The North Atlantic Trade Organization (NATO) has officially declared that cyberspace is a domain for war, placing it alongside the traditional battlegrounds of land, sea and air.
The move is a reflection of changing warfare tactics, where cyber-attacks are just as crucial and effective as more traditional methods.
Speaking at the meeting where the declaration was made, NATO secretary general Jens Stoltenberg said: “[This] means that we will coordinate and organize our efforts to protect against cyber-attacks in a better and more efficient way. This is about developing our capabilities and ability to partly protect NATO cyber networks but also to help and assist nations in defending their cyber networks.”
“Since it’s very hard to imagine a military conflict today without a cyber dimension, this is important, related to almost all possible conflicts we can foresee in the future,” he added.
It means NATO members can work together and support each other on cyber defenses. “This is about a better framework to manage resources, skills and capabilities, and better coordination of our decisions,” Stoltenberg said.
NATO added that under its new directives, a cyber-attack on a NATO ally can trigger Article 5 – this is when an attack on one is considered an attack on all, and can result in a collective response.
However it’s not just in Article 5 situations where NATO’s declaration could have an impact. NATO’s work in Afghanistan, for example, could benefit from a collective defense of its network to ensure it is safe from hackers or other malicious activity that could reduce its effectiveness, Stoltenberg said.
Despite this, the declaration has drawn criticism from some security experts. Simon Crosby, CTO and co-founder of Bromium, believes NATO lacks the resources to defend its members from cyber-attacks as a collective.
“The idea of NATO is a collective capability for defense, which when any one member is attacked can trigger the appropriate defensive military action. In cyber, NATO has none. Instead, individual member countries, to varying degrees cooperative or suspicious, more or less collaborates to share information on threats,” he said.
“The organization was founded to protect the members by, in extremes, deploying conventional non-cyber assets to effectively combat a threat on any member of the coalition. But NATO has no assets to deploy in the cyber domain. Each member has carefully managed its own cyber-attack techniques, tools and strategies. They each know the vulnerabilities and weak spots of their foes, and all of their peers in NATO. NATO cannot deploy assets to mitigate a cyber-attack,” Crosby added.