NATO’s role in the cyber domain is unclear.

Uploaded on 2015-11-06 in NEWS-News Analysis, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

slide_6.jpgArticle 5 of the NATO Treaty

NATO’s role in the cyber domain remains unclear. Clearly, NATO will seek to protect its own networks and platforms. Yet, the extent to which NATO’s remit expands further remains to be seen. 

It is unclear how Article Five will apply to cyber attacks. Clearly, petty cyber crimes and financial fraud are outside of NATO’s remit. However, it is at least plausible that Article Five could be invoked if a state experienced a serious cyber attack on critical national infrastructure. An attack threatening vital goods and services, such as the provision of electricity or water, would be regarded as a significant incident that could potentially justify the use of Article Five in response to a cyber attack. 

Equally unclear, is what a NATO response would look like. If the intended strategy is to respond to serious cyber attacks in kind, NATO would have to develop its own cyber weapons. This would be problematic given the inexperience and technical limitations of a NATO workforce that has not previously operated in the cyber domain. Alternatively, NATO could respond to cyber attacks through more traditional expressions of power: via armed soldiers, missiles, navy vessels, and fighter jets. Although potentially more viable, precedents over the point at which a cyber attack merits a physical or kinetic response are yet to be established by the international community. 

The Tallinn Manual, produced by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), has, has sought to respond to some of these questions by exploring how international law can be applied to cyber conflicts. However, the study is regularly misunderstood. Although commissioned by the NATO CCDCOE, the Tallinn Manual does not represent NATO doctrine and is purely an academic, non-binding study, intended to make a start in answering some of the contentious legal questions posed by cyber conflicts. In this regard, whilst the Tallinn Manual makes an important academic contribution, it by no means clarifies NATO’s evolving role in the cyber domain. 

Although NATO has adapted to evolving security threats before, the cyber domain offers altogether new challenges. 

First, there are a number of flaws in the militarisation of the cyber domain. The majority of those with the necessary technical skills to respond to the cyber security challenges work outside of the military sector. In addition, a large proportion of the infrastructure within the cyber domain is privately owned and operated. This prevents NATO from making a substantial contribution to its protection. Crucially, NATO does not have any rights, or powers, to intervene in the private sector. Given NATO’s current lack of expertise in the area, private sector firms are unlikely to welcome NATO assistance. 

Second, not all NATO members agree on the role the organisation should play in the cyber domain. Given the sensitivity of information, states such as the US and UK appear to prefer close collaboration with only a small group of trusted countries. Intelligence-sharing platforms such as Five Eyes (between the US, Canada, UK, Australia and New Zealand) are preferred. In this regard, small, high-trust cooperation forums may be viewed more favourably in the cyber domain when compared to other security domains.

From NATO’s original remit to provide collective defence in a post World War period, the organisation has evolved numerous times, adapting to the challenges faced by the Cold War, the breakup of the Soviet Union, and the emergence of terrorist cells and other non-state actors since 9/11. Although the cyber domain brings altogether new challenges, it would be unwise to write NATO off just yet. 

Jamie Collier:

 

« IBM Watson's Goodbye To Privacy
Russian Air Crash Investigation Changes The Encryption War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Advent IM

Advent IM

Advent IM is one of the UK’s leading independent cyber security specialists, with a unique approach to providing holistic security management solutions.

Synovum

Synovum

Synovum was formed with the intention to provide high quality advice, consultancy, training and project management services to clients in all sectors of industry.

Hitachi ID Systems

Hitachi ID Systems

Hitachi ID Systems offers comprehensive identity management and access governance, privileged access management and password management solutions.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

UpGuard

UpGuard

UpGuard's discovery engine brings visibility to complex IT environments, enabling teams to identify risk, confirm compliance and make business safer.

National CyberWatch Center

National CyberWatch Center

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

ADGS

ADGS

ADGS is a deeptech company focused in the fields of Agent-Based simulations (Emergent Behavior), Cybersecurity and Biometrics, Social Dynamics, Natural Language Processing and Artificial Intelligence.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

IDECSI

IDECSI

IDECSI delivers cutting-edge technology and engages all employees in the security system for effective and cost-efficient data protection.

Omantel Innovation Labs

Omantel Innovation Labs

The Omantel Innovation Labs is a platform to enable startups and innovators to develop and commercialize solutions within selected technology verticals including cybersecurity.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.