By: Mark Pomerleau
NATO has declared cyberspace a domain of warfare it must operate in and called on the integration of cyber alongside operations. However, as a defensive alliance, it has declared it won’t seek offensive cyber capabilities itself, instead relying on the capabilities of voluntary member states.
This approach, while not insurmountable, poses significant challenges to operations, experts claim.
“The idea of sovereign cyber effects provided voluntarily by allies is good. But … that will not fall under the command and control of the actual NATO commander,” David Bailey, senior national security law advisor for Army Cyber Command, said Nov. 19 at the 2019 International Conference on Cyber Conflict U.S. (CyCon U.S.) in Arlington. “It will still fall under the command and control of the country that contributes. In my mind, it’s going to be difficult to achieve that level of coordination that we’re used to in military operations, even in a NATO context.”
Sovereign cyber effects provided voluntarily by allies is the concept NATO is looking to implement. Cyber and NATO experts have explained that if a cyber effect is needed for a particular operation, those with the capability, capacity, authority and access will volunteer to provide it on behalf of the alliance.
Several experts have said members states that are both willing and capable of offensive operations number about a half dozen.
Speaking at the same event, Massimiliano Signoretti, NATO Cooperative Cyber Defence Centre of Excellence office of the staff judge advocate, noted additional complexities and friction involved in this approach. First, he foresees difficulties in the confidence of a commander, who ultimately doesn’t possess the cyber capabilities, to approve and employ them. Moreover, there could be difficulties in maintaining the confidentiality of the nation that is providing the capabilities to that commander.
NATO opened a Cyber Operations Center in August 2018 to provide situational awareness in cyberspace, plan allied cyberspace operations and manage the execution of operations.
No comments:
Post a Comment