NATO Allies Say Kinetic Response to Cyberattacks on Table

Just days before President Biden was set to meet with Russia President Vladimir Putin, with cyberattacks a key topic on the agenda, NATO heads of state and government met at the North Atlantic Council meeting in Brussels and issued a communiqué that ultimately equates cyberattacks with kinetic attacks and leaves the possibility of military action against hackers on the table.

“If necessary, we will impose costs on those who harm us. Our response need not be restricted to the cyber domain,” the communiqué said. “We reaffirm that a decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis.”

The group called out Russia in particular, pointing to the country’s “attempted interference in Allied elections and democratic processes; political and economic pressure and intimidation; widespread disinformation campaigns; malicious cyber activities; and turning a blind eye to cyber criminals operating from its territory, including those who target and disrupt critical infrastructure in NATO countries.”

After the summit with Biden in Geneva today, Putin denied Russia’s involvement in cyberattacks against the U.S. and others.

Safeguarding against cyberattacks has become a priority for NATO (and just about any organization concerned with security of government and business). Recent attacks by Russian hackers–particularly the SolarWinds attack that penetrated nine U.S. government agencies and more than 300 private companies–have raised the hackles of the international community both in the public and private sectors. The NATO allies pointed to “the systemic effects and significant harm” those types of attacks could cause on critical infrastructure and democratic institutions.

Acknowledging that “cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent,” the alliance endorsed  NATO’s Comprehensive Cyber Defense Policy, “which will support NATO’s three core tasks and overall deterrence and defense posture, and further enhance our resilience,” the communique read.

The group recommitted to “a free, open, peaceful, and secure cyberspace” as well as to “efforts to enhance stability and reduce the risk of conflict by supporting international law and voluntary norms of responsible state behavior in cyberspace.” That includes leaning more on NATO as platform that allies can use to share concerns over malicious cyber activities and share responses to cyberattacks, “as well as considering possible collective responses.”

Noting that “we live in the world where cyber defense is imperative for companies and countries, Elena Elkina, partner at Aleada, said, “in the light of the frequency, complexity, and destructive power of the most recent attacks, the only surprise is that it took NATO up to this point to make public this decision and take assertive action.”

She said that “the time for delicacy is over, and it is time for NATO to reaffirm its position and request other countries to act respectfully and responsibly.”

Doug Britton, CEO of Haystack Solutions and a former linguist and HUMINTer in U.S. Army intelligence with U.S. Special Forces Command during Operation Enduring Freedom, said the communiqué clarifies “that the U.S. and her allies must change the urgency and economics around finding the undiscovered cyber geniuses whose innate aptitudes make them among the potential best and brightest, and then train them at a new pace and price point, and get them into the fight as soon as possible.”  This statement, he said, is “a clarion call for the best talent on defense, repelling attackers at the cyber borders, and on offense, deploying cyber weapons against adversaries.”

Though NATO’s message might come a bit later than cybersecurity leaders might have wanted, it is step in the right direction. “Most experts agreed that, because of the open nature of the democratic networks, to be effective against these attacks the West must apply pressure to the points of origin of such attacks,” said Garret Grajek, CEO at YouTest. NATO’s message is just that—a strong sign to the nations that either harbor or turn a blind-eye to attackers on its soil that these malware campaigns will be taken very seriously.”

Avatar photo

Teri Robinson

From the time she was 10 years old and her father gave her an electric typewriter for Christmas, Teri Robinson knew she wanted to be a writer. What she didn’t know is how the path from graduate school at LSU, where she earned a Masters degree in Journalism, would lead her on a decades-long journey from her native Louisiana to Washington, D.C. and eventually to New York City where she established a thriving practice as a writer, editor, content specialist and consultant, covering cybersecurity, business and technology, finance, regulatory, policy and customer service, among other topics; contributed to a book on the first year of motherhood; penned award-winning screenplays; and filmed a series of short movies. Most recently, as the executive editor of SC Media, Teri helped transform a 30-year-old, well-respected brand into a digital powerhouse that delivers thought leadership, high-impact journalism and the most relevant, actionable information to an audience of cybersecurity professionals, policymakers and practitioners.

teri-robinson has 196 posts and counting.See all posts by teri-robinson