A Cyber Attack On NATO Could Trigger Article 5

Uploaded on 2022-03-10 in NEWS-News Analysis, GOVERNMENT-Defence, FREE TO VIEW

Few nations have sophisticated cyber capabilities and for operational security reasons, they are closely guarded, rarely shared, and carefully used.

The US Senate Intelligence Committee Chair Mark Warner warned Russian President  that waging a cyber attack against a NATO country could risk embroiling Moscow in a war against multiple Western governments, including the United States. 

In 2019 NATO Secretary General Jens Stoltenberg said all 29 member countries would respond to a serious cyber-attack on one of them.

Recently a NATO official told Reuters that a cyber attack could be considered an armed attack and trigger "Article 5," it was a significant moment. How significant is harder to judge. "Article 5" is NATO's holy grail, the core of what NATO is about. It is part of the Washington Treaty, signed in 1949, that set up the North Atlantic Treaty Organisation, which started with 12 members and now has 30.

Article 5 states, "The Parties agree that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all."

Mircea Geoană, Deputy Secretary General of NATO, says that when the alliance decided that cyber should be considered an “operational domain,” the bloc also made the call that a “massive cyber attack” on one member state could trigger Article 5 of NATO’s Washington Treaty. This strikes at the heart of the alliance’s defense clause, which states that an attack on one country is considered an attack on all allies.

So, for instance an attack on Poland is effectively the same as an attack on the United States, a powerful deterrent to a potential aggressor, but of course life is never that simple.

For decades it seemed simpler, as an armed attack would be obvious and NATO nations would respond with tanks, artillery, and warplanes. Now, in our new world, nations can be undermined through information warfare and infrastructure crippled by cyber attacks, often difficult to trace.

How NATO should respond to such attacks created much debate, first on the principles of whether a cyber attack could be considered an "armed attack," and secondly if it is, what to do about it.

So, if for instance Poland was attacked with tanks, individual nations are not obliged to respond with military force. Article 5 is powerful but how nations individually respond, with a lot or a little, is still up to them. Nevertheless, a conventional military attack on a NATO nation would get a massive response. Deterrence has worked.

But when we move into the grey zone of "hybrid warfare" that response is harder to predict.

This is one of the aims of Russian strategy towards NATO, to achieve its goals while operating below the threshold that will trigger Article 5. On cyber, those waters will be even muddier given how deniable activity is within cyberspace. In 2014, NATO's leaders made cyber defence a core part of collective defence but policy and activities to implement that decision are still evolving. To that end, for instance, it has a technical agreement with the European Union and a NATO Industry Cyber Partnership. At SHAPE, NATO's military headquarters, there is also a Cyberspace Operations Centre.

Currently, NATO is far more focused on defensive cyber, to secure its systems from attack, and the nature of that is a point of debate.

Some commentators say that passive cyber defence, where you simply build up your virtual walls, leaves the initiative with your adversary, enabling him to probe without consequence until he finds your weak point. Effective defence means also going after the attacker and forcing him onto the back foot, so-called offensive cyber. That is also what would be needed if NATO's responding to an Article 5 breach.

 NATO as an institution does not possess significant cyber capabilities. When it comes to activities, NATO is a command and control organisation using hardware and personnel loaned by members.

Few nations have sophisticated cyber capabilities and for operational security reasons, they are closely guarded, rarely shared, and carefully used. That means if a cyber attack did trigger NATO Article 5, then the actual use of cyber weapons would be outsourced to nations for use on behalf of the Alliance in a coordinated manner. However, as the NATO source told Reuters, a response does not have to be symmetrical, and could theoretically escalate to include a military one.

Persuading 30 nations to agree on this will be hard, and a further possibility is if NATO cannot agree there could be a so-called "coalition of the willing" operating separately. NATO has previously agreed cyber attacks could trigger Article 5, and that itself was a major decision and something of a deterrent to hostile actors. But the reality of having to act on it is now closer than ever before.

Reuters:      BBC:      Cyber Security Dive:     Daily Mail:       C-Span:      GZero

You Might Also Read: 

NATO & Ukraine Agree Deeper Cyber Co-operation:

 

« Making Sense Of The Edge
Twitter Joins Ukraine’s War Effort »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Salem Cyber

Salem Cyber

Salem Cyber builds Artificial Intelligence (AI) solutions that work collaboratively with people to address scalability challenges in cybersecurity operations.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.