NATO Warns Of Military Response To Cyber Attacks

Jens Stoltenberg, the secretary general of NATO, has warned that cyber attacks could result in a military response and that  it is prepared to treat cyber attacks in a similar way to an armed attack against allies and will make  a military response against the perpetrators. 

US President Joe Biden Russian and President Vladimir Putin have recently agreed to develop a cyber security arrangement between the two countries after discussing the issue of ransomware at their summit in Geneva. Biden told President Putin that certain critical infrastructure should be "off-limits" to cyber attacks.

Biden says he and Putin will begin discussion with the aim to "to begin to bring some order" after a number of recent high-profile attacks by criminal gangs on a number of US companies. These talks will be complicated as they don’t agree as to who was to blame for the growing problem of ransomware.  Alliance members agreed a new cyber security strategy in response, and will for the first time help each other out in the case of “cyber-attacks of significance”, mirroring NATO's obligation of collective defence in the traditional military sphere, expressed in article 5.

Now in a statement issued by the Heads of State and of 30 NATO Governments who attended the meeting of the North Atlantic Council in June, the military alliance revealed it has endorsed a Comprehensive Cyber Defence Policy, in which a decision will be taken to invoke Article 5 “on a case-by-case basis” following a cyber attack.  

NATO leaders also said China presents a cyber security risk has asserted NATO needs to respond to Beijing’s growing power. Jens Stoltenberg says that China was “not an adversary”, saying instead NATO's strategy was to address “the challenges” posed by Beijing, which will “soon be the biggest economy in the world” and “already has the second-largest defence budget, the biggest navy”.

Under Article 5 of the NATO treaty, first signed in 1949, when any NATO ally is the victim of an armed attack, it will be considered an attack on all alliance members, who will theoretically take any actions necessary to defend that ally. “We are increasingly confronted by cyber, hybrid, and other asymmetric threats, including disinformation campaigns, and by the malicious use of ever-more sophisticated emerging and disruptive technologies.  Rapid advances in the space domain are affecting our security... The proliferation of weapons of mass destruction and the erosion of the arms control architecture also undermine our collective security.  Climate change is a threat multiplier that impacts Alliance security."  

The announcement has come amid rising cyber threats to the alliance, which NATO said are “complex, destructive, coercive, and becoming ever more frequent.”  It said that recent ransomware and other types of cyber-attacks “targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm.” Recent cyber attacks include the ransomware attack on Colonial Pipeline, which forced the US largest fuel pipeline offline and was apparently done by Russian state backed cyber hackers.

“Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law,” the statement reads.

NATO's Comprehensive Cyber Defence Policy is designed to support NATO’s three core tasks and overall deterrence and defence posture, and enhance resilience.  As an example of more frequent intrusions in other nations’ affairs, Stoltenberg  noted Russia’s meddling in domestic elections and cyber attacks on its neighbors and aggressive military behavior in Ukraine He also made specific reference to Russia-based malware attacks through SolarWinds and on the German government

NATO:    BBC:     USNI:   ReutersOodaloop:     Guardian:     Infosecurity Magazine:    BBC:    

You Might Also Read: 

Results: NATO’s 2021 Cyber War Game:

 

« SANS and AWS Marketplace webinar: Shifting your network security architecture to the cloud
A Quick Guide To Business Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

SureCloud

SureCloud

SureCloud is a Governance, Risk and Compliance (GRC) and Cybersecurity Solutions provider.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Cyber8Lab

Cyber8Lab

Cyber8Lab provides cybersecurity training programmes simulating real world cybersecurity incidents such as web defacement, malware, phishing, digital forensics analysis and wireless intrusion.

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

Nouveau

Nouveau

Nouveau Solutions is a specialist IT managed services company with a strategic focus on delivering cloud, infrastructure, compliance, network and security solutions.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.