NATO Must Meet The Challenge Of Securing Cyberspace

Every organization, government, and business on Earth is dealing with the new threats generated by the connectivity offered through the internet. The Western world, with its immense reliance upon technology, faces an unprecedented challenge. The enemies of the West realize this and have chosen to develop their capabilities in generating chaos in cyberspace. Russia, China, Iran, North Korea, and even formidable criminal organizations are developing teams of hackers to infiltrate networks, steal secrets, and destroy data.

One of the key organizations in the West’s defense against these assaults is NATO. If this treaty organization is going to properly weather the cyber storm on the horizon, it must unify its efforts and coordinate a proper response to what is proving to be another domain of warfighting.

NATO knows this challenge is here and is working to find that proper response. Their page on Cyber Defense says that “The Alliance needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats and attacks it faces.” NATO understands not only the novelty and ambiguity of the threat actors and the systems they target, but also the vast damage that these actors can and will cause. Using these facts as guiding posts, NATO realizes it must “adapt” to this new domain to achieve its defense objectives.

In the Heritage Foundation defense report, “NATO in the 21st Century: Preparing the Alliance for the Challenges of Today and Tomorrow”, Luke Coffey and Daniel Kochis outline an emerging phenomenon called “hybrid warfare” and its cyber component. Hybrid warfare “combines non-traditional attacks, such as cyberattacks and misinformation campaigns, to weaken society and delegitimize government authority.” Because of the differences between hybrid warfare and traditional armed attacks, Coffey and Kochis rightly observe that responses to these hybrid attacks can be quite difficult to formulate properly. Ignoring the problem or seeming indifferent can invite additional attacks, while being overly aggressive and escalating to arms can invite unnecessary conflict.

The innate murkiness of cyber threats is highlighted most effectively regarding Article 5 of NATO’s treaty. This collective defense principle is described by NATO as the “unique and enduring principle that binds its members together, committing them to protect each other and setting a spirit of solidarity within the Alliance.” Essentially, it means that “an attack against one Ally is considered as an attack against all Allies”. What does this mean in cyberspace? Is a cyberattack against an ally a cyberattack against all? Is there a line to be drawn in terms of what a substantial cyberattack constitutes? Cyber consists of unexplored territory such as Article 5, so NATO must endeavor to provide substantive policy to address what they can.

A 2015 cyberattack perpetrated by the Russians against Ukraine outlines just how wary NATO must be in cyberspace. The group behind the attack, nicknamed Sandworm, consisted of members of the Russian’s GRU, a military intelligence agency. They targeted a wide swath of Ukrainian infrastructure, compromising government servers, media outlets, transportation systems, and the electricity grid, resulting in everything from no train services to broken ATMs and blackouts.

Wired correspondent Andy Greenberg, who wrote the book Sandworm about this group, calls the GRU the “most methodical and destructive cyber-force on the planet.” He also claims that the widespread wake of destruction only resulted because Sandworm had intentions beyond intelligence gathering. This same group had previously targeted U.S. industrial control systems in 2014, but stopped short of triggering any physical disruptions, a result they could have pursued according to some experts.

If NATO is going to properly respond to these new cyber threats, it must prioritize efforts to provide controls for both mitigation and prevention. In terms of Article 5, it must keep the fluid nature of its declaration criteria intact but assure ally members that such a declaration is on the table. The ambiguity in this domain must not lead to apprehension or timidity. NATO should also continue to encourage significant cyber defense improvements among allies and pursue robust partnerships with industry leaders. It will be critical for NATO to continue to lean into its existing efforts in these areas.

Pressure must be put on adversarial nations that harbor cyber criminals or take a lax approach to law enforcement in their own country. The relationships between these criminal organizations and their respective nation states often have blurred lines, making efforts to crack down on them even more worthwhile. Importantly, the global nature of cyberthreats must be explicitly recognized. While Russia is a major exporter of cyber chaos, other nations pose grave threats to NATO allies, including but not limited to China, Iran, and North Korea. Elevating these threat actors alongside Russia will help to create a proper cyber threat landscape and better inform efforts to combat cyberattacks.

NATO plays a key part in defending the cyber domain of the West. Failing to secure this new arena would be devastating for the alliance as its adversaries are working tirelessly to undermine it at every turn.