Military alliance wants to encompass member countries’ cyberwarfare capabilities into its options
NATO wants to add the cyberwarfare capabilities of member states to its range of military options.
“We must be just as effective in the cyber domain as we are on land, at sea and in the air, with real-time understanding of the threats we face and the ability to respond however and whenever we choose,” said NATO Secretary General Jens Stoltenberg.
The world’s largest military alliance said it will create a new Cyber Operations Centre as part of an update to NATO’s strategy — a move that comes at least in part as a response to what Stoltenberg described as a “more assertive’ Russia on its borders.
The new centre will help integrate cyber into NATO planning and operations at all levels. NATO will also integrate its members’ cyberwar capabilities into its missions and operations, although the nations will continue to own them “just as allies own the tanks, the ships and aircraft in NATO missions,” Stoltenberg said.
He said that in some scenarios the use of cyber weapons may be more proportionate than a standard military response.
“For NATO, it is always our aim to use minimum force to achieve maximum effect and therefore cyber effects may be the best response,” said Stoltenberg, following a meeting of NATO defence ministers. He noted that NATO states have used cyber attacks against ISIS in Iraq and Syria.
“I strongly believe that in any military conflict cyber will be an integrated part, and therefore we need to strengthen our cyber defences and our cyber capabilities,” said Stoltenberg.
The NATO Secretary General wouldn’t say where cyber weapons were likely to be used next but said: “We are now integrating cyber effects into NATO missions and operations to respond to a changed and new security environment where cyber is part of the threat picture we have to respond to.”
It will be up to member states to decide what kinds of cyberwar capabilities they are willing share with NATO.
“And regardless of whether we speak about a plane or a tank or a cyber capability, the use of these capabilities is going to be in accordance with international law and it’s going to be part of the defensive posture of NATO,” Stolenberg said.
An evolving cyberwar strategy
Adding cyber weapons to NATO’s armoury is just the latest step in the alliance’s cyberwarfare strategy, which has been evolving rapidly in recent years. In 2014, as exclusively revealed by ZDNet, NATO updated its cyber defence policy to make it clear that a cyber attack can be treated as the equivalent of an attack with conventional weapons, clarifying that a major digital attack on a member state could be covered by Article 5, the collective defence clause. And in June 2016 NATO said it would define cyberspace as an “operational domain” — an area in which conflict can take place.
But it’s not clear what nations will chose to share with NATO. While some members, such as the US and the UK, have been vocal about building cyberwarfare capabilities, other NATO states have paid very little attention to cyber defence capabilities.
And while some cyberwarfare and cyberdefence knowhow is relatively easy to share, cyberweapons are different from conventional weapons. They tend to be very expensive, hard to use, and are effective only against particular systems or targets. Laying the groundwork for deploying them can also take a long time, as it will often involve infiltrating systems over long periods. The most sophisticated are often based on zero-day software vulnerabilities, which means that once used they cannot be re-used, as the targets can analyse the weapon and update their systems to protect against it.
NATO’s increased focus on cyber operations comes as some countries worry about hackers probing their critical national infrastructure, with the US warning of an ongoing hacking campaign targeting energy companies, government and manufacturing.