NATO’s Cyber-Capabilities Are Only Defensive


The North Atlantic Treaty Organisation’s (NATO) ability to respond offensively to Cyber-attacks is hindered by its previous inaction and inherent difficulties surrounding Cyber defense. 

During the 2016 NATO Warsaw Summit, NATO officially recognised Cyberspace as an operational domain of warfare alongside air, sea, and land. The intended purpose of that action is to allow NATO members to strengthen Cyber capabilities and network protection. 

This includes bringing Cyber-attacks under the scope of Article 5 of the North Atlantic Treaty, which states that an attack on an Ally or Allies shall prompt collective defense from the Alliance. While the move seeks to clarify Cyber’s position in warfare, issues with attribution and a lack of a cyber ‘red line’ make it difficult for NATO to actually invoke Article 5 in response to Cyber-attacks on its Allies and partners.

Inherent difficulties with establishing a Cyber ‘red line’ make it difficult to know when it would be acceptable to invoke Article 5. While labeling Cyber as an operational domain of warfare was not a direct response to any particular adversary’s behavior, it is clear that Russia remains the biggest concern for the Alliance. 

In the past, NATO has been reluctant to respond to Cyber-attacks on its Allies and partners. The distributed denial of service attack on Estonia in 2007, cyber blockade of Georgia in 2008, attacks on Ukrainian energy infrastructure in 2015, and numerous other incidents of Cyber-attacks have been attributed to Russia in recent years.

Yet NATO took no offensive action to support those countries. It remains unclear what form a Cyber-attack would take and how severe a Cyber-attack would need to be in order to force NATO to invoke Article 5 or take an offensive posture. The recent Democratic National Committee hacks underscore this uncertainty and highlight NATO’s reluctance to take offensive action against Russian Cyber aggression.

Difficulties associated with attributing cyber-attacks to specific perpetrators also makes it difficult for NATO to invoke Article 5 in response to cyber-attacks. Highly skilled states, groups, and individuals who perpetrate major cyber-attacks will attempt to avoid being attributed through various technical methods. 

Though states often know who is responsible for a Cyber-attack based on the current geopolitical climate, it is not always possible to directly link a state or group to an attack with indisputable evidence. The issue of identifying an attacker is exacerbated by NATO Allies and partners’ reluctance to share Cyber capability information with one another. 

Some Allies are concerned that others in the Alliance do not make similar investments in Cyber capabilities and are thus hesitant to reveal their own capabilities. Others do not share information based on the secrecy surrounding technology and intelligence gathering. The reluctance of Allies and partners to share critical information creates barriers to preventing or halting Cyber-attacks.

Recent cyber-attacks against NATO Allies and partners demonstrates that a defensive Cyber posture is ineffective in countering Cyber aggression. Labeling cyber as a domain of warfare is a step in the right direction, but a stronger framework is needed to clarify when NATO must take an offensive rather than a defensive posture in dealing with Cyber-attacks. 

A clarified offensive framework would blend conventional and non-conventional warfare and technology, creating a stronger deterrence mechanism to combat and reduce Cyber-attacks. 

However, NATO still needs to determine ‘red lines’ for invoking Article 5 and improve on sharing Cyber capabilities between member states to help identify attackers and appropriately act upon attribution. Without such a pre-determined framework, NATO Allies and partners will likely be unsure of how to respond during times of Cyber conflict.

Georgetown Security Studies


 

« US And Russia Face Off Over Syria & Cyber Attacks
US Security Bureau Finally Reacts To Snowden »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Wisegate

Wisegate

Wisegate is a community of IT experts providing advisory services on all areas of IT including security.

Telefonica Tech

Telefonica Tech

Telefónica Cyber Security Tech is focused on the prevention, detection and appropriate response to security incidents aimed at protecting your digital services.

Cast Software

Cast Software

CAST is a pioneer in Software Analysis and Measurement (SAM) to capture and quantify the reliability and security of business applications.

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

Reco AI

Reco AI

Reco is an identity-centric SaaS security solution that empowers organizations with full visibility into every app, identity, and their actions to control risk in their SaaS ecosystem.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.