NATO’s Cyber-Capabilities Are Only Defensive


The North Atlantic Treaty Organisation’s (NATO) ability to respond offensively to Cyber-attacks is hindered by its previous inaction and inherent difficulties surrounding Cyber defense. 

During the 2016 NATO Warsaw Summit, NATO officially recognised Cyberspace as an operational domain of warfare alongside air, sea, and land. The intended purpose of that action is to allow NATO members to strengthen Cyber capabilities and network protection. 

This includes bringing Cyber-attacks under the scope of Article 5 of the North Atlantic Treaty, which states that an attack on an Ally or Allies shall prompt collective defense from the Alliance. While the move seeks to clarify Cyber’s position in warfare, issues with attribution and a lack of a cyber ‘red line’ make it difficult for NATO to actually invoke Article 5 in response to Cyber-attacks on its Allies and partners.

Inherent difficulties with establishing a Cyber ‘red line’ make it difficult to know when it would be acceptable to invoke Article 5. While labeling Cyber as an operational domain of warfare was not a direct response to any particular adversary’s behavior, it is clear that Russia remains the biggest concern for the Alliance. 

In the past, NATO has been reluctant to respond to Cyber-attacks on its Allies and partners. The distributed denial of service attack on Estonia in 2007, cyber blockade of Georgia in 2008, attacks on Ukrainian energy infrastructure in 2015, and numerous other incidents of Cyber-attacks have been attributed to Russia in recent years.

Yet NATO took no offensive action to support those countries. It remains unclear what form a Cyber-attack would take and how severe a Cyber-attack would need to be in order to force NATO to invoke Article 5 or take an offensive posture. The recent Democratic National Committee hacks underscore this uncertainty and highlight NATO’s reluctance to take offensive action against Russian Cyber aggression.

Difficulties associated with attributing cyber-attacks to specific perpetrators also makes it difficult for NATO to invoke Article 5 in response to cyber-attacks. Highly skilled states, groups, and individuals who perpetrate major cyber-attacks will attempt to avoid being attributed through various technical methods. 

Though states often know who is responsible for a Cyber-attack based on the current geopolitical climate, it is not always possible to directly link a state or group to an attack with indisputable evidence. The issue of identifying an attacker is exacerbated by NATO Allies and partners’ reluctance to share Cyber capability information with one another. 

Some Allies are concerned that others in the Alliance do not make similar investments in Cyber capabilities and are thus hesitant to reveal their own capabilities. Others do not share information based on the secrecy surrounding technology and intelligence gathering. The reluctance of Allies and partners to share critical information creates barriers to preventing or halting Cyber-attacks.

Recent cyber-attacks against NATO Allies and partners demonstrates that a defensive Cyber posture is ineffective in countering Cyber aggression. Labeling cyber as a domain of warfare is a step in the right direction, but a stronger framework is needed to clarify when NATO must take an offensive rather than a defensive posture in dealing with Cyber-attacks. 

A clarified offensive framework would blend conventional and non-conventional warfare and technology, creating a stronger deterrence mechanism to combat and reduce Cyber-attacks. 

However, NATO still needs to determine ‘red lines’ for invoking Article 5 and improve on sharing Cyber capabilities between member states to help identify attackers and appropriately act upon attribution. Without such a pre-determined framework, NATO Allies and partners will likely be unsure of how to respond during times of Cyber conflict.

Georgetown Security Studies


 

« US And Russia Face Off Over Syria & Cyber Attacks
US Security Bureau Finally Reacts To Snowden »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

TI Safe

TI Safe

TI Safe provide cybersecurity solutions for industrial networks of main critical infrastructures in Latin America.

CyberGhost

CyberGhost

CyberGhost is a Virtual Private Network services provider offering secure encrypted access to the internet.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

Bugbank

Bugbank

Bugbank (aka Vulnerability Bank) is a leading SaaS platform for internet security services in China.

PagerDuty

PagerDuty

PagerDuty is the central nervous system for a company’s digital operations. We identify issues in real-time and bring together the right people to respond to problems faster.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.