Report: NATO members need to work on cyber resiliency

"It is now up to the Allies to find the willpower for changing NATO’s outlook, including the cyber future"

From Haly Laasme, Cicero Foundation:  NATO’s Global Commons Report seems to suggest that because the new Strategic Concept committed NATO to a strong defence posture in cyberspace, it would also somehow assure the Alliance  to be at the front edge in assessing the security impact of emerging challenges.   This expectation might be attainable but definitely not  while NATO suffers from a dichotomy between two contradictory perspectives. The Alliance as an institution appears to believe that it is as advanced as its strongest Ally, while the Allies separately seem to believe that NATO is as robust as its weakest link. Hence, for NATO to advance beyond its ‘catching up’ mode in the cyberspace, it has to critically analyze and acknowledge its current posture, because one cannot advance unless it accepts its vulnerabilities. As Charles R. Schwenk implies that under prior hypothesis bias, “decision-makers who believe that  the institution’s current strategy is successful may ignore information suggesting gaps between performance and expectations.”

Furthermore, it is imperative for NATO to realize that cyberspace is not just an increasingly contested domain but is also inherently contradictory. In cyber space everything thrives reciprocally and the cliché ‘what goes around comes around’ is truly an accurate description of its character. Indeed, in cyberspace even good intentions can produce dreadful consequences when the code or interfaces have been modified from their original status. For instance, the net-centric architectures, like systems based on virtualization and cloud computing, do not only enhance operational effectiveness but also attack surface vulnerable for single point of failure where the payoffs for compromising the system are more generous. That is why the U.S. Air Force Scientific Advisory Board emphasizes that the Allied military forces have to be capable to “fight through and continue to operate” in the presence of compromised systems. Allies need to work on mission resiliency because none of them  possesses capabilities to guarantee the resilience of the whole cyber infrastructure in the presence of persistent cyber attacks and counterattacks. . . .

NATO’s Treaty and defense strategy have  to be capable of confronting an asymmetric warfare with hybrid threats that the existence of cyberspace has made readily obtainable. To win asymmetric war one requires enhanced intelligence that can be only achieved through better exploitation of knowledge and timely exploitation of new technologies, but unfortunately NATO as an institution currently lags behind most of its members in both. To enhance innovation and development of technologies  NATO has to encourage progressive collaboration across Allies’ defense industrial base.  However, NATO will be able to support acquisitions and enhance its NEC only if it learns to utilize public funds efficiently, effectively, and transparently, because it needs taxpayers’ support for developing and maintaining a strong posture on the global arena. Paradoxically, to become more robust, NATO requires more advanced and dynamic capabilities that are envisaged for the next generation NEC/NCO, but which the Allies cannot obtain and sustain without advanced cyber security. Consequently, for improved cyber security Allies have to promote superior digital awareness which can be only achieved through well developed strategies. 

A robust strategy, including a cyber security strategy, is built on the idea that uncertainty is omnipresent and thus the future is unpredictable. All that Allies can do is minimize the risks and increase the probability for success by preparing alternative and back-up plans for the means and ways that have to lead to the acceptable ends.  Even though the Estonian cyber incident might have helped the Alliance in realizing its past mistakes and how it was behind in cyberspace, it is now up to the Allies to find the  willpower for changing NATO’s outlook, including the cyber future. At the same time keeping in mind that they have to ‘hang together’ if they don’t desire to ‘hang separately’ because none of them would be capable of facing the more complex and resource demanding next century alone. 

Excerpts from "The Role of Estonia in Developing NATO’s Cyber Strategy," by Haly Laasme, Foreign Policy and Security Analyst, Estonia.  (graphic: Commissum)

Image: commissum%2012%2020%2012%20NATO%20cyber.jpg