A relative latecomer to the cyber game, NATO is beginning to “operationalize” cyber capabilities into its overall structure by integrating those tools of member nations, said the alliance’s secretary general.
“We are tackling increasingly complex cyberthreats faster and more efficiently. And we are more aware of the threats, more resilient to incidents,” Jens Stoltenberg said May 23 at the Cyber Defense Pledge Conference in London. “We also need to consider how we can deter attacks in cyberspace.”
Top NATO officials have long maintained that the 29-nation alliance is defensive in nature with a mission of deterrence, implying that the body itself doesn’t engage in offensive maneuvers, including in cyberspace.
As such, Stoltenberg noted that part of deterring cyberattacks is attribution.
“Cyber attackers must know that they will be exposed,” he said, citing a thwarted attempt by Russian intelligence operatives to hack the Organisation for the Prohibition of Chemical Weapons in the Hague in October.
Conversely, Stoltenberg said, NATO must be ready to use cyber capabilities to fight enemies.
NATO has walked a fine line as a defensive organization, relying on the individual capabilities of member states. As an example, Stoltenberg pointed to allies conducting cyber operations against the Islamic State group in Iraq and Syria.
“By using national cyber effects, or offensive cyber, they suppressed ISIS propaganda, degraded their ability to coordinate attacks and disrupted their recruitment of foreign fighters,” he said. “We have agreed to integrate national cyber capabilities or offensive cyber into alliance operations and missions. All of this has made NATO more effective in cyberspace.”
Several experts have said members states that are both willing and capable of offensive operations number about a half dozen. Without a NATO-owned offensive capability, officials have noted that contesting adversaries in cyberspace is no simple endeavor.
The challenge is making sure cyber capabilities are available as much as those of other domains, according to Maj. Gen. Wolfgang Renner, the deputy chief of staff for cyberspace at Supreme Headquarters Allied Powers Europe.
“This is true for the air, the land, the maritime domain, and it has to become true — I’m careful on that — for the cyber domain or cyberspace as a domain of operations,” he said at a November 2018 conference. “This is what really we have to find out, and I address this is a difficult part because NATO is defensive and is a defensive alliance.”
And adversaries must be wary that cyberattacks could engender responses in other domains, said Stoltenberg.
“For deterrence to have full effect, potential attackers must know that we are not limited to respond in cyberspace when we are attacked in cyberspace. We can and we will use the full range of capabilities at our disposal,” he said, reiterating that a cyberattack on a member state could trigger the famed Article 5, in which an attack on one member is considered an attack on all members.
“For 70 years, NATO has kept our people safe in the physical world. Now NATO needs to do the same in the cyber world,” he added. “We have seen that now in cyberspace we had a remarkable increase in our capabilities to defend our networks to stand together, to integrate offensive cyber intermissions and operations, and we have done that over the last years.”
However, NATO is not responsible for defending individual member nations in cyberspace; members agreed in 2016 to boost their respective cyber defense capabilities.
But in July 2018, NATO created a Cyber Operations Center. It opened in August 2018 with a three-pronged mission:
- Provide situational awareness in cyberspace.
- Plan allied cyberspace operations.
- Manage the execution of operations.
The center’s deputy director, U.S. Air Force Col. Don Lewis, wrote that it serves as the theater component for cyberspace similar to how geographic commands cover specific physical domains. The center executes operational-level and strategic missions to provide commanders with domain advice, planning support and capability integration.
Just as in the physical space, but in some cases more pertinent in the cyber domain, deconfliction of efforts is critical to ensure friendly forces aren’t interfering with each other and compromising the mission. The center seeks to play a part in that role.
“But still," he noted, "it’s a national responsibly, fielding and offensive effect[s].”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.