NATO’s Cyber Threat

Cyber Attacks and NATO

From James Joyner, the National Interest:  As the North Atlantic Treaty Organization completes its new Strategic Concept, it should be resist expanding its guarantee of automatic response to include cyber and other unconventional attacks. Otherwise, it may fracture the alliance while, perversely, decreasing security against said actions.

In a February speech to the Atlantic Council, Secretary of State Hillary Clinton strongly suggested that attacks on allied cyber and energy infrastructures should be reconsidered attacks under Article 5 of the NATO Charter, declaring that “in the 21st century, the spirit of collective defense must also include non-traditional threats.” Under questioning, she added, “we have to be willing to get behind the new challenges that are posed to member states and be ready and willing and able to create not just a new strategic concept but the operational abilities to provide that collective defense.”

Last month, the Group of Experts, led by Clinton’s predecessor, Madeleine Albright, issued  report concluding that “cyber assaults of varying degrees of severity” are among the three “most probable threats to Allies in the coming decade,” while the threat of conventional military attack was “slight.” Therefore, they concluded, NATO must rethink “its conception of what constitutes an Article 5 attack.”

The Group was cautious:

The next significant attack on the Alliance may well come down a fibre optic cable. Already, cyber attacks against NATO systems occur frequently, but most often below the threshold of political concern. However, the risk of a large-scale attack on NATO’s command and control systems or energy grids could readily warrant consultations under Article 4 and could possibly lead to collective defence measures under Article 5.

This, and other qualifiers in the report, indicate that the group isn’t suggesting that any cyber attack would be grounds for collective retaliatory action, merely that it’s conceivable a particular attack might.

That seems reasonable enough and is certainly a matter that deserves discussion within NATO. Indeed, I have it on good authority, it’s in fact being discussed frequently. But, while it makes sense for the allies to draw up contingency plans and reinforce their cooperation and capabilities in this burgeoning arena, we should stop short of formally declaring what precise set of circumstances would allow Article 5 to be invoked.  (graphic: Economist)

Image: economist%207%203%2010%20cyber%20threat%20Matt%20Murphy.jpg