Sending a Clear Message

Estonia's CR-14 cyber range
The CR-14 cyber range in Tallinn was established by the Estonian Ministry of Defence in January 2021. It a major centre of excellence in cyber defence and is used by NATO for cyberspace exercises. (NATO photo by DEU OR-5 Maiwald)

NATO is developing new messaging standards protocol for cyberspace operations which could soon complement the Alliance’s existing messaging formats.

The North Atlantic Treaty Organisation (NATO) uses a variety of written standardised messaging formats to share tactical data within and between alliance and allied militaries. These messages are sent across Tactical Datalinks (TDLs) like Link-11. Link-11 is hosted on radio networks using frequencies of two megahertz/MHz to 29.9MHz and 225MHz to 399.975MHz. This TDL mainly supports naval operations and is gradually being replaced by Link-22. The latter uses the same frequencies but carries more data than Link-11 and hosts more participants on individual TDL networks. NATO’s Link-16 tactical datalink uses frequencies of 960MHz to 1.215 gigahertz/GHz and mainly supports air operations.

The formats of the messages shared around these networks is standardised. From an interoperability perspective this makes sense. It ensures everyone shares the same information in the same way reducing risks of confusion or ambiguity. Link-11/22 uses so-called ‘M-Series’ messages and Link-16 ‘J-Series’ messages. The technical specifications for these messages are stipulated in NATO’s APP-11 message catalogue. NATO’s Information Exchange Requirements Harmonisation Working Group is APP-11’s custodian.

Article 5

Alliance cyber defence is one of NATO’s responsibilities. In 2014, alliance heads of state and government endorsed an enhanced cyber defence policy at the NATO Summit in Newport, south Wales. The summit saw NATO affirm a policy regarding cyberattacks and Article-5. This article of the 1949 North Atlantic Treaty “commits each member state to consider an armed attack against one member state … to be an armed attack against them all.” NATO’s affirmed that Article 5 applies “in case of a cyberattack with effects comparable to those of a conventional armed attack.”

Part of NATO’s implementation of this policy is regular exercises refining and enhancing the alliance’s cyber defence posture. Between 28th November and 2nd December 2022 NATO held its Cyber Coalition exercise in Tallinn, Estonia. The week-long initiative involved 1,000 cyber defenders from 26 alliance members, according to a NATO press release. Future NATO members Finland and Sweden sent participants as did Georgia, the European Union, Ireland, Japan, the Republic of Korea and Switzerland. Cyber Coalition 2022 explored “emerging and disruptive technologies, in support of military operators and commanders,” the press release continued. These technologies included cyber messaging standardisation to ease information sharing.

Cyber Messaging

Much as Link-11/22 and Link-16 does in the tactical world, NATO is working to define a standard to easily share cyber defence information within and between its members. Dr. Alberto Domingo, NATO’s Allied Command Transformation cyberspace technical director, told Armada during the exercise that this messaging standard will eventually be enshrined in APP-11. He expects it to start being used by NATO members and the alliance writ large before then with implementation taking around one year. Messaging will facilitate cyber information and intelligence sharing, and automated exploitation of that information.

NATO cyber warriors at Cyber Coalition 2022
NATO is developing a messaging standard for cyberspace operations similar to messaging protocols used for tactical datalinks like Link-11/22 and Link-16.

Dr. Domingo said the aspiration is for this cyber messaging standard to closely replicate the architecture of J- and M-Series messages. The goal he says is to develop the cyber messaging format to at least Technology Readiness Level-8 (TRL-8). Standard definitions stipulate TRL-8 as a system being qualified and its development complete. Dr. Domingo is hopeful the messaging standard can then be tested during NATO cyber exercises in 2023.

The expectation is that NATO will initially use this messaging format to move information easily between national cyber threat databases. Over time, the format could expand to include cyber defence command and control information, ISR (Intelligence, Surveillance and Reconnaissance) data, and response information. In this way, the messaging format will mimic the tactical information shared around existing NATO TDLs. Like these TDL standards, the cyber messaging format uses very little bandwidth, Dr. Domingo added. He said that the messaging standard is likely to support operational/tactical cyber missions on the battlefield. This is important given the convergence of cyber warfare and electronic warfare missions at these levels of war. These latter subjects are discussed on more detail in our Putting the C into CEMA article.

by Dr. Thomas Withington