NATO Updates Policy: Offers Members Article 5 Protection Against Cyber Attacks

NATO updates its cyber policyReflecting how all international conflicts now have some digital component, NATO has updated its cyber defence policy to make it clear that a cyber attack can be treated as the equivalent of an attack with conventional weapons.

The organisation’s new cyber defence policy clarifies that a digital attack on a member state is covered by Article 5, the collective defence clause. That states that an attack against one member of NATO “shall be considered an attack against them all” and opens the way for members to take action against the aggressor — including the use of armed force — to restore security.

That NATO is updating its cyber defence strategy now shows how rapidly cyber warfare has jumped up the agenda. While defence strategies are usually expected to last a decade, its last cyber strategy was only published three years ago.

Jamie Shea, deputy assistant secretary general for emerging security challenges, told ZDNet: “For the first time we state explicitly that the cyber realm is covered by Article 5 of the Washington Treaty, the collective defence clause. We don’t say in exactly which circumstances or what the threshold of the attack has to be to trigger a collective NATO response and we don’t say what that collective NATO response should be.

“This will be decided by allies on a case-by-case basis, but we established a principle that at a certain level of intensity of damage, malicious intention, a cyber attack could be treated as the equivalent of an armed attack.”

The new policy has been approved by NATO defence ministers and will be endorsed at its Wales summit in September. Other elements of the policy will help improve information sharing and mutual assistance between allies, bolster NATO’s cyber defence training and exercises, and boost cooperation with industry.

“It takes account of the fact that all of the major international crises that we’ve seen recently looking at Georgia, Syria and now Ukraine have a rather big and ongoing cyber dimension which shows that a lot of sophisticated methods and techniques are being employed,” Shea said.

“It’s certainly meant as a deterrent. It’s not meant to be escalatory, but a signal that NATO is not defending itself only in 20th century terms.”

Steve Ranger is the UK editor-in-chief of ZDNet and TechRepublic, and has been writing about technology, business and culture for more than a decade.

Image: NATO updates its cyber policy (graphic: NATO)