NATO Allies Say Kinetic Response to Cyberattacks on Table
Just days before President Biden was set to meet with Russia President Vladimir Putin, with cyberattacks a key topic on the agenda, NATO heads of state and government met at the North Atlantic Council meeting in Brussels and issued a communiqué that ultimately equates cyberattacks with kinetic attacks and leaves the possibility of military action against hackers on the table.
“If necessary, we will impose costs on those who harm us. Our response need not be restricted to the cyber domain,” the communiqué said. “We reaffirm that a decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis.”
The group called out Russia in particular, pointing to the country’s “attempted interference in Allied elections and democratic processes; political and economic pressure and intimidation; widespread disinformation campaigns; malicious cyber activities; and turning a blind eye to cyber criminals operating from its territory, including those who target and disrupt critical infrastructure in NATO countries.”
After the summit with Biden in Geneva today, Putin denied Russia’s involvement in cyberattacks against the U.S. and others.
Safeguarding against cyberattacks has become a priority for NATO (and just about any organization concerned with security of government and business). Recent attacks by Russian hackers–particularly the SolarWinds attack that penetrated nine U.S. government agencies and more than 300 private companies–have raised the hackles of the international community both in the public and private sectors. The NATO allies pointed to “the systemic effects and significant harm” those types of attacks could cause on critical infrastructure and democratic institutions.
Acknowledging that “cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent,” the alliance endorsed NATO’s Comprehensive Cyber Defense Policy, “which will support NATO’s three core tasks and overall deterrence and defense posture, and further enhance our resilience,” the communique read.
The group recommitted to “a free, open, peaceful, and secure cyberspace” as well as to “efforts to enhance stability and reduce the risk of conflict by supporting international law and voluntary norms of responsible state behavior in cyberspace.” That includes leaning more on NATO as platform that allies can use to share concerns over malicious cyber activities and share responses to cyberattacks, “as well as considering possible collective responses.”
Noting that “we live in the world where cyber defense is imperative for companies and countries, Elena Elkina, partner at Aleada, said, “in the light of the frequency, complexity, and destructive power of the most recent attacks, the only surprise is that it took NATO up to this point to make public this decision and take assertive action.”
She said that “the time for delicacy is over, and it is time for NATO to reaffirm its position and request other countries to act respectfully and responsibly.”
Doug Britton, CEO of Haystack Solutions and a former linguist and HUMINTer in U.S. Army intelligence with U.S. Special Forces Command during Operation Enduring Freedom, said the communiqué clarifies “that the U.S. and her allies must change the urgency and economics around finding the undiscovered cyber geniuses whose innate aptitudes make them among the potential best and brightest, and then train them at a new pace and price point, and get them into the fight as soon as possible.” This statement, he said, is “a clarion call for the best talent on defense, repelling attackers at the cyber borders, and on offense, deploying cyber weapons against adversaries.”
Though NATO’s message might come a bit later than cybersecurity leaders might have wanted, it is step in the right direction. “Most experts agreed that, because of the open nature of the democratic networks, to be effective against these attacks the West must apply pressure to the points of origin of such attacks,” said Garret Grajek, CEO at YouTest. NATO’s message is just that—a strong sign to the nations that either harbor or turn a blind-eye to attackers on its soil that these malware campaigns will be taken very seriously.”
