When you’re in the race to defend nations there’s no prize for second place. General Manager of the NATO Communications and Information Agency (NCI Agency) Major General (rtd) Koen Gijsbers is highly aware that the organisation always needs to be at the “winning edge”, particularly when it comes to cyber defence. As he explains, “If a bank is under attack we lose money. If the defence domain is under attack, we might lose lives and we don’t want to be responsible for that.”
Fortunately, Koen’s military background has given him plenty of experience with handling such threats. Koen joined the Royal Military Academy in the Netherlands at the age of 18. In 35 years of service he held various military command appointments, including the position of CIO of the Netherlands Ministry of Defence; and assistant chief of staff for NATO’s Allied Command Transformation. His main focus as the CIO for the Netherlands Ministry of Defence was the rationalisation of all IT services. He was also a member of the national Cyber Board, and the National CIO Board, where he was responsible for the information security policy for the entire Dutch government. In July 2012, he was appointed the first general manager of the newly established NCI Agency.
IT is underestimated
The role that IT plays in defence is often underestimated. But NATO’s investment budget shows just how important it is to the organisation’s mission, with about half allocated to IT, points out Koen. “It’s a huge investment in command and control facilities because we need to be quicker, faster, and better at sharing data between the different member nations and between the forces of those nations.”
A case in point, Koen says the agency is building a missile defence architecture capability that allows it to intercept foreign missiles. “That is growing so fast that we need all the sensors to report to a command and control system so that people can make decisions within minutes, not in hours or days, because then it’s too late. We can only do that with very high-level and highly professional and secure IT.”
Fighting fit
While industry builds the IT capability, the NCI Agency is responsible for its design and delivery. The agency also plays a pivotal role in developing the standards and interoperability that allow NATO and its member nations’ systems to communicate with each other. As Koen explains, the need to encrypt all the traffic makes it more difficult to have “plug and play” solutions. “If one nation uses a different crypto to another then they can’t talk to each other.”
“Increasingly we are looking to the world of small-to-medium enterprise and even some start-ups to help us deliver very sophisticated designs rather quickly. In the cyber domain it’s important to have the agility to implement your solutions quickly.” – Major General (rtd) Koen Gijsbers
In the next few years NCI Agency will be investing about €3 billion to ensure that NATO’s IT is fighting fit. Koen says each year it will work on about 800 projects simultaneously, with a turnover of almost €1 billion. About two-thirds of that annual expenditure flows through to industry. “We develop the technical designs and then we go to industry to build it for us,” he says.
NCI Agency’s providers include those delivering commodity IT, such as Microsoft, as well as integrators that specialise in the defence domain. Plus, Koen adds: “Increasingly we are looking to the world of small-to-medium enterprise and even some start-ups to help us deliver very sophisticated designs rather quickly. In the cyber domain it’s important to have the agility to implement your solutions quickly.”
Industry engagement
Maintaining those relationships means engaging with industry at several levels, he says. NCI Agency holds an annual conference with industry providers to not only inform them on what NATO is planning, but also so that NATO understands what its industry partners are capable of delivering. “We need to have that understanding early in the process before we get to the competition stage.”
The Agency also holds the NIAS NATO Information Assurance Conference annually, which is an in-depth technical discussion with industry on cyber solutions. It draws about 1,500 participants each year. Koen communicates regularly with industry leaders to ensure it draws the best of the industry. “We often have new, very specialised high-tech work,” he says, adding that a company that delivers successfully to NATO will be visible to all of the member nations. “The market of those 28 nations is much bigger than the market of the agency alone,” he says.
Bold decisions
The next 12–18 months will be extremely challenging for the agency as it implements some of the bold decisions NATO has made recently. For starters, NATO will be moving from a traditional decentralised IT architecture to a secure cloud. “That is a very complex change management process that will require a lot of attention as we will replace almost all of the IT infrastructure,” he says. He expects the job will not only require his focus but that of his successor as well.
At the same time, the organisation will be further developing its partnerships with industry on the cyber defence front. In 2016, SC Magazine recognised the NCI Agency cyber team by honouring it with a number of the European cyber industry’s most prestigious awards.
It also has some former ethical hackers working for the organisation. “If you want to be able to defend, you need the knowledge of how to attack, so that is why we use people that have been ethical hackers,” says Koen. “From a technical perspective we have implemented one of the best cyber security architectures in the world,” he says. “My concern is not the quality of the tools but the speed of innovation we can apply to improve the tools when new forms of attack arise.”
Working in partnership
To facilitate rapid innovation, at the Wales summit in 2014 the 28 member nations agreed to set up the NATO Industry Cyber Partnership (NICP). It allows NATO to share data with industry partners and large IT providers such as Cisco, Symantec and BT so they can be better prepared for cyber attacks. “I have regular meetings with CEOs of cyber-related companies to exchange ideas and put energy into this process because most organisations find it easier not to share that data.”
Koen says his military background taught him the benefits of working in partnership with other organisations to get something done. “You only get things done when you have a common goal and you work together to reach that common goal.” His years of military service have also equipped him to lead his team through complex challenges. “Working as a commander in the military domain you have to be able to delegate and trust your staff. If people have to ask for permission to do something you will not be agile; you will not be able to reach your objectives; and then the enemy will have an advantage,” he says.
It’s an approach that applies equally in the NCI Agency context. “I think a leader has much more of a supporting role. You give direction but at the same time you should not micromanage. It doesn’t work in military operations and it will not work in a complex organisation like NATO.”
Motivation + ambition = success
Fortunately, Koen knows a thing or two about motivation. A former Olympic athlete, he still holds the Dutch record for the 4×400 metre relay. It’s an achievement that requires far more than talent, as Koen points out: “It takes a lot of work, dedication and focus. You have to be able to visualise the end stage because that gives you the drive and motivation to persevere.”
Those experiences have also shaped the way Koen handles his leadership responsibilities. “If you want to be successful you need to be a bit more ambitious than you think is realistic. That will empower all of the creative powers within your team to make it happen.” He’s seen that process in action recently as the team worked to deliver new command posts for eight nations ahead of the NATO Summit of Heads of State and Government in Warsaw, held in mid 2016.
“We had to deliver new command posts on the eastern side of Europe in an incredibly short time. Our people came up with innovative solutions using cloud technology and, after also collaborating closely with the nations, succeeded in getting it done on time.”