NATO’s Cyber-Capabilities Are Only Defensive

Uploaded on 2016-10-17 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW


The North Atlantic Treaty Organisation’s (NATO) ability to respond offensively to Cyber-attacks is hindered by its previous inaction and inherent difficulties surrounding Cyber defense. 

During the 2016 NATO Warsaw Summit, NATO officially recognised Cyberspace as an operational domain of warfare alongside air, sea, and land. The intended purpose of that action is to allow NATO members to strengthen Cyber capabilities and network protection. 

This includes bringing Cyber-attacks under the scope of Article 5 of the North Atlantic Treaty, which states that an attack on an Ally or Allies shall prompt collective defense from the Alliance. While the move seeks to clarify Cyber’s position in warfare, issues with attribution and a lack of a cyber ‘red line’ make it difficult for NATO to actually invoke Article 5 in response to Cyber-attacks on its Allies and partners.

Inherent difficulties with establishing a Cyber ‘red line’ make it difficult to know when it would be acceptable to invoke Article 5. While labeling Cyber as an operational domain of warfare was not a direct response to any particular adversary’s behavior, it is clear that Russia remains the biggest concern for the Alliance. 

In the past, NATO has been reluctant to respond to Cyber-attacks on its Allies and partners. The distributed denial of service attack on Estonia in 2007, cyber blockade of Georgia in 2008, attacks on Ukrainian energy infrastructure in 2015, and numerous other incidents of Cyber-attacks have been attributed to Russia in recent years.

Yet NATO took no offensive action to support those countries. It remains unclear what form a Cyber-attack would take and how severe a Cyber-attack would need to be in order to force NATO to invoke Article 5 or take an offensive posture. The recent Democratic National Committee hacks underscore this uncertainty and highlight NATO’s reluctance to take offensive action against Russian Cyber aggression.

Difficulties associated with attributing cyber-attacks to specific perpetrators also makes it difficult for NATO to invoke Article 5 in response to cyber-attacks. Highly skilled states, groups, and individuals who perpetrate major cyber-attacks will attempt to avoid being attributed through various technical methods. 

Though states often know who is responsible for a Cyber-attack based on the current geopolitical climate, it is not always possible to directly link a state or group to an attack with indisputable evidence. The issue of identifying an attacker is exacerbated by NATO Allies and partners’ reluctance to share Cyber capability information with one another. 

Some Allies are concerned that others in the Alliance do not make similar investments in Cyber capabilities and are thus hesitant to reveal their own capabilities. Others do not share information based on the secrecy surrounding technology and intelligence gathering. The reluctance of Allies and partners to share critical information creates barriers to preventing or halting Cyber-attacks.

Recent cyber-attacks against NATO Allies and partners demonstrates that a defensive Cyber posture is ineffective in countering Cyber aggression. Labeling cyber as a domain of warfare is a step in the right direction, but a stronger framework is needed to clarify when NATO must take an offensive rather than a defensive posture in dealing with Cyber-attacks. 

A clarified offensive framework would blend conventional and non-conventional warfare and technology, creating a stronger deterrence mechanism to combat and reduce Cyber-attacks. 

However, NATO still needs to determine ‘red lines’ for invoking Article 5 and improve on sharing Cyber capabilities between member states to help identify attackers and appropriately act upon attribution. Without such a pre-determined framework, NATO Allies and partners will likely be unsure of how to respond during times of Cyber conflict.

Georgetown Security Studies


 

« US And Russia Face Off Over Syria & Cyber Attacks
US Security Bureau Finally Reacts To Snowden »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

SWAT Systems

SWAT Systems

SWAT Systems is an IT support and cyber security managed service provider.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

Fulcrum IT Partners

Fulcrum IT Partners

Fulcrum IT Partners is the parent company of an expanding portfolio of established IT solution companies around the world with proven expertise in cyber security, cloud, and managed services.

Relatech

Relatech

Relatech is a Digital Enabler Solution Knowledge (D.E.S.K.) Company that offers digital services and solutions dedicated to the digital transformation of businesses.

Pontiro

Pontiro

At Pontiro, we are enabling a new era of data-sharing. Bridging the gap between protected data and valuable insights through the use of cutting edge Homomorphic Encryption.