You will be redirected to the page you want to view in  seconds.

Is NATO prepared for cyber war?

Jun. 26, 2014
How would NATO's mutual defense clause apply to cyber war? Nobody really knows, acknowledges Lt. Gen. Mark Schissler, deputy chairman of the North Atlantic Treaty Organization Military Committee.
How would NATO's mutual defense clause apply to cyber war? Nobody really knows, acknowledges Lt. Gen. Mark Schissler, deputy chairman of the North Atlantic Treaty Organization Military Committee. (File)

The North Atlantic Treaty Organization’s most powerful tool is its collective defense clause, Article 5, which requires NATO member states to come to the aid of any other member state that comes under armed attack. But that tool would be of little use in cyber war, NATO officials acknowledge.

Article 5—which has been invoked only once, after the attacks of Sept. 11, 2001—is one of the world’s guiding laws of armed conflict, but until recently, little attention has been paid to applying the rule to cyberspace. That’s changing, according to NATO officials.

“It’s important work and I think the alliance recognizes we need to get underway with that, but first we need to understand what we think about cyber…and then think about whether we’re going to put in change that would specifically address cyber aggression into article 5 or leave it as it stands,” Air Force Lt. Gen. Mark Schissler, deputy chairman of the NATO military committee, said June 25 at the AFCEA cyber symposium in Baltimore. “Obviously [that is] huge work for technicians and for lawyers, separate from ambassadors and mill-runners.”


Why Europe is a sitting duck for cyber attacks

Agency heads hash out critical infrastructure protection roles

Major questions surround exactly how Article 5 would be applied in cyber conflict, Schissler said. Much remains to be determined, starting with the very definition of a cyber attack and what would constitute enough of an incident to trigger an international response under Article 5. It’s particularly unclear since a purely cyber-based attack—unattached to any related traditional or kinetic conflict—has not really happened yet.

“We don’t know exactly know how to define Article 5 in cyber, and that’s work yet to be done,” he said. “The question might assume that there’s something that was purely a cyber attack that would be separate from any other form of action. We actually haven’t seen that; we’ve normally seen it in some combination. Article 5 was, along with many other parts of NATO documents, written at a time when cyber wasn’t addressed, so we may have to update that. But we haven’t figured that out.”

(Page 2 of 2)

According to Melissa Hathaway, president of Hathaway Global Strategies and former acting senior director for cyberspace at the National Security Council, there are some helpful materials emerging to help guide the decision-making surrounding international cyber policy. Among them: the Tallinn Manual, a NATO-commissioned manual written last year by several dozen cyber experts that builds on existing international law.

The Tallinn Manual has “really informed the NATO conversation, as well as the global conversation, on how the laws of armed conflict would actually apply in the cyber world, giving us the parameters of left and right – how we should think about thresholds, proportionality [and] measured response,” Hathaway said. “To what extent does a disruption of service or disruption of property meet the threshold of LOAC? And what would activate Article 5 of the alliance? There’s still a lot more to go.”

The manual is named for the Estonian city that famously underwent a series of cyber attacks in 2007 – an incident that stands out as a defining moment in the history of cyber conflict. The world has learned much about the problem from and since the attacks on Estonia, and those lessons continue to emerge as the international cyber law debate takes shape.

“It’s so difficult to identify, sometimes, when you are already in crisis, when you are attacked. And sometimes the effects are not just your website is damaged or closed; sometimes effects might be very different – train accidents or accidents in energy systems,” said Lt. Gen. Johannes Kert, military representative of the Estonian Delegation in NATO’s Cooperative cyber Defense Centre. “Later, you understand the reason. You may not catch it immediately. Cyber is such a complex thing, it makes it really difficult to identify who’s behind it. Deniability is still the beauty of the game and attackers end to use it.”

More In C4ISR & Networks

More from this channel

  1. Boston Engineering's BIOSwimmer. The company also makes the GhostSwimmer. Boston Engineering

    Is that a tuna or an unmanned underwater vehicle?

    The Pentagon tests a UUV about the size of a large fish.

    • Dec 18, 2014
  2. The Office of Naval Research's Tactical Cyber Range was deployed by the Marines during a multinational Bold Alligator exercise last month off the Virginia coast. Corbin J. Shea/ / Navy

    Marines test Navy's cyber range

    Office of Naval Research also tests augmented reality glasses during Bold Alligator.

    • Dec 18, 2014
  3. Taiwan shows off UAVs

    Taiwan's military displayed its unmanned capabilities this week.

    • Dec 18, 2014
  4. Israel Aerospace Industries' Heron UAV will be employed in the Republic of Korea. Israel Aerospace Industries

    Republic of Korea Army selects Heron UAS

    The service chose Israel Aerospace Industries' unmanned aerial system as part of an upgrade project.

    • Dec 18, 2014
  5. No longer DoD's cloud broker, DISA is now responsible for issuing provisional authorization to cloud providers that meet DoD's criteria. File

    DoD releases new federated cloud procurement policy

    With DISA out as cloud broker, policy outlines roles and procedures intended to speed up cloud acquisition.

    • Dec 17, 2014
  6. Italian Air Force Reapers will be used to monitor crowds in Italian cities. Imperi Roberto / Italian Air Force

    Italian Reaper drones to be used for crowd monitoring

    As their deployment to Afghanistan comes to an end, unarmed Italian Reaper UAVs are to be used to monitor soccer games and demonstrations in Italy's cities, following a deal struck between the Italian Air Force and the country's police forces.

    • Dec 17, 2014

More Headlines

Slideshow Stories

Daily intelligence on C4ISR and networks

There's no better way to know what's going on every day in areas like UAS and sensors, GEOINT, C2 and communications, cyber, mobility and defense IT, than to sign up for our daily C4ISRNET newsletters. The news will come right to your inbox, along with commentary and insight from our lineup of senior-level bloggers.

Sign up is easy and quick.

Subscribe for Print or Digital delivery today!

Industry Circle

Your free source for the latest insights, trends, technology and forward thinking from industry leaders.

Visit today!