Cyberspace is likely be declared a domain of warfare at NATO’s Warsaw Summit. The cyber domain is an integral part of modern wars, conflicts and crises, and therefore also a key part of NATO´s current and future operative security environment. Since cyber topics should primarily be approached from the perspective of multidisciplinarity and strategy, NATO member states will need to make many commitments. Since the cyber domain is primarily a political domain, political decisions are especially crucial in Warsaw to strengthen NATO´s cyber readiness.
The need for ambitious decisions in Warsaw and beyond is driven by the accelerating threat. Tensions with an unpredictable and aggressive Russia are high and rising, while extremist groups like Daesh (known to some as ISIL) are creating chaos and instability.
Russia has already integrated offensive cyber capabilities, including denial-of-service, malware, and advanced social engineering skills, into its broader foreign and security policy arsenal. Threat actors linked to Russia regularly conduct operations against NATO countries with the aim of stealing information, undermining trust, and influencing opinion. Unfortunately, the Ukraine grid attack also demonstrates a capability and intent to to attack critical infrastructure.
Russia has declared its investment into capabilities that can be used to attack an adversary’s stock markets, energy providers, and military command-and-control systems. Daesh, on the other hand, has primarily used globally interconnected networks for recruitment, inspiration, information sharing, and coordination. However, it is clear that it is also seeking to acquire more extensive capabilities and would not shy away from causing destruction if possible. There can be no doubt both of these actors must be taken seriously and approached collectively not just in the land, sea, air, and space domains, but also in the cyber domain.
One key issue for the alliance’s credibility is to raise the level of cyber resilience in all member states to a new level. At the moment the landscape of preparedness is quite uneven between member states. Capability targets must be introduced into NATO´s defense planning processes and thus increase the trust levels between member states, particularly in the context of hybrid warfare.
Decisions must be taken in Warsaw to improve the quality and cooperation of network defense in all member states and to enhance rapid responses to cyber attacks. NATO should undertake a program to utilize cyber framework nations to help less-capable nations get the required cyber capabilities in place. The cyber mindset must also be changed from a technology-focused approach to an operational one. This is a key point for the Warsaw Summit. The operative and strategic views about cyber defense must be strengthened.
Developing the most important asset of cyber – human capital – should also be discussed at the Warsaw Summit. Even if there is an ongoing “cyber arms race” in the world, the most frantic part of the race is about talented individuals. In this field NATO countries can support each other and provide new educational possibilities for skills inside the alliance. Processes best developed during training are an important part of cyber defense. A key function is practicing political decision-making processes. To improve cyber defense, NATO must increase the quantity of both technical and strategic cyber security exercises among member states (and partnership countries) and efficiently train its own “cyber soldiers” and “cyber strategists”.
NATO´s current security environment can be defined as “unpredictable instability.” Situations are changing rapidly and cyberspace is being used and attacked in more sophisticated ways. It is crucial for NATO to possess an early warning and trust-based information sharing system. This leads to the need to deepen cooperation with private sector industry, which owns the major part of NATO´s networks including that moving to the cloud. Cooperation is also important from the innovation point of view, since innovations are imperative for the development NATO´s cyber capabilities and for best utilizing emerging technologies such as blockchain.
NATO must take substantive steps forward on capacity-building, training and education, exercises, information sharing and situational awareness at the upcoming Warsaw Summit. However, it should do so as part of a long-term, strategic process of integrating the cyber domain into collective defense. This applies along the entire spectrum of activities, from teaching cyber hygiene to preparing for, and responding to, large-scale and multi-dimensional attacks.
In Wales, NATO agreed that cyber attacks can threaten Euro-Atlantic stability, security and prosperity. They can therefore trigger Article 5 responses on a “case-by-case” basis and in line with international law. If or when that happens, though, Allies must be ready to act quickly and decisively – in minutes and hours rather than days or months. However, serious work remains to be done by member states to individually decide what would constitute a cyber attack that rises to the level of armed attack. Next, disparities must be eliminated beforehand around the NATO table. The current public policy of “strategic ambiguity” is good for frustrating adversary decision-making, but it must be backed up by unity behind closed doors. Furthermore, not only should NATO develop a shared understanding of what constitutes a cyber attack that would elicit a collective defence response, it should also consider the nature of that response. Allies should be prepared to use the entire range of national power, including economic, judicial, law enforcement, and even military responses to respond in proportion to any kind of armed attack against any ally, including a cyber attack.
In the next five years, NATO should develop several key capabilities to adopt a comprehensive and strategic approach to the cyber domain. These include the use of active defence techniques such as honeypots and beacons for adversary identification and attribution, as well as shared offensive capabilities to enable collective cyber defence responses in line with international law.
Furthermore, the alliance should move slowly yet ambitiously toward the creation of a NATO Cyber Command that is analogous to planning and operational units in other domains. These, together with the defensive initiatives mentioned above, are some of the requisite steps to building NATO deterrence for the cyber domain. Cyber operations will only continue to become an ever-more important part of warfare; NATO needs to support diplomatic and political processes but cannot be caught flat-footed when responding to current and future threats to the security of the Alliance as a whole. NATO is threatened by adversaries who employ cyber attacks as political tools; it must find the political will among member states to be prepared for defensive, yet proportional responses.