2 September 2014

How Will NATO Adapt to Cyber Threats?


25 AUGUST 2014

With increasing cyber attacks on government organizations, NATO (North Atlantic Treaty Organization) needs to wake up to the possibility of cyber warfare, said Boston Globe columnists James G. Stavridis and Dave Weinstein, and this would need clearly defined protocols and a standardized policy.

Fortunately, NATO has acknowledged the rising demands of cyber awareness and announced that it would include defense strategies to cyber attacks in the Washington Treaty. The Washington Treaty, or the North Atlantic Treaty, was signed in April 1949 and acts as the foundation of NATO.

So while NATO prepares for its September summit in Wales, it is coming to grips with the latest type of threat that would put Article 5 of the treaty to test. Article 5 says that an assault on one NATO state means an assault on all of them. It justifies collective defense, and has been invoked just once in September 2001, defending the US after the 9/11 attack.
Evolving Cyberspace

Cyberspace has become an attractive and easy way for nations to carry oout espionage and military campaigns. The inherent anonymity offered by this domain is what makes it so attractive and feasible. NATO countries face significant cyber threats from several countries, especially Russia.

Recognizing cyber attacks as acts of war is just halfway to the development of a reasonable policy. The objective of NATO should be to prevent any acts of cyber warfare. The treaty needs a practical clause that should define cyber aggression and how it can be prevented – whether by individual NATO states or all of them collectively.

The clause should also list the cases that could invoke the Article. For example, without solid proof that Russia was behind a particular cyber attack, it would be difficult to invoke Article 5.

Janine Davidson, a senior fellow for Defense Policy at the Council on Foreign Relations, expressed her views.

“This is new territory but it’s something that is going to have to be discussed. It is very difficult to know how to react to it. It will have to be very much on a case-by-case basis.”

However, ‘we’ll see what to do when it happens’ is not a sound strategy.
Facing the Challenges

In 2007, there were a series of cyber attacks that paralyzed a large part of Estonia. These attacks were seemingly in response to a clash over the relocation of a war memorial. While most cyber experts believed that the Kremlin was behind the attacks, there was no solid proof. Russia denied the involvement and said that the attacks were by independent hackers. Nevertheless, the incident left NATO wondering what to do.

A good starting point for Article 5 would be responding to a cyber attack that causes damage to the infrastructure or results in a loss of life. These clauses should be added cumulatively over time, and not after a case has happened.

Also, NATO policy makers should consider cyber attacks that might be physically harmless but can cause loss of critical information.

For now, NATO and the member states have three main challenges.

First, NATO must decide on a way to integrate cyber capabilities with military activities. The word ‘cyber’ is generally used to define a standalone approach to security, and is not connected to the traditional definition of defense. The main challenge is to integrate cyber policies in military operations – for defense as well as offense. The challenge here is not just technical, but also cultural. Cyber operations are a part of the war and there can never be a complete cyber war without the involvement of military. This is hybrid warfare, and the latest example is the Ukraine crisis.

The second challenge lies in Article 5 itself. The Ukraine crisis shows that it is high time for NATO to replace ambiguity with clarity about the defense plan for cyber attacks. To be a credible military alliance, it must have a realistic policy for cyber warfare. NATO has recently announced that the alliance will update the cyber defense policy. This is a very important decision, however, it must be mentioned what kind of attack would be considered crossing the line and what would be the course of action.

The third challenge is the cyber capability of NATO. There are big differences among the cyber capabilities of various NATO countries. Since it is the dawn of the cyber era, not many countries have advanced cyber techniques and processes. However, there has been a positive trend with the rising cooperation and information sharing within NATO. Since cyber capabilities are built on individual national basis, it will take time for NATO to have a sophisticated cyber defense technique.

With all the recent developments, one thing is clear – NATO would have to refine the definition of threat, and this would send a clear signal to all other countries. The Wales summit next month would be the right place for the adoption of a coherent cyber policy.

No comments: