14 June 2018

HOW NATO DEFENDS AGAINST THE DARK SIDE OF THE WEB

Jens Stoltenberg

"OOPS, YOUR FILES have been encrypted!" This was the chilling message that greeted hundreds of thousands of computer users last summer. The WannaCry ransomwareattack brought production to a standstill at Renault factories across France, put lives at risk by attacking hospitals in the UK, and cost companies around the world billions of dollars in lost revenue. The digital revolution has transformed our lives for the better. But this revolution has a dark side: Cyberattacks are now a part of our daily lives. The very nature of these attacks poses a challenge. It is often difficult to know who has attacked you, or even whether you have been attacked at all. And the culprits vary from governments to criminal gangs to terrorist groups and lone individuals. Nowhere is the fog of war thicker than in cyberspace.


In the last few years, hackers have targeted political parties in France, the United States, and elsewhere in an attempt to subvert democracy. They have reportedly posed as ISIS terrorists to threaten the lives of US military wives. In 2016, the French television network TV-5 Monde was forced off the air in a direct attack on free speech.

If cyberattacks were physical attacks, using bombs or missiles instead of computer code, they could be considered an act of war. But instead, some are using software to wage soft-war with very real, and potentially deadly, consequences.

For almost 70 years, NATO has been the bedrock of transatlantic security, whether on land, at sea, or in the air. The same is now true in cyberspace. A cyberattack can now trigger Article 5 of NATO'S founding treaty, which states that an attack on one Ally is an attack on all Allies.

The level of cyberattack that would provoke NATO into a response under Article 5 must remain purposefully vague, as will the nature of our response. A clearly defined threshold only invites attacks immediately beneath it. That is the logic of deterrence. But NATO’s response could include diplomatic or economic sanctions, a digital counter attack, or even conventional force, depending on the nature and consequences of the attack. NATO will always follow the principle of restraint and act in accordance with international law.

Two years ago, NATO leaders pledged to invest more in cyber defense. Since then, almost every Ally has upgraded its cyber defenses, and we see countries like France, Britain and the United States investing heavily in their cyber defenses. NATO is helping all Allies to work together, to pool their knowledge and help each other.

NATO shares information about technological threats in real-time—as we did with the EU, nations and private companies during the WannaCry attack. We are integrating national cyber capabilities into NATO planning and operations. We have Cyber Rapid Reaction teams on standby to assist Allies 24 hours a day, while exercises, research, and training are led by the NATO Center of Excellence for Cyber Defense in Estonia, established after a huge cyberattack took down the websites of Estonian banks, media, and government bodies in 2007.

Being strong in cyberspace is now as important for our deterrence efforts as having strong conventional forces. Deterrence is about making the potential costs of an attack too high and the potential gains of an attack too low.

By agreeing that a cyberattack can trigger an Article 5 response by all Allies, the potential cost of action by an aggressor is high. But we must also lower the potential gains of any attack. Even the most advanced system is only as secure as its users. Some of the biggest cyberattacks have only been possible because of human error—picking up an infected USB drive placed in a parking lot and plugging it into a computer, say, or clicking on a bad link in a phishing email. It is time for us to wake up to the potential dangers.

In the Second World War, the saying was “loose lips sink ships.” Today it is using weak passwords, failing to update software programs, or opening unfamiliar emails. Simple things. But if we get them right, we go a long way to protecting ourselves.

The digital revolution has made our lives better. But, like in the physical world, there are dangers. NATO and NATO Allies are doing everything possible to keep our nations and our people safe, including in cyberspace.

No comments: