NATO’s Cyber Defense Mission and Capabilities

On November 5, the Atlantic Council hosted a discussion on NATO’s new enhanced cyber defense policy, the organization’s cyber mission and capabilities, as well as where the role of the private sector fits into the equation. The Cyber Statecraft Initiative gathered H.E. Sorin Ducaru, assistant secretary general for emerging security challenges for NATO; Christopher Painter, coordinator for cyber issues at the US Department of State; and Jason Healey, director of the Cyber Statecraft Initiative for this discussion moderated by Vago Muradian, editor for Defense News.

The three layers of the enhanced cyber defense policy Ambassador Ducaru described are the recalibration and enhancement of the cyber defense paradigm within NATO; reinforcement of capability development and capacity building; and reevaluation of partnerships and governance in the area of cyber defense. All three panelists emphasized that while the new NATO cyber policy is a notable accomplishment in a way NATO conducts business in cyber defense area, a continued emphasis on involving the private sector is essential.

Mr. Painter focused on the importance of engagements, with not only the private sector and international organizations to ensure stability in cyberspace, but also with countries who do not share the same rules and norms. Through open dialogue and confidence-building measures with these countries, transparency, cooperation, and trust can be built in cyberspace.

Panelists also discussed the application of collective defense to the cyber domain. Ambassador Ducaru explained that in any domain, Article 5 is invoked by political consensus on a case-by-case basis. It was never designed to be triggered by a certain threshold. Mr. Healey stated that if the question to invoke Article 5 ever arises, it will be easier to determine than is commonly believed. This is due to the fact that a truly impactful cyberattack is unlikely to occur with a single key stroke but will unfold over weeks or months in a context of a larger crisis.

This event accompanied the release of two new Atlantic Council publications. The first, NATO’s Cyber Capabilities: Yesterday, Today, and Tomorrow, analyzes the development of NATO’s capabilities. The second publication is a report, entitled Confidence-Building Measures in Cyberspace: A Multistakeholder Approach for Stability and Security, that contains a diverse set of avenues to increase stability and build confidence in cyberspace without extensive legal or political action by states.

Related Experts: Jason Healey