Reforming NATO's Cyber Acquisition Process

Server room interior in datacenter



Cybersecurity plays a crucial role in the security environment as threats in cyberspace are increasingly complex, sophisticated and persistent. Given the growing challenges posed by criminal, terrorist and state-sponsored actors in cyberspace, there is a pressing need for all sectors and governments to prevent, detect, recover from, and defend themselves against cyberattacks.

Within this context, it is crucial for NATO to have a cyber acquisition process that is responsive to these complex, emerging and agile threats by being adaptive, capable of attracting new entrants and incorporating new technologies. The main challenge of any acquisition process, cyber or otherwise, is in finding the balance of risk between the complexity of the requirement, available resources and time. Each one of these elements may cause unacceptable delay and/or alter the balance of capability available against current or emerging threats.


This project will aim to define the challenges NATO faces in adjusting its cyber capability development and acquisition processes and make recommendations on how to address them. The project team will approach this task in four key phases:

  1. Develop an understanding of the NATO context and identify problems and barriers to effective cyber acquisition;
  2. Generate proposals to improve the responsiveness of the NATO cyber acquisition system;
  3. Generate a proposal of a solid case to adopt a new acquisition model for NATO cyber capabilities; and
  4. Generate a proposal of changes to be made towards permanent innovation, continuous industry/academia engagement and rapid identification of new requirements and acquisition of solutions.

Project Team

Giacomo Persi Paoli (Project Lead)
James Black (Project Manager)
Erik Silfversten
Nathan Ryan
Sarah Grand-Clement