Development of Cyber Forces in NATO Countries

A pivotal moment came when cybersecurity was recognized as a political priority at the Prague Summit in 2002, followed by the Riga Summit in 2006. After the cyberattacks on Estonia in 2007, NATO adopted its first cyber defense policy and, in 2008, established the Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn.

In 2016, at the Warsaw Summit, NATO officially recognized cyberspace as one of its operational domains, alongside land, air, sea, and space. This was a breakthrough in the development of the Alliance’s defense capabilities. Importantly, member states were assigned responsibility and called upon to establish cyber components within their armed forces if they had not already done so. Each country committed to developing competencies to operate in cyberspace to effectively defend both themselves and their allies.  

At the Lisbon Summit in 2010, NATO recognized cyberattacks as a threat to Euro-Atlantic security, and in 2014, at the Wales Summit, cyber defense was incorporated into key elements of collective defense, with the possibility of invoking Article 5 in the event of a serious cyberattack.

In subsequent years, NATO expanded cooperation with the EU, industry, and partner countries. Initiatives such as the NATO Industry Cyber Partnership (NICP), the Cyber Operations Centre (2018), and the Virtual Cyber Incident Support Capability (VCISC, 2023) were established.

In 2024, the NATO Integrated Cyber Defence Centre (NICC) was established at SHAPE, representing another step toward fully integrating cyberspace as an operational domain. NATO now maintains 24/7 rapid response teams, its own cyber infrastructure, and an advanced training system.

A key element is the implementation of NATO’s Digital Transformation Strategy and the development of independent cyber capabilities in member states. The Alliance emphasizes the need not only to respond to threats but also to build national cyber forces as a pillar of collective defense in the digital era.

Development of Cyber Forces in NATO Countries

• Albania does not have a military cyber unit or experience in cyber operations exercises, scoring 0 in this category on the NCSI index.
• Belgium, since 2024, operates an independent Cyber Command conducting defensive and offensive operations, recruiting both civilian and military experts.
• Bulgaria develops capabilities through CICDSC, responsible for communication and cybersecurity at various command levels.
• Canada operates through CAFCYBERCOM in cooperation with CSE, developing the full spectrum of cyber capabilities, including support for NATO.
• Croatian Cyber Command oversees the defense of military networks, cooperating closely with national and international agencies.
• In the Czech Republic Strategic Cyber and Information Operations Command conducts psychological operations and cooperates with civilian agencies.
• Denmark brought to life the CFCS — a tactical-level cyber unit supporting land and air operations. Estonian
• Cyber Command, has been fully operational since 2023, it focuses on defensive and infowar operations, using its own cyber ranges and response teams.
• In Finland, the Armed Forces C5 Agency integrates cyber defense with other operational systems and operates within NATO cooperation.
• France operates via COMCYBER and specialized units like BANC and C2PO, investing billions in cyber personnel development through 2030.
• Germany founded the Cyber and Information Space Service (CIR), headquartered in Bonn with 16,000 personnel.
• In Greece Unit "1864" focuses on defensive cyber operations and public-private collaboration.
• Hungary established a Cyber Operations Centre in 2023, cooperating with NATO CCDCOE.
• Iceland, without armed forces, develops cyber capabilities through the Ministry of Foreign Affairs and international cooperation.
• Italy operates through the Network Operations Command (COR) and the "Rombo" regiment, functioning as the army's cyber police focusing on tactical defensive operations.
• Latvia has advanced units such as MilCERT and CDU, supporting both armed forces and civilian CERT.LV structures.
• Lithuania established LTCYBERCOM in 2025, integrating cyber defense capabilities into the new armed forces structure.
• Luxembourg develops LCDC and Cyber Range, strengthening training and operational capabilities. Montenegro has no military cyber unit yet, planning development by 2026.
• In the Netherlands Cyber Command functions within the army but lacks full offensive capabilities, which remain under military intelligence (MIVD).
• For Portugal COCiber covers the full spectrum of cyber operations, cooperating with CNCS and NATO.
• Romania has a developed cyber command structure with technical agencies and IT command. North Macedonia has no dedicated cyber unit; partially handled by MIL-CERT.
• Norway is developing its Cyberforsvaret component — 1,500 specialists operating from Camp Jørstadmoen, integrating training, operations, and incident response.
• Poland has expansive Cyber Defense Forces with three operational units and support structures under Gen. Molenda.
• Slovakia conducts cyber ops via its Cyber Defense Center under Military Intelligence and CSIRT.MIL.SK team.
• Slovenia has been developing cyber defense capabilities since 2016; plans to establish a cyber company as the main operational unit in 2025.
• Spain's Joint Cyber Command (MCCE) plans to expand to 1,200 personnel by 2030 and develops its own cyber range.
• Sweden is developing military cyber defense units under the defense budget; funding data not public.
• Turkey established the TAF-CERT, central military cyber defense command, it works closely with NATO and national agencies.
• In the United Kingdom cyber operations are led by UK Strategic Command and the National Cyber Operations Centre (NCF), combining GCHQ and military intelligence components.
• United States has the most expansive structure, with USCYBERCOM with six main components and a budget exceeding $1.7 billion in 2025.

New Challenges

With NATO’s membership growing to 32 countries, cyber defense has become a key pillar of Alliance security. Many member states have already established dedicated cyber units, while others are still forming them. Cyberspace has been recognized as the fifth operational domain, highlighting its strategic significance in modern conflicts. Meanwhile, threats, mainly from Russia and China, are increasing, prompting states to invest more in cybersecurity and develop their own cyber forces as a core component of national defense.  

The varying levels of cyber defense/cyber force development among NATO members show that not all states are equally prepared for challenges in this domain. Some have extensive cyber commands; others are only beginning to build the foundations. Given the transnational nature of cyber threats, deepening intergovernmental, civil-military, and private-sector cooperation is crucial. Simultaneously, harmonization of strategies, joint exercises, and the development of both offensive and defensive capabilities within NATO are needed.  

The future of NATO security will not rely solely on conventional strength but also on capabilities in the cyber domain. Building integrated, resilient, and proactive cyber defense structures should be treated as a strategic priority. The Alliance must continue strengthening the cyber capabilities of member states so that cyberspace becomes a fully secure operational domain—on par with land, sea, air, and space.