Thus, in questions related to international peace and friendly relations in cyber domain, the implementation of Article 5 is tightly related to how nations will perform on “Article 4 preparedness” – i.e. general cooperation on combating cyber crime, exchanging information about threats and defences etc. Collective defence will reside in individual defence. Individual defences (by country, organizations, entities) need to be coordinated and concerted to avoid legal gray areas that allow “evil-doers” (as in the case of so-called “patriotic hackers” or outright espionage) to escape legal accountability . . .
Therefore, Article 5 preparedness starts with Article 4 preparedness – determining what potential responses can be taken within a country and between the countries, what is the balance between military and other types of involvement in conflict resolution. Furthermore, issues such as proportionality of response, consensus of the Allies as regards what consists the appropriate severity for NATO to take any action, and what type of force and action will be engaged, need to be considered. Not to mention the issue NATO has already had to grapple with in the post 9/11 world: who is responsible? How do we determine who is responsible? And what do we do when there is a disagreement within NATO about responsibility, as imagine there might well be. (photo: Hindrek Maasik/Office of the President of Estonia)