?

The plenary “Securing the Symbol: The Digital Emblem Project and the Future of Protected Medical and Humanitarian Digital Infrastructure,” moderated by Prof Rain Liivoja, Samit D'Cunha, Allan Avi, Fred Pullen, Tommy Jensen, and Anna Besançon explored the International Committee of the Red Cross’s Digital Emblem initiative and its potential role in safeguarding hospitals, emergency response systems, humanitarian supply chains, and medical data platforms in an increasingly contested digital environment.

Bringing together legal, technical, and operational perspectives, the panel explored questions of international humanitarian law, technical implementation, authentication, resilience against misuse, and integration into military cyber planning and operations. Equally important was the focus on practical implementation: how exercises, simulations, and stakeholder engagement can help transform an ambitious concept into an operational reality.

The conversation was a fitting conclusion to a week dedicated to securing tomorrow, highlighting that effective protection in cyberspace requires not only legal clarity, but also technical credibility and operational viability.

Jeff Foley, Chief Technology Evangelist for Cybersecurity at Siemens Digital Industries, delivered a keynote at : “Anti...
29/05/2026

Jeff Foley, Chief Technology Evangelist for Cybersecurity at Siemens Digital Industries, delivered a keynote at : “Anticipating the Next Attack Surface: OT Security in an Era of AI and Automation.”

AI and automation are reshaping the cybersecurity landscape for critical infrastructure, expanding the OT attack surface from physical assets to interconnected systems, autonomous operations, and machine-speed decisions. Adversaries can now weaponize AI to accelerate attacks, while defenders must equally leverage it for real-time detection, response, and resilience. This shift renders traditional perimeter-based security insufficient, requiring Zero Trust, defense-in-depth, and secure-by-design architectures that continuously validate trust, embed identity, and assume compromise.

In this evolving cyber conflict environment - aligned with CyCon’s focus on Securing Tomorrow - cybersecurity must move beyond protecting infrastructure to securing outcomes, ensuring trusted, explainable, and resilient operations. Success depends on the ability to detect, decide, and act at machine speed while maintaining human oversight and control in increasingly automated OT environments.

Securing tomorrow means defending AI-driven infrastructure at machine speed - where cybersecurity, automation, and resilience converge.

Cyber resilience is no longer only a technical question. It is increasingly about trust, coordination, and the ability t...
29/05/2026

Cyber resilience is no longer only a technical question. It is increasingly about trust, coordination, and the ability to act under pressure. two last Strategy/policy track panels highlighted this clearly.

The first focused on cyber threat intelligence in Europe. A key message was that CTI is not only about collecting indicators, but about understanding them and making them actionable. NIS2 can help Europe move towards a more cohesive CTI ecosystem, but regulation alone is not enough. Automation and AI can improve speed and scale, yet human judgement remains essential for interpretation, intent analysis, and decision-making.

The second panel focused on cyber resilience across allied supply chains. Critical dependencies now cross borders, sectors, vendors, and jurisdictions. The discussion showed that resilience cannot stop at the organisational level. It must be built across entire ecosystems, including SMEs, vendors, public authorities, and military actors.

A shared conclusion from both panels was clear: cyber defence depends on trusted ecosystems. Whether we are discussing intelligence sharing or supply chain resilience, the weakest link can quickly become a strategic vulnerability.

The way forward requires stronger public-private cooperation, regular exercising, mature processes, and cyber capabilities that are not only compliant and scalable, but also operationally usable in crisis conditions.

The Tech Track panel at on „Sovereign and Assured Architectures for Mission-Critical Systems“ featured presentations a...
29/05/2026

The Tech Track panel at on „Sovereign and Assured Architectures for Mission-Critical Systems“ featured presentations addressing problems stemming from the software supply chain. Currently our defence depends on components we don’t control. The proposed solutions aimed at reducing the attack surface, and achieveing sovereignity. The topic is relevant since defence and government-critical systems depend on complex software supplied by third-party vendors, and the systems may have decades-long lifecycles.

Cloudflare took the stage with a story that should make every security team uncomfortable: a phishing platform that ma...
28/05/2026

Cloudflare took the stage with a story that should make every security team uncomfortable: a phishing platform that made multi-factor authentication completely irrelevant - available to any criminal for $120 a month.

Michiel Appelman, Principal Solutions Engineer at Cloudflare, walked through the anatomy of Tycoon 2FA and the joint operation with Microsoft and Europol that dismantled it in March 2026 - taking down 24,000 domains in a single action.

Tycoon 2FA did not succeed through technical sophistication. It succeeded by sitting silently between the victim and the real service, capturing live session tokens before MFA ever had a chance to matter.

Key takeaways:
🔷 MFA is necessary, but not sufficient - SMS codes, push notifications and one-time codes are all proxy-able and therefore defeatable.
🔷 Only origin-bound authentication - FIDO2, WebAuthn, hardware-backed passkeys holds up against this class of attack.
🔷 Session token theft has now overtaken zero-day exploits as the primary access method.
🔷 Nation-state actors are increasingly routing command-and-control through legitimate services like Google Calendar, blending invisibly into normal enterprise traffic
🔷 Coordinated public-private takedowns work. But they are not a substitute for getting the fundamentals right.

Cloudflare Threat Report 2026: https://www.cloudflare.com/lp/threat-report-2026/

technology track panel „Cyber Operations in Hybrid and Wartime Contexts“ featured presentations on hybrid operation ef...
28/05/2026

technology track panel „Cyber Operations in Hybrid and Wartime Contexts“ featured presentations on hybrid operation effects on the physical layer, with aviation as an example, on wartime DDoS attacks, and on coordination and lack thereof within the cyber domain and between domains.

We see civilian infrastructure as an operational terrain. GNSS jamming and spoofing and DDoS attacks increasingly function as persistent digital pressure against civilian infrastructure. The issue is not merely IT compromise, but degradation of trust, continuity, predictability, and operational confidence. Therefore civilian infrastructure should be incorporated into national and alliance-level cyber resilience planning. We also need to enhance cooperative defence mechanisms across allied states.

💬 „Organizations like NATO CCDCOE are fundamental because they nurture an information sharing approach, they encourage working together, they raise cyber security awareness. The R&D done in collaborative environments has trickle-down effects on many economies and national security postures, and they are also powerful signalling tools to hostile countries. It’s like NATO saying ’Hello, we’re working on this, we’re collaborating on this, we pool our resources to bolster our collective cyber security, be aware’.”

💬“A recurring assumption in cyber and hybrid warfare discourse is that cyber operations function as tightly coordinated instruments integrated with broader military and political objectives. Yet the papers in this panel collectively raise a more complicated possibility: that much of what we observe may instead resemble persistent strategic pressure against interconnected civilian and operational targets, often without clear synchronization or centralized orchestration.”

💬“Perhaps the defining feature of contemporary conflict is not decisive battlefield confrontation alone, but persistent competition over the trustworthiness, continuity, resilience, and perception of the interconnected systems upon which societies increasingly depend.”

Thank you to our panelists:
🔷 Dr Konstantinos Mersinas, PhD, CISSP (Visiting Professor at Keio University, Associate Professor at the Information Security Group, Royal Holloway, University of London)
🔷Jihye Kim (Research Associate, CODE Research Institute, University of the Bundeswehr)
🔷Francesco Ferazza (Security Researcher, Royal Holloway, University of London)
🔷Lukas Kaltenbach (Air-Force Officer, University of the Bundeswehr)

📺 Watch the panel on Youtube: https://youtu.be/OqkFECU2iVM?si=njYU-Ngq691EjT-w

📌 Cyber Resilience of Energy Infrastructure: Ukraine's Unique Experience under Multi-Domain Threats Ukrainian energy inf...
28/05/2026

📌 Cyber Resilience of Energy Infrastructure: Ukraine's Unique Experience under Multi-Domain Threats

Ukrainian energy infrastructure faces complex, unprecedented challenges daily, ranging from kinetic missile strikes to sophisticated cyberattacks and informational warfare. How do we maintain system integration and stability under the threat of systemic collapse?

To address these critical challenges, the G.E. Pukhov Institute for Modelling in Energy Engineering of the National Academy of Sciences of Ukraine hosted an intensive simulation workshop during .

🛡️ The Wargaming Simulation: Participants were immersed in a rigorous 6-round multi-domain scenario where every consensus-driven decision carried immediate cascading consequences:

🛡️The Challenges: Countering a cyber breach in SCADA systems, mitigating the physical destruction of a massive missile-and-drone strike, managing leaked documents, and executing a complex "Black Start" process to restore the grid.

🛡️The Evaluation: Each strategic choice was dynamically scored across 5 core resilience tracks: operational stability, cybersecurity, inter-agency coordination, public trust, and institutional integrity.

The event brought together leading experts to stress-test these defensive models:

🔷 Prof. Vitalii Zubok and Dr. Andrii Davydiuk actively participated, contributing their extensive expertise to the strategic decision-making processes.

🔷Special thanks to cadet Alona Myshenina from the Institute of Special Communication and Information Protection of the National Technical University of Ukraine “Kyiv Polytechnic Institute named after Igor Sikorsky” for providing flawless technical support.

The synergy between advanced science, seasoned energy experts, and the next generation of cyber defense specialists is precisely what keeps our infrastructure unbroken. Ukraine is not just defending itself; we are pioneering the global standards for comprehensive infrastructure resilience.

Thank you to all participants for their sharp insight, collaborative spirit, and decisive action!

When the Workshop Day started with a bang, the very same could be said about the official Day 1 of . In fact, there wer...
28/05/2026

When the Workshop Day started with a bang, the very same could be said about the official Day 1 of . In fact, there were four “bangs” that made the day engaging, insightful, and truly thought-provoking.

First, under the guidance of Prof Kubo Mačák, Dr Anke Allenhöfer, Anna Joy Beck, Dr Joseph Hatfield, and Prof Gary Corn explored how cyber operations and military AI are testing and reshaping international humanitarian law. The discussion focused on the protection of humanitarian organisations and medical and relief services in cyberspace, the impact of AI on neutrality and cross-border digital infrastructure, and the growing need to embed IHL compliance, human control, transparency, and accountability into emerging technologies.

Second, we turned to battles without borders. Together with Dr Heather Dinniss, Grete Toompere, Cheldon Siqueira, Inna Zavorotko, and Anna Blechova, the conversation examined how international law can keep pace with the integration of artificial intelligence, cyber operations, and multi-domain military technologies. From autonomous systems and battlefield analytics to integrated sensor networks and dual-use infrastructure, the panel explored how core legal principles such as distinction, proportionality, and precautions apply in increasingly interconnected and algorithm-driven forms of warfare across land, sea, air, space, and cyberspace.

Last but certainly not least, the project launched at last year’s CyCon continues to grow from strength to strength. It therefore felt only fitting to dedicate a session to its progress. Prof Kubo Mačák, Dr Jonathan Kwik, Netta Goussac, Prof Gary Corn, Jimena Viveros, and Prof Marco Roscini introduced their work on chapters for the upcoming OUP volume, International Law and Artificial Intelligence in Armed Conflict: The AI-Cyber Interplay. For that, we were truly honoured and glad to have Kim Zetter and Dr Emilie Probasco’s plenary interview about how technology meets humanity, which will be part of the book as well.

Address

Filtri Tee 5
Tallinn
10132

Opening Hours

Monday 08:00 - 17:00
Tuesday 08:00 - 17:00
Wednesday 08:00 - 17:00
Thursday 08:00 - 17:00
Friday 08:00 - 17:00
Saturday 11:00 - 16:00
Sunday 11:00 - 16:00

Website

Alerts

Be the first to know and let us send you an email when NATO Cooperative Cyber Defence Centre of Excellence posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category