With the massive and still growing integration of information technology into all aspects of military and civilian products, workflows and processes, comes a rapidly growing need to establish and continuously enhance capabilities to guard and protect them. Cyber-attacks are happening on a daily basis and building up resilience against them is the only way forward. The question is no longer if one will be targeted but how to deal with attacks and their consequences in the best way. While NATO has released its first Cyber Defence Policy back in 2008 and the EU published its inaugural Cyber Defence Policy Framework in 2014, cyber defence is, compared to the traditional domains of Land, Air and Sea, still a relatively new area of activity. Luxembourg wants to position itself as a strong partner in this area and has set up a cyber defence strategy accordingly.
Luxembourg Cyber Defence Strategy
The 10-year long-term Luxembourg Cyber Defence Strategy, co-written between the Directorate of Defence and the Luxembourg Armed Forces, is nested within the National Cybersecurity Strategy and aims to enhance the resilience of Luxembourg Defence by protecting its assets and capabilities from malicious cyber activities. Emphasis is placed on:
- upskilling our workforce
- enhancing national resilience in cyberspace
- supporting private sector capability
- honouring our NATO and EU commitments
- and strengthening our engagement with Allies and partners.
This will ensure a sustainably resourced approach to integrating cyber defence across Luxembourg Defence and will set the conditions for Luxembourg to develop expertise and capabilities - also to the benefit of Allies and partners.
The Cyber Cell
The Cyber Cell of the Directorate of Defence works on the implementation of the Luxembourg Cyber Defence Strategy and represents the Directorate of Defence in national and international cyber related meetings, working groups, committees and other activities. The cell collaborates closely with national and international partners.
The Cyber Cell develops, manages, implements and operates various projects which are derived from the objectives of the Luxembourg Cyber Defence Strategy. Examples of developed capabilities are presented below.
Luxembourg Cyber Defence Cloud (LCDC)
Luxembourg Defence is currently working on a new cloud computing project: the Luxembourg Cyber Defence Cloud.
The LCDC will be hosted in secure data centres in Luxembourg, with a level of protection that meets the highest international standards, providing highly secure and available computing and storage capacity. This means that de LCDC can store both unclassified and classified information in multiple cloud environments for each classification level. The LCDC will be a private cloud environment, which means that it will only be accessible on a private network and not via the Internet.
The idea is to create multi-tenancy environments for the different users of the LCDC, allowing beneficiaries to use the same cloud infrastructure to store and process their data, while ensuring that no other beneficiary can access their information.
The LCDC will provide a platform that is compatible and interoperable with different technology solutions from different providers. This approach, known as "multi-cloud", aims to reduce dependency on a single supplier.
The LCDC will be operated for the benefit of the Luxembourg Defence with the support of the NATO Support and Procurement Agency (NSPA) for managing the contracts with the various external contractors required for the implementation and operation of cloud environments.
The total budget for the project, amounting to a maximum of 250,360,323 euros, will be spread over a period of twelve years, from 2024 to 2035.
The Luxembourg Cyber Range
Training and Education is one of the pillars of Cyber Defence. The Luxembourg Cyber Range, officially inaugurated in October 2021, is a multi-purpose platform mainly used for 3 scenarios:
- Exercises: Allow the users to experience the heat of realistic cyber conflict scenarios. Exercises are used to demonstrate and develop cyber security skills by dealing with the challenges but also to test and improve existing procedures and workflows.
- Trainings: Train, develop and test cyber security skills from a large range of domains and technologies.
- Security testing and benchmarking: Conducting cyber security tests and benchmarking of technologies or architectures allows a better understanding of already existing and planned new cyber security solutions.
The Luxembourg Cyber Range can be used free of charge by its target audience, which includes national authorities, national governmental entities, national cybersecurity actors, national education and research entities, national critical infrastructure operators and operators of essential services, NATO Allies, EU partner nations, international institutions linked to the defence sector (EU agencies, NATO agencies, centres of excellence) and humanitarian organisations.
More information about the Luxembourg Cyber Range is available on the Luxembourg Cyber Range web site.
Cyber Security Policy Chair
In April 2022, the Directorate of Defence and the University of Luxembourg have signed a Partnership Agreement to establish a cyber security policy chair. The Chair will be established for a period of 5 years, beginning in September 2022.
The Chair is hosted within the Department of Law at the Faculty of Law, Economics and Finance and will focus on more policy-oriented issues such as legal and political aspects at the intersection of digital technologies and networks, data protection, cybercrime, cyber defence, contract law, intellectual property law and human rights.