Can NATO Adapt to Cyber Warfare?

November 29th, 2011 at 2:50 pm | 7 Comments |

| Print

What is the likelihood that NATO would invoke Article Five–NATO’s collective defense clause–in response to a cyber attack? The possibility first entered media discourse back in October 2010 when the German Süddeutsche Zeitung reported on an internal memo in which NATO Secretary-General Anders Fogh Rasmussen discussed the use of Article Five in the case of an cyber attack.

Over the past year I have had the opportunity to ask different people within the NATO structure on the matter.

It is unclear if NATO posses the tools to clearly identify the origin of a cyber attack. This is due to the difficulty in countering the so-called “laundering” techniques, which are in use today. Laundering essentially means that it is hard to know the true origin of a cyber attack.

Consider the example of the “Stuxnet” computer virus, which shut down the maneuvering components of the Bushner power plant in Southern Iran. There are many theories about who launched and ordered the attacks.

Some sources suggest that Russian novices created the computer virus and sold it to third parties. Others accuse Israel of orchestrating the attack. Classical deterrence fails to stop cyber attacks as they become more complex, and as multiple levels of people, organizations, and governments develop a virus and send it.

Karl-Heinz Lather, former chief of staff of NATO’s SHAPE stressed to me that NATO’s cyber strategy is first and foremost internally orientated. Much like a bank, NATO has to first secure its own critical infrastructures. Hence the security of “NATO’s own networks” has clear priority before any national, international, or regional networks or grids.

Lather did confess that there currently is no “recipe” which NATO can use to clearly respond to cyber attacks. “Article five responses require very concrete targets, which you don’t have with cyber attacks.” As a result, Lather deems the Article Five issue as off the table for the alliance.

However, Jamie Shea, NATO Deputy Assistant Secretary General for Emerging Security Challenges seemed more assured on the issue. While cyber attacks are “admittedly difficult” he did voice confidence in the progress of NATO’s “cyber forensics” especially since “cyberspace [has become a] leading area of investment for the private sector IT companies and governments alike.”

In addition, Shea stressed a legal parameter for responding to cyber attack where “countries suspected of launching cyber attacks could be put under a legal obligation to cooperate with an investigation on behalf of the victim.”

Despite the barriers presented by “laundering”, one must recognize that state-sponsored cyber-attacks are on the rise and require a strong deterrent.

Jaak Aaviksoo, the Estonian defense minister has urged NATO to resolve the cyber matter since at the moment, “Not a single NATO defense minister would define a cyber-attack as a clear military action at present.”

A solution that has been recently put forward by NATO’s Cooperative Cyber Defense Center of Excellence (CCDCOE) is the creation of an individual signature for each Internet user. According to Katharina Ziolkowski, legal advisor to the CCDCOE, the proposal would seek to solve the laundering problem by providing an “individual signature to everyone who acts within the Internet.”

At the end of the day one should be cautious of the preemptive application of Article Five towards cyber attacks as it could open a new Pandora’s box towards false-flag pretexts for war as certain individuals would be tempted to “flag” their cyber attackers.

All in all it seems that chances are high that the enemy fire of the future will not come from the barrel of a gun but rather through a fibre optic cable.

Recent Posts by Robin Tim Weis



7 Comments so far ↓

  • CautiousProgressive

    This is an interesting piece. I hope that it heralds a broader discussion of this issue.

    For perspective: cyber warfare bears much more resemblance to classic espionage than it does to any notion of conventional warfare.

  • NRA Liberal

    Jack into the net! Black ice!

  • ConnerMcMaub

    Great article, wish it was longer. Talk about an issue without easy solutions. I disagree with CautiousProgressive’s point that “cyber warfare bears much more resemblance to classic espionage than it does to any notion of conventional warfare” but think his statement could be fixed by putting “so far” at the end. When real war comes to developed nations this will be the first thing they do. Look at what happened in Estonia a few years ago and that was over the Estonians moving a Soviet monument, imagine if the Russians were really bent on economic destruction. Didn’t they use a cyber attack on Georgia when they invaded? Countries are still keeping their cyberwar capabilities secret and unused, Stuxnet is the exception.

  • Marquis

    I don’t necessarily believe that future wars will be fought on digital battlefields alone. The world, by and far, has accepted some form of democracy or self-government as ideal; even authoritarian regimes like China and Cuba are slowly implementing reforms such market access and property rights, and nations that resist this change (i.e. North Korea) have largely become pariah states. That means the 21st century probably won’t have a large scale shooting war or even a digital war. No, I believe technology alone will not solve problems of geopolitical conflict and global instability. Instead, I think this century will be characterized by low-intensity guerrilla warfare and international terrorism, and our primary defense needs will require special operations and HUMINT capabilities.

  • andydp

    I fully agree it should have been longer. Even without the details I’m sure we can personally come up with examples of Cyberwar and how it messed up the target. North Korea and China seem to be leading the way in this field.
    Meanwhile, all we get are articles from people telling us about the dangers and the “destruction” we face if an all out attack is ever launched. We worry about NATO and the C3 structure of our military, as we should. What we don’t think about is not being able to get coffee at Starbucks if the servers are fried. I’m using a simple example but you can imagine what problems would ensue if your mortgage payment history was wiped out.
    These are very real threats and problems not just to Military systems. Many companies ignore it or flub it off as “too expensive”. Articles I’ve read all imply major corporations and banks have been big victims of cyber crimes but very little is made public.