WASHINGTON – The North Atlantic Treaty Organization is now including cybersecurity in conventional warfare domains, and putting together allies’ cyber and military capabilities to deter cyber attacks that are both surging in numbers and harassing member states’ security.
But, NATO is struggling to find ways to measure cyberattacks and create corresponding tangible actions to deter cyber attackers, according to a senior NATO official.
NATO policy now is that cyberattacks will be defended collectively by members just as other land, sea and air attacks and considered as armed attacks.
NATO Secretary General Jens Stoltenberg explicitly said in a press conference shortly before the beginning of 2017 Summit at Brussels that the organization has decided that a cyberattack can trigger Article 5.
Article 5 of North Atlantic Treaty, as the guiding principle of NATO, says that any armed attacks against any member country will be considered attacks against all member countries. Once NATO reaches a decision to invoke Article 5, member countries will take collective military operations against the one attacking country. Since NATO was established in 1949, Article 5 was invoked only once — after the September 11 terrorist attacks.
But NATO has not solved the problem of forming a series of standards to evaluate if any cyberattack can invoke Article 5 and how NATO should react, the senior official said.
First, NATO has to decide if an attack can be considered as clearly targeted at NATO’s communication systems or just suspicious in its purpose. Then it has to decide if the case is severe enough to have member countries fight back with physical attacks, and more importantly, how much of the military capabilities should be used to ensure it is not a bigger reaction that the attack.
A senior cybersecurity analyst at the Atlantic Council said that if cyberattacks are to be defined as armed attacks, they need to cause physical effect that significantly injured civilians.
According to NATO’s fact sheet updated last month, the majority of cyberattacks came from other nations. In 2016, there was an estimated 60 percent increase in the number of cyber attack incidents compared with 2015 – about 500 incidents every month. The number for 2017 has not been made public yet.
“We must be just as effective in the cyber domain as we are on land, sea, and in the air, with real-time understanding of the threats we face and the ability to respond however and whenever we choose,” Stoltenberg has said.
NATO now has a special cyber defense center to facilitate the information exchange among ally countries.
The senior NATO official said that in general, the information-sharing process among members tends to be hard. He explained that some of the information would not even be fully shared in a member country’s government, making it hard to share with NATO. He also said that NATO has a policy says that it can only take the intelligence information given by member countries instead of asking them to turn in specific information.
The creation of the center also sparked argument over the use of cyber weapons, which would be considered offensive actions that violate NATO’s fundamental role as a defensive organization.
The argument originated from a story on Foreign Policy news website that was written by retired Air Force Col. Rizwan Ali.
The center, as a major policy shift, “sends a message to the world, especially Russia, that alliance members both possess and have the will to use their cyber capabilities and weaponry during military operations,” wrote Ali in the article.
NATO spokesperson Oana Lungescu responded that NATO would remain defensive and “not taking a more aggressive approach on cyber defense.”
NATO’s cybersecurity fact sheet echoed that sentiment, saying that “the recognition of cyberspace as a domain does not change NATO’s mandate. As in all operational domains, NATO’s actions are defensive, proportionate and in line with international law.”