"Significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack", NATO said for the first time at its 2021 summit -- pointing to "cyber threats to the security of the Alliance [that] are complex, destructive, coercive, and becoming ever more frequent."
That does not mean that the alliance is gearing up to respond militarily to the next ransomware attack on the CNI of a member state, but does highlight a growing recognition of the emerging need to respond to "grey zone" attacks and quite how damaging hybrid/cumulative cyber attacks could be.
("A decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis," the Alliance emphasised on June 14.)
The comments in NATO's "Brussels Summit Communiqué" came as the alliance also noted that its Cyberspace Operations Centre had now achieved "Initial Operational Capability", earlier than many had anticipated. (NATO agreed to set up the Cyberspace Operations Centre in 2018, with the aim of providing situational awareness and centralised planning for the cyberspace aspects of NATO operations, with cyber firmly recognised as a "mission problem", rather than an "IT problem" -- it first recognised cyber as a domain of operations in 2016.)
NATO has meanwhile been moving aggressively to bolster its own digital capabilities.
Some of these efforts have included institutional house-keeping and a push for change-management when it comes to NATO's own digital transformation. The Alliance in late 2020, for example, advertised for its first pan-Allians Chief Information Officer (CIO) to bring together thousands of fragmented systems and provide more of an enterprise approach to IT procurement (a CIO has been selected, with the candidate going through extensive security checks, The Stack understands).
Doubling down on the need to support innovation across the Allianz, member states on June 14 also announced that they would be launching a NATO Innovation Fund, to "support start-ups working on dual-use emerging and disruptive technologies in areas key to Allied security." (A capitalisation figure for the fund was not provided.)
Follow The Stack on LinkedIn
"Cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent. This has been recently illustrated by ransomware incidents and other malicious cyber activity targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm", the June 14 communiqué said.
"To face this evolving challenge, we have today endorsed NATO’s Comprehensive Cyber Defence Policy, which will support NATO’s three core tasks and overall deterrence and defence posture, and further enhance our resilience. Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law."
The comments came as the Alliance pointed to the need for it to respond to "cyber, hybrid, and other asymmetric threats, including disinformation campaigns, and by the malicious use of ever-more sophisticated emerging and disruptive technologies".
NATO's members agreed that "our nations continue to face threats and challenges from both state and non-state actors who use hybrid activities to target our political institutions, our public opinion, and the security of our citizens. While the primary responsibility for responding to hybrid threats rests with the targeted nation, NATO is ready, upon Council decision, to assist an Ally at any stage of a hybrid campaign being conducted against it, including by deploying a Counter Hybrid Support Team. In cases of hybrid warfare, the Council could decide to invoke Article 5 of the Washington Treaty, as in the case of an armed attack.
"NATO and Allies will continue to prepare for, deter, and defend against hybrid threats. Individual Allies may consider, when appropriate, attributing hybrid activities and responding in a coordinated manner, recognising attribution is a sovereign national prerogative. We are enhancing our situational awareness and expanding the tools at our disposal to counter hybrid threats,including disinformation campaigns,by developing comprehensive preventive and response options. We will also continue to support our partners as they strengthen their resilience in the face of hybrid challenges."