Following the September 11 terrorist attacks in 2001, the United States took over as the first nation in NATO history to invoke Article 5, the organization’s premise that the attack on a single country can be an attack on all its member countries.
The rarity of the act is the reason why some officials raised eyebrows when NATO caused it to be clear a year ago that a large-scale cyberattack against a member nation could now trigger the identical response.
But has any event come close to that particular level?
“Some of the items which may have happened have become serious,” said Jüri Luik, Estonia’s defense minister. “Whether it will constitute an act of war, I think we haven’t risen fot it level, yet.”
Although small in proportions and budget, Estonia is widely acknowledged as a pacesetter in cyber defenses, due simply to necessity. Among the most wired nations on earth, Estonia famously suffered a massive digital attack in 2007 that sent the united states into a flurry of investing in digital defenses. The country can be where you can NATO’s cyber center of excellence.
Luik, speaking to Fifth Domain within a recent stop by at Washington, did however, raise concerns with what dangers may already be planted in existing systems.
“One even offers to bear in mind that, you understand, you will find news being released often that bugs are found, as an example, inside electricity grid or perhaps in a few other systems. This is all preparatory work,” he was quoted saying. “So if somebody desires to make a move, then these are generally capabilities that are built with time for your system, so that at Point Zero, this will all be started rapidly.”
Like a number of other institutions, NATO faces the challenge of members who simply don’t want to share much information regarding cyber capabilities.
“When you talk with each other concerning the attacks, then you definitely usually also relay your weaknesses. And you don’t want everybody to find out your weakness,” Luik said. “So people are quite cautious, actually, in describing attacks with their system.”
Andrea Thompson, U.S. Undersecretary of State – Arms Control and International Security, agreed that concerns about sharing are a concern, but expressed optimism it may be worked through.
“I think everyone recognizes it requires to be achieved. It’s just, ‘What is the way to get it done?,’” Thompson, told reporters Sept. 7. “We view it internally between public-private partnerships, between companies and defense. We’re not by yourself. we’re only one ones that are experiencing that struggle.”
The upside, Luik said, is always that NATO has “found a smart way of exchanging information really sound, confidential setting,” which is helping to thaw that information sharing issue one of the nations.
More than that, he explained NATO is placed for the near-term with the way handles cyber operations. He compared the existing setup to to the structure which includes existed for many years with the alliance’s nuclear capabilities through which NATO acts as a possible organizational hub but national governments offering their own capabilities.
“NATO itself doesn’t have a big cyber defense capability. These capabilities are derived from national governments plus they can be used using the agreement of governments, especially the offensive” capabilities,” Luik said. “NATO doesn’t have offensive capabilities but there are NATO countries that have considerable offensive capabilities.”
And Luik sees another comparison between cyber and nuclear. “There hasn’t been a genuine big cyberattack against another country which may utilize each of the fearsome cyber weapons which can be in the hands of many governments.
“People are wary of it given that they realize that, you do it, it works extremely well against you also. So there is actually this strange, strange balance of fear, not only in the nuclear issue, but in addition in cyber.”