Cyber Attribution Could Tear Apart NATO

Uploaded on 2019-03-07 in INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

The United States still struggles to find effective policies for deterring cyber-attacks. Suggestions run the range from more widespread use of indictments and economic sanctions, despite their lackluster record of success, to less traditional but more risky policies that emphasise the asymmetric advantage America has in conventional military power.

Most of the discussion of cyber deterrence focuses on preventing a single catastrophic or cascading cyberattack that would threaten lives like disruptions to electricity transmission or clean water, altering election outcomes or grinding global finance to a halt. 

Yet the reality is that in the event of such an attack, the response would likely not come from the US alone but from the NATO alliance in concert. NATO’s cyber-defense mandate has evolved over time to update its collective defense commitment under Article V of the North Atlantic Treaty for the era of cyberattacks. 

In the latest effort to collectively impose costs on adversaries, the 2018 NATO Summit saw a commitment from heads of state and government “to integrate sovereign cyber effects, provided voluntarily by Allies, into Alliance operations and missions, in the framework of strong political oversight.” 

The newly updated White House National Cyber Strategy likewise envisions working together with a “coalition of like-minded states” to “ensure adversaries understand the consequences of their malicious cyber behavior.”

Therein lies the rub. Both formal alliances, such as NATO and more ad hoc arrangements, such as what the Cyber Deterrence Initiative imagines, will require members to share intelligence and eventually, to the best of their ability and perhaps in different domains, contribute to joint action against a presumably well-armed foreign aggressor. 

States including the United States, the United Kingdom, the Netherlands, Estonia, and Denmark have publicly declared their willingness to lend sovereign offensive cyber effects to deter, defend against and counter the full spectrum of threats.

Sharing intelligence and information is a key element of NATO’s core decision-making process enshrined in Article 4 of the Washington Treaty. Political consultations are part of the preventive diplomacy between member states, but they are also an avenue to discuss concerns related to the security threats member states face. These consultations can be a catalyst for reaching a consensus on policies to be adopted or actions to be taken, including those on the use of sovereign cyber effects to support a NATO operation. The alliance has a track record of collective action and cooperative security measures. 

For example, Operation Active Endeavour helped to deter, disrupt and protect against terrorist activity in the Mediterranean in the aftermath of the 9/11 terrorist attacks, in solidarity with the United States. 

In the United States, the greatest failures of response and deterrence to foreign aggression in cyberspace have not been caused by a lack of intelligence, capability or imagination. Rather, US policy has been serviceable in theory but impotent in practice because of an inability to translate technical findings and intelligence into public support for sufficiently tough responses ordered by elected political leaders. 

  • North Korea’s repeated operations targeting US companies and critical infrastructure have been met with public skepticism over their culpability, limiting the strength of retaliatory options needed to deter further events. 
  • Chinese cyber economic espionage continued for years despite widespread knowledge of China’s activities because political leaders found it difficult to confront Beijing without undermining US companies in return.  
  • Russian information operations did not sow enough doubt to mislead experts, but they succeeded in exacerbating the partisan polarisation of an already-divided electorate and its leaders.

That inability to translate the findings of cyber experts into public sentiment and therefore political action has sidelined America’s cyber-warriors, by far the most technologically advanced and well-resourced in the world. 
How can a commander achieve a common operational picture to authorise the use of sovereign effects in a NATO operation if all the allies are not on the same page with respect to critical attribution and other technical information needed for a use of effect in an operation? 

We all know what a tank looks like on a shared satellite image, but if you ask three cyber experts to interpret the attribution for a set of indicators, you are likely to get at least four answers. 

For most US allies in Europe and elsewhere, there is simply a dearth of technical know-how within the government when it comes to cyber attribution and operations. This is already a challenge for the United States, with a massive defense budget, Silicon Valley innovation and an educated workforce to pull into government service. 

But for many US allies, tech-savvy public servants will have long fled for the private sector, non-governmental organisations (NGOs) and academia before reaching ministerial positions.To its credit, the US National Cyber Strategy does propose capacity-building measures to support allies. This means building up law enforcement, intelligence, and military operational and investigative capability. 

But even with successful capacity-building programs, many nations could, in a crisis, end up in the same place the United States is, with good options stuck on the shelf while political leaders and their electorates lack a critical mass of informed voters to trust, understand and act on expert findings.

Long-Term Thinking
In the long run, though, the US and its more technologically advanced allies, such as its fellow Five Eyes (Australia, Canada, New Zealand and the UK), France and Japan, will have to make important policy changes in the interests of furthering alliance cooperation in cyberspace. 

There needs to be a willingness to sometimes risk sensitive sources and methods in order to get cyber threat intelligence into the hands of other countries better positioned to take policy action, an end to classifying public information like IP addresses solely because of their acquisition via classified means, and greater transparency on their own decision-making. NATO’s essential and enduring purpose is to safeguard the freedom and security of all its members by political and military means. 

Tolerating cyberattacks, especially those deliberately targeting civilians and the political legitimacy of governments, without the alliance having the capability to jointly discuss attribution and have the confidence to act and assist one another, undermines this core purpose of the alliance. 

Likewise, pursuing only deterrence and response without an active role for the alliance in reaching peaceful diplomatic agreements with potential adversaries abrogates member responsibilities to their citizens but is impossible without a common language and operational picture to discuss enforcement of such agreements. The US is stronger with allies, and with attention to these issues its cybersecurity can be too.

Lawfare

You Might Also Read: 

NATO Cyber Command Fully Operational In 2023:

 

 

« Zuckerberg Has Failed
Israel's Cyber-Hotline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Emerge Digital

Emerge Digital

Emerge Digital is a technology and digital innovation business and Managed Services Provider providing solutions to SMEs.

Red Maple Technologies

Red Maple Technologies

Started and run by engineers from the UK Intelligence and Defence communities, Red Maple is a technical consultancy and product company.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.

Center for Cyber Security Studies & Research (CFCS2R)

Center for Cyber Security Studies & Research (CFCS2R)

CFCS2R's mission is to empower individuals, organizations, and governments with the knowledge and tools necessary to protect against cyber threats.

EmberOT

EmberOT

EmberOT is at the forefront of operational technology (OT) security, offering cutting-edge solutions designed to protect critical infrastructure within energy, utilities, and manufacturing sectors.