From Jason Healey, the New AtlanticistNow that NATO’s Operation UNIFIED PROTECTOR over Libya is winding down, it is worth noting how few cyber incidents were directed in protest against the Alliance.  Certainly, there was a cyber component to the liberation of Libya, but it was more about content and Internet freedom (the most newsworthy elements here were the role of social media and the Libyan government taking large parts of the nation offline). But compared to past history, NATO cyber defenders had a relatively easy time. . . .

Hactivist groups supporting Arab and Muslim causes have been exceptionally active in the past, such as against Israel (as early as 1999) or against Western and other governments as part of the “e-Jihad” movement (like the hacker Irhabi 007). There are several possible explanations for the relative lack of hactivist response against NATO’s Operation UNIFIED PROTECTOR:

1.       NATO worked with Libya’s neighbors and the world. For Libya, NATO only became involved after securing a mandate from the United Nations Security Council and with approval from the Arab League. This credibility almost certainly defused anger from hactivist groups who saw the operation as one to help, not hurt, Muslims. By comparison, when NATO began operations in support of Kosovo, Slav nationalists were outraged and fuelled by comments from their political and cultural leadership. 

2.       Hactivist groups were distracted. Online hooligans that might otherwise have still wanted to counter perceived Western aggression in Libya were perhaps distracted by other events. Groups supporting Arab and Muslim causes might have been involved in other operations against the West (such as in support of Palestine, Iraq, or Afghanistan) or as part of the general Arab Spring uprisings. Other hactivist groups could have been engaged in the ongoing development of WikiLeaks, and the “anti-sec” campaign of Anonymous and LulzSec.

3.       NATO has better defenses. NATO’s cyber defenses still needs improvement, but they are far better than in 1999. It may be that they have been attracting many attackers, but have been able to fend them off. Indeed, it was partially the 1999 incidents during ALLIED FORCE that drove NATO’s leadership at the 2002 Prague Summit to create the NATO Computer Incident Response Capability (NCIRC).

Any or all of these explanations may be true and we may never know what the truth really is. At a minimum, though, NATO can take extensive credit for making the conditions possible for both the first and third explanations. The Alliance has acted in accordance with global consensus and in coordination with like-minded partners; it has also been working to improve its cyber defenses. It will have to continue doing both of these things if it is to avoid and survive future cyber assaults. 

Jason Healey is the Director of the Cyber Statecraft Initiative at the Atlantic Council of the United States. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey. This blog is the first of a periodic series on cyber conflict history.