Episode 1: General Michel Van Strythem – Belgium

Can you briefly introduce the Belgian Cyber Command? What is its history, its role within the Belgian Armed Forces, its current workforce, and the scope of its missions?

The Cyber Command was inaugurated on October 19, 2022, at the Proximus Hall in Evere (Brussels). The former Belgian Chief of Defense (CHOD), Admiral Michel Hofman, had suggested to the Minister of Defense, Ludivine Dedonder, to establish Cyber as the fifth full-fledged Component of Defense. The establishment of the Cyber Command within the General Intelligence and Security Service (SGRS) was part of a detailed roadmap included in the government agreement and the various policy notes from the Minister of Defense.

In line with the operational domain of “Cyberspace” defined by NATO and the EU, the Cyber Command covers three capability layers: the social influence virtual layer, the logical IT layer, and the physical IT and electromagnetic layer.

The Cyber Command is active in the field of defensive cyber operations (cyber or logical layer of cyberspace). It also combats disinformation in cyberspace. It participates in a federal-level working group monitoring disinformation attempts organized from abroad, for instance, during the Belgian electoral process. Finally, in the physical layer of cyberspace, the Cyber Command supports the electromagnetic warfare missions of various components and leads the development of their capabilities in this area.

Our missions are as follows:

  • At the level of the SGRS and Defense, executing missions in cyberspace to conduct various types of operations (prevention and defense against cyber-attacks, intelligence gathering, or effect generation).
  • Supporting other Components and the entirety of Defense by ensuring the coherence and implementation of all protective measures and resources in cyberspace (networks, weapon systems, logistical support, units, and personnel).
  • In line with the federal cybersecurity strategy, the Cyber Command is increasingly called upon to play a supporting role in close collaboration with the Belgian Cyber Security Center (CCB), particularly in the event of a national crisis potentially affecting the country’s critical infrastructure. Currently, it provides technical expertise, for example, in judicial investigations alongside the Police and the Federal Prosecutor’s Office. Regarding cyber influence operations, the Cyber Command also collaborates on a disinformation platform chaired by the National Crisis Center (NCCN).

We are not authorized to disclose the workforce numbers of the SGRS or the Cyber Command. However, we can affirm that we plan to recruit hundreds of additional personnel in the coming years with a variety of profiles, not limited to technical roles.

What are the main challenges faced by your structure? Can you rank the most critical threats, whether they involve human resources, the evolution of cyber threats, system resilience, national and international coordination, or budget constraints?

Human capital is the Cyber Command’s primary asset and the key to the successful development of our new Component. To attract the profiles we seek, we have developed professional communication strategies and organized a series of events in civilian settings, where we directly engage with potential candidates.

We are, of course, competing with the private sector for recruitment, but we have unique advantages to offer, such as the societal impact of our missions, work-life balance, and a training catalog unmatched in Belgium, allowing our new recruits to grow alongside us.

Recruitment figures are positive. Our workforce has grown by over 30% since the Cyber Command’s creation, which is encouraging. However, this does not mean we can relax our recruitment efforts.

Regarding the evolution of threats, we must address today’s challenges while anticipating those of tomorrow. This is why, since the creation of the Cyber Command, we have developed partnerships with academia (ERM – Royal Military Academy), research institutions (various universities in the country), and industry (Agoria – the federation of technology companies). In the same spirit, we opened the first “Cyber Defense Factory” in Charleroi within a business incubator to integrate into the regional cybersecurity ecosystem. I should mention that we were partially inspired by the French model, though we adapted it to Belgian specifics.

The government has allocated resources for the development of the new cyber component. Under the STAR plan, linked to the military programming law, a budget of €139 million has been allocated, along with more than €133 million for electromagnetic intelligence (SIGINT) and over €12 million for open-source intelligence (OSINT).

How do you ensure interoperability between cyber units and land, air, and naval forces? What difficulties arise in integrating cyber operations with traditional military actions at strategic, operational, and tactical levels?

Ensuring interoperability between cyber units and other forces is a work in progress based on several factors:

  • Prioritizing inter-domain coordination so that different forces can share intelligence and capabilities.
  • Developing common and clear doctrines adapted for times of peace, crisis, or conflict. These doctrines must integrate operations in the cyber operational domain into military strategies.
  • Organizing joint training exercises to test and adapt cyber capabilities in relation to other units. The Cyber Command’s participation in numerous projects and exercises, both national and international (Locked Shields, CRRT, etc.), is indispensable.
  • Developing compatible platforms to enable effective communication with other forces. Maximally standardizing tools and infrastructures will facilitate coordination.

We face certain challenges. For example, there is the risk of unintended escalation due to the difficulty of attributing cyberattacks. There is also a lack of coordination between command chains due to their fragmentation. Additionally, the time required to implement certain capabilities is constrained by technical limitations. The volume of information to process can also slow operational responses.

Cyber operations can serve as tools of deterrence, but their operational and tactical integration remains limited and complex. To maximize their impact while minimizing risks, a coordinated and adaptive approach is essential, involving reinforced governance and risk management mechanisms.

Recruitment is a major challenge in cybersecurity for both public and private actors. What difficulties do you face, and what initiatives have you undertaken in this area?

I like to say that we are a kind of laboratory for recruitment. We participate in various recruitment-oriented events with the other Components of Defense. Additionally, we have taken the initiative to organize our own events with our industry and research partners in civilian settings, such as in Charleroi and Brussels. We do not wait for candidates to come to us; we proactively seek them out.

We have also organized two editions of the “Cyber Summer School,” where we select young students for a week-long cyber summer university at the Royal Military Academy. The program includes cyber content as well as recreational and athletic activities to immerse students in various aspects of military life.

We multiply initiatives to connect with young people: we have created multiple social media accounts and a specific recruitment email address. We recently launched a new SGRS website featuring cyber news.

In France, a parliamentary report highlighted the state’s and Ministry of the Armed Forces’ significant dependence on “big tech” (cloud, AI, etc.). Is this a concern for you? How do you manage and control these technological dependencies?

As reflected in discussions during conferences with other NATO or EU partners, major technologies play an important role. We closely monitor these developments.

In these interactions, sovereignty and interoperability are central themes. The current geopolitical context underscores the strategic importance of these aspects, which are critical not only for today’s cybersecurity but even more so for the future.

Public-private cooperation is strategic in cyber defense, whether for technology development or ensuring ecosystem security. What types of partnerships do you develop with the private sector and economic actors? Do you think the DIANA initiative can better integrate private sector innovations into the military framework?

As we have mentioned, and as is the case in many countries, resilience in cyber defense necessarily relies on close cooperation between the public and private sectors. It is important to emphasize that when we talk about the private sector, we are not just referring to well-established large companies but also to encouraging innovation in the cyber domain. This involves actively supporting national academic and entrepreneurial innovators. This need is perfectly summarized by the Cyber Command’s mantra: “Cyber Force Through Partnerships.”

In this spirit, we established the Cyber Defense Factory, located at the heart of a technological ecosystem, close to training centers and universities. Additional “Cyber Defense Factories” will be established across the country to bring us closer to innovation hubs, academic environments, and the specific needs of public and private stakeholders.

Our partnerships are inspired by the proven Triple Helix model, combining collaboration between government, private sector, and academic research. As you rightly point out, ensuring the security of this ecosystem is a critical issue we actively address. The projects we develop are varied: analysis of cyberattack cases, detection of disinformation campaigns, and advanced cryptography research. The key is to address each partner’s specific needs while assessing the impact of joint initiatives.

Although the first Cyber Defense Factory was launched only recently, within six months it has already hosted innovative collaborations made possible by this structure. It draws significant inspiration from the model established in Rennes a decade ago. Furthermore, France’s Directorate General of Armament has demonstrated the importance of supporting innovation in the defense sector, an example we must actively follow.

In our interactions with public and private partners, we often encounter a lack of awareness regarding the dual-use potential (civilian and military) of the technologies they develop. In this regard, the DIANA initiative is particularly relevant. DIANA aims to better integrate civilian innovations into the defense domain, a crucial objective. However, achieving this requires raising innovators’ awareness of dual-use opportunities and reassuring investors about their involvement in the defense sector.

In this sense, DIANA represents an opportunity to strengthen innovation among NATO member countries, which is more essential than ever in the current context.

The advent of quantum computers necessitates the adaptation of our encryption algorithms. Do you think this issue is being adequately addressed at the national and European levels?

The advent of quantum computers presents a significant challenge for all encryption systems, but Belgian and European authorities are aware of it. Security actors such as the Belgian Cyber Security Center (CCB), the State Security Service, and Defense, as well as European entities like ENISA, are working on post-quantum solutions in collaboration with academic research and industry.

Implementing these solutions on a large scale remains a real challenge. While quantum-resistant algorithms have been developed, they lack maturity for widespread adoption. Their robustness must still be validated against future cyberattacks. Additionally, they will need to be optimized to function effectively within often outdated and complex infrastructures. These developments require close collaboration among research institutions, industry, and public entities, where each actor plays a key role. Partnerships are thus essential for ensuring the transition to the post-quantum era. All stakeholders are well aware of this, but much work remains to be done!

A network of military CERTs has been established at the European level to strengthen member states’ interoperability. What are the current and expected benefits of this initiative? How can interoperability in this area be further reinforced?

Due to the highly sensitive nature of operational information, military environments take more time than civilian CERTs to develop such collaboration. However, extending best practices in information sharing, as seen in the civilian sector, remains a primary goal. The EU’s cyber defense policy aims to maximize military cooperation among member states, which, in turn, will enhance Europe’s cyber resilience.

One practical difficulty in strengthening interoperability is the significant diversity among member states. This diversity manifests in the national organization of the cyberspace domain, varying legislation (and therefore authorizations and responsibilities), and differences in procedures and tools. The European Defence Agency (EDA) organizes periodic exercises aimed at identifying areas for improvement in collaboration and discussing practical, realistic solutions for all member states.

Regarding interoperability, we can highlight the successful deployment of CRRTs (Cyber Rapid Response Teams) in Moldova in October, which helped secure the presidential election and EU referendum. Our Cyber Command actively collaborated on this mission with its European colleagues.

Several collective mechanisms have been established at the European level, such as the Cyber and Information Domain Coordination Center (CSP/CIDCC) and the Cyber Rapid Reaction Team (CSP/CRRT). Does Belgium intend to participate in these programs?

Belgium has historically been a highly committed player in European cybersecurity initiatives, actively supporting collective efforts to enhance resilience against cyber threats. Regarding the programs mentioned above, Belgium is currently an observer state in the PESCO CIDCC project, hosted at the Royal Military Academy in Brussels until next summer. Regarding the PESCO CRRT project, Belgium participates as an official member.

The conflict in Ukraine has highlighted the key role of the American “cyber umbrella” through operations like “Hunting Forward.” How can Europe strengthen its position while collaborating with the United States?

The conflict in Ukraine has indeed revealed the importance of cyber defense in modern warfare, notably through initiatives like the U.S. “Hunting Forward” program. This program illustrates the importance of international cooperation in combating cyber threats, where multiple countries can rely on their partners’ expertise.

Additionally, European cyber commanders regularly meet within a specific forum linked to EU presidencies, the EU CyberCO Forum. This forum aims to foster cooperation and coordination among EU member states, EU institutions, and other stakeholders in cybersecurity. One of its main objectives is to enhance capabilities in the field of cyber defense.

In an EU context, trust is a necessary condition for sharing information on a broad scale. It is clear that cooperation and information sharing are the only ways forward.

To strengthen its cyber defense position, Europe could consider several key strategies: enhancing European autonomy in cyber defense while developing strategic partnerships with the United States, which will always remain an important partner. Canada and the United Kingdom are also important partners. Cyber is a global threat, and only a strong partnership between the two continents can ensure robust and effective defense against current and future cyber threats, without neglecting partners in the Indo-Pacific region.

What complementarities do you see between building a European cyber defense and the capabilities developed within NATO?

Building a European cyber defense and the capabilities developed within NATO must strategically complement each other without duplication to strengthen Europe’s overall cyber defense. NATO has already implemented initiatives to integrate cyber defense into its defense strategies, such as the Cyber Defence Pledge. The Cyber Defence Centre of Excellence (COE), based in Tallinn, Estonia, plays an important role in this context. This approach strengthens member states’ cyber defense while creating a cooperative framework for information sharing and best practices.

The EU, on its part, has developed policies such as the NIS 2 Directive to strengthen cybersecurity at the European level. NATO and the EU must work more closely together to align their policies and strategies, ensuring a coherent response to cyber threats.

An important part of cyber defense involves protecting critical infrastructure (energy, transport, health, telecommunications, etc.). The EU, with its ability to impose directives, plays a key role in Europe’s civilian resilience. NATO, with its expertise in military defense and crisis management, can provide technical and strategic support for critical infrastructure defense while implementing rapid response mechanisms in case of an attack. Together, the EU and NATO can ensure that European infrastructures remain functional during major cyberattacks.

The EU and NATO could also strengthen collaboration in cyber intelligence by sharing information on emerging cyber threats and potential attacks. NATO member countries have access to high-quality intelligence sources. The EU could facilitate cooperation with NATO by developing information-sharing mechanisms that respect state sovereignty while enabling the rapid detection of cyber threats.

NATO has a well-established collective defense mechanism, where a cyberattack against one member can trigger solidarity. This was reinforced by the designation of cyberspace as an operational domain in 2016. The EU, meanwhile, seeks to strengthen its own mechanisms for responding to cyberattacks through initiatives like ENISA (the European Union Agency for Cybersecurity) and places a strong emphasis on cooperation with civilian actors such as national CERTs.

One of NATO’s strengths is its members’ ability to interact coherently and interoperably within a military framework. The EU could leverage this interoperability by developing cybersecurity solutions compatible with the protocols and cyber defense systems developed within NATO.

In conclusion, building a European cyber defense and NATO’s cybersecurity capabilities are complementary as they address different facets of cybersecurity, both military and civilian. While NATO ensures collective and interoperable defense against cyber threats as a military alliance, the EU focuses on the resilience of civilian infrastructures, regulation, and cooperation with civilian and military actors. The complementarity between these two entities will enable Europe to integrate into the global cybersecurity ecosystem.

In terms of cyber doctrine for Western countries, the Tallinn Manual is often considered authoritative, though there are nuances among countries, particularly regarding “hack back” policies. Are there other doctrinal works launched at the European level? Would this be necessary, in your opinion?

First, I do not consider the Tallinn Manual to be a doctrine. While international humanitarian law, particularly the law of armed conflict, is generally applied and could be included in a broad definition of doctrine, I would not say that the law or its interpretation specifically falls under this notion.

The Tallinn Manual is primarily an academic reference document concerning the application and interpretation of existing international law in the cyber domain – and not a strictly doctrinal text.

Moreover, in the legal domain, the European Union recently adopted a common position on international law applied to cyberspace. However, I would not consider this a doctrine in the military sense either. At the national level, countries’ positions are increasingly developed, including in Belgium.

Finally, regarding the last question on the necessity of a specific legal framework at the international law level, after extensive discussions with our Cyber LEGADs (legal advisers specializing in the operational cyber domain), I would say that it is not essential. In my view, existing international law is sufficient to address most issues and concerns. To go so far as to assert that a new legal framework for cyberspace is necessary could even be counterproductive, potentially introducing a less protective system than the existing one, which merely requires interpretation.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.