The alliance will guard its cyber domain—and invoke collective defence if required (This article appears in Prospect’s new cyber resilience supplement)by Jens Stoltenberg / August 27, 2019 / Leave a comment
It takes just one click to send a cyber virus spreading across the globe, but it takes a global effort to stop it from wreaking havoc—and Nato is playing its part.
In just minutes, a single cyberattack can inflict billions of dollars’ worth of damage to our economies, bring global companies to a standstill, paralyse our critical infrastructure, undermine our democracies and cripple our military capabilities. We have seen much of this happen already. And the reality is that cyberattacks are a threat we will need to contend with in the decades to come.
Cyberthreats to the security of our alliance are becoming more frequent, more complex and more destructive. They vary from low-level attempts to technologically sophisticated attacks. They come from state and non-state actors, from close to home and the other side of the world. Malicious actors can attack anything automated and networked, including the mobile phones in our pockets or the computers controlling our critical systems and infrastructure. Attacks can affect every one of us. In the United Kingdom, the 2017 WannaCry virus crippled computers in hospitals across the country, cancelling thousands of scheduled operations and costing the National Health Service millions of pounds. Even Nato is not immune to cyberattacks and we register suspicious activity against our systems every day.
To keep us all safe, as it has been doing for 70 years, Nato is adapting to this new reality. For Nato, a serious cyberattack could trigger Article 5 of our founding treaty. This is our collective defence commitment where an attack against one ally is treated as an attack against all. We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at sea. This means we will deter and defend against any aggression towards allies, whether it takes place in the physical world or the virtual one.
“A serious cyberattack could trigger Article 5, where an attack against one ally is treated as an attack against all”
We are establishing a new Cyberspace Operations Centre in Mons, Belgium, to increase our military commanders’ cyber situational awareness. We can now also draw from allies’ national cyber capabilities for Nato missions and operations.
Alongside Nato’s multilateral efforts to tackle the cyberthreat, individual allies are boosting their own cyber systems. We saw, for example, how some nations, not least the UK, successfully used cyber within the Global Coalition to Defeat the Islamic State (IS). It was able to suppress IS propaganda, disrupt their recruitment of foreign fighters, and degrade their ability to co-ordinate attacks.
By strengthening their cyberdefence capabilities, improving their legal and institutional frameworks, and increasing resources—both people and money—devoted to confronting cyberthreats, allies have reduced the vulnerability of their networks and infrastructures.
As a result, we are tackling increasingly complex cyberthreats faster and more efficiently, and we are all more aware of—and resilient to—attacks. This was demonstrated last October, when authorities in the Netherlands, with the help of British experts, foiled an attack by Russia on the Organisation for the Prohibition of Chemical Weapons in The Hague. We must remain vigilant and prepared for whatever lies ahead of us in cyberspace.
For this, we must work ever more closely together and leverage our unique network of allies, partner countries and organisations. No single country alone can secure cyberspace. But by co-operating closely, sharing expertise, we will not only survive, but thrive in the new digital age.
The more information we have, the more prepared we are. By working with the European Union, strengthening the ways in which we share information, train, educate, and conduct exercises together, we will ensure that we have the most robust tools possible for responding to the growing cyberthreat. This autumn, EU staff will again take part in Nato’s own Cyber Coalition—one of the largest cyberdefence exercises in the world to test and train experts in their ability to defend Nato and national networks.
At the same time, we must strengthen our relationship with industry to take full advantage of innovation and keep pace with technological advances. This will improve our cyberdefence capabilities. Industry creates, operates and innovates in this space so this relationship will only become more important as we transition to the “internet of things,” with more smart devices embedded in our everyday lives, and to the greater use of artificial intelligence, machine learning and quantum computing.
As we look ahead, we must continue to build a strong and diverse workforce of future cyber defenders. The UK has already started doing this with “CyberFirst,” a programme aimed at supporting and preparing undergraduates for a career in cybersecurity. We must be smart about recruiting, training and retaining highly skilled cyber experts, and make sure their skills are kept sharp through regular exercises, as we do, for instance, through our Cyber Coalition exercises.
Cyberspace is the new battleground and making Nato cyber ready—well-resourced, well-trained, and well-equipped—is a top priority as we look towards the Nato summit in London in December and beyond.
This piece features in Prospect’s new cyber resilience supplement