Full transcript of the first panel session from the Transatlantic Security Initiative‘s November 12,2013 conference on NATO’s Deterrence and Collective Defense hosted in partnership with the Norwegian Institute for Defence Studies. 

Frederick Kempe
President and Chief Executive Officer
Atlantic Council

Damon Wilson
Executive Vice President
Atlantic Council

Barry Pavel
Vice President and Director 
Brent Scowcroft Center on International Security

Atlantic Council

Stefano Stefanini
Nonresident Senior Fellow
Brent Scowcroft Center on International Security
Atlantic Council

Svein Efjestad
Policy Director
Royal Norwegian Ministry of Defense

Jason Healey
Director, Cyber Statecraft Initiative 
Atlantic Council

Location: Atlantic Council, Washington, D.C.
Time: 9:30 a.m. EST
Date: Tuesday, November 12, 2013

Transcript by
Federal News Service
Washington, D.C.

FREDERICK KEMPE: Good morning and welcome. I’m Fred Kempe, president and CEO of the Atlantic Council.

It’s a great pleasure to invite you all to this important conference on NATO’s deterrence and collective defense, but let me put it in a little bit of historic context. The Atlantic Council was born, if you look at our official charter, in 1961, when several Atlantic clubs and groups came together at the request of Secretary of State Dean Rusk. Then in the Kennedy administration as secretary of state, he brought together Dean Aitcheson, Henry Cabot Lodge, Lucius Clay, Mary Lord and others and said, the historic moment is just too important; I need you all working together, it’s 1961, we’re facing a potential crisis in Berlin and elsewhere in the world and I need you to come together.

But the real birth of the Atlantic Council was really in 1949, just after the birth of NATO, when these clubs first came into existence. And it’s worth remembering here today that Norway was one of the founding members of NATO when that treaty was signed on the fourth of April of 1949.

I say that all because we’re at another historic inflection point. The Atlantic Council is of the opinion that this inflection point is as important as many that we’ve seen in the last century, 1919, 1945, 1989 – we’re facing the biggest shift of political and economic influence of power since the 19th century in rough terms from west to east and from north to south. But the real question is as this shift takes place, how are we going to set the rules? How are we going to make sure the values that we stand for, democracy, rule of law, individual rights, are protected?

So this is a conference about NATO, but it’s really a conference about much more than that. It really is a conference about – and it’s called “NATO in an era of global competition” – but it’s about the West, it’s about the alliance in a new era. This is also part of an 18th-month effort, which has been organized together with the Norwegian Institute for Defense Studies and has been generously supported by the Ministry of Defense of Norway.

The project was launched earlier this year with a clear purpose, to address the role of NATO and the broader trans-Atlantic community in the face of emerging security challenges, global power shifts, which I just talked about, and new disruptive technologies. We have a storm of change coming at us and we’re not moving fast enough to address it. That’s our – that’s our view as we go toward a NATO summit in the fall, in September of 2014, which is accompanied by an effort to create a Trans-Atlantic Trade and Investment Partnership across the Atlantic, which would be the biggest trade and investment agreement in history, a sort of economic NATO, if you will.

This first – the first conference of this effort with Norway, NATO in a new security landscape, took place in June, and as many of you remember, it not only identified key challenges and threats NATO is likely to face, but also sent out a message of tough love, that unless NATO does – unless NATO does adapt with foresight for this new era of global competition, it risks disintegration, disengagement and shrinking relevance in global affairs, and there is nothing to replace it.

We had no idea when we started this process what would happen thereafter. Since June, dynamics in trans-Atlantic affairs have changed dramatically. The escalation of the Syrian conflict, the work to eradicate chemical weapons from Syria, has put the Atlantic alliance to test in how we work with each other in this sort of new situation. What should the engagement of the West be in this kind of humanitarian geopolitical crisis, that is already causing massive instability in the region and beyond?

At the same time, just as we thought we’d survive the summer of Snowden, the latest revelations regarding the NSA shot the trans-Atlantic partnership straight into the heart of trust among the countries. As we take this on, we have to realize it isn’t just about this issue, but it’s really to restore trust ahead of the negotiations of the Trans-Atlantic Trade and Investment Partnership and ahead of a NATO summit next year, where we could actually end this whole process with a much stronger alliance in the U.S.-European relationship.

As the alliance heads towards its 2014 summit and continues to be troubled by the uncertain future in Afghanistan, declining defense budgets and lack of a coherent approach vis-à-vis its partners across the globe, including Russia and countries aspiring for NATO membership. It’s against that backdrop that we’re gathered here today, to help shape trans-Atlantic responses to these challenges and to define new, cutting-edge deterrence concepts in light of not only new threats and challenges, but also in the light of the new dynamics of this trans-Atlantic relationship. We have to think new, because the world is changing, and if we continue to think in old categories, we won’t succeed.

It’s no accident that we’re looking at these issues with our friends and colleagues from Norway, who have repeatedly been at the cutting edge of NATO thinking, have repeatedly been leaders in the alliance, thinking about its future and thinking about how one can work more effectively across the Atlantic. So first off, I want to thank our partners in the Norwegian Ministry of Defense, Policy Director Svein Efjestad, Director for Trans-Atlantic and European Security, Arild Eikeland (sp) and Senior Adviser Kristine Fielstadt (sp). I would also like to acknowledge our partners at the Norwegian Institute for Defense Studies, Senior Fellow Michael Mayers (sic: Mayer) and his colleagues at the IFS who are with us today.

And last but not least, I would like to thank our colleagues here in Washington, Ambassador Kåre Aas, who is fairly new to Washington, but we’re already working very closely with him and his team and we’re extremely proud for what we’ve been able to build together; Defense Attaché Rear Admiral Trond Grytting; and Defense Counselor Harald Støren, we’re working very closely with them. And I’m very glad to see an old Atlantic Council friend, Keith Eikenes, here today, as well. We did a lot of the work together with him when he was at the embassy and he’s now advising on trans-Atlantic issues at the MOD back in Norway. So thank you all for this fantastic cooperation.

Before I turn to our distinguished guests, I would also like to point out that the project is part of our broader campaign in the run-up to the 2014 NATO Summit and relates to our core programming on the future of the trans-Atlantic community. In the past weeks, we’ve hosted multiple trans-Atlantic leaders, including ministers of defense of Romania, Denmark, Latvia and Spain, and most recently, the delegation of 10 permanent representatives to NATO, led by Ambassador Doug Lute of the United States. We had German colleagues in town last week, as part of the Munich Security Conference delegation; Ambassador Ischinger’s team and Brookings organized together with us a key core group meeting of the Munich Security Conference, ahead of their 2014 meeting. And we then used Ambassador Ischinger’s presence here and featured him together with General Michael Hayden at an important conference call on the NSA spying scandal.

Last but not least, tomorrow, we have another important speaker lined up on this set of issues. Ambassador Victoria Nuland, assistant secretary of state for European and Eurasian Affairs, will deliver her first public speech in her new capacity, revolving around a new strategy for broader trans-Atlantic relationship, putting together many of these pieces I’ve been talking about. So you’re all cordially invited to join us tomorrow at 4:30 pm in this same place.

This line of programming and today’s effort are supported by the Brent Scowcroft Center and its Trans-Atlantic Security Initiative, and for that, I want to thank Atlantic Council Vice President and Director of the Scowcroft Center, Barry Pavel, veteran of the Pentagon and the White House, for his thoughtful leadership and the great work of his team, and for putting together this terrific lineup today.

The opening panel will address new challenges and tools of deterrence and how NATO should reposition its deterrence strategy to be able to face the challenges of cyber, energy and economic coercion. After the first panel, Ambassador Ivo Daalder, the former permanent representative of the United States to NATO, has – will come in from Chicago; he’s currently president of the Chicago Council of Global Affairs – to deliver his first major speech in Washington since he left his post in Brussels. And you know, ambassadors can talk a little bit more freely when they leave their positions as ambassador, so we’re looking forward to that.

And in the afternoon, we’ll look at NATO’s traditional deterrence components, including missile defense, nuclear and conventional posture and we’ll evaluate how effective it is to meet the future challenges and if and how NATO’s deterrence posture needs to be restructured and redefined, so we’ll look at the macro part of this and we’ll also look at the micro part of this.

Without further ado, I’d like to turn the floor to the panelists of the first panel, which will be moderated by our executive vice president, Damon Wilson.


DAMON WILSON: (Off mic.) Fred, thank you very much for kicking us off. I’m Damon Wilson, executive vice president here at the council. Let me just echo Fred Kempe’s welcoming to all of you in our audience, as well as to Ambassador Kåre Aas and the – our team, our partners from Norway.

This is a conference on NATO’s deterrence and collective defense. And this discussion, this session, this first panel discussion, is on the new challenges and new tools around deterrence. As Fred said, this conference today is part of a much larger project that we’ve called “NATO in an era of global competition,” and it really is a chance for the Atlantic Council, in the run up to the NATO Summit in 2014, to think long-term about where the alliance is going. In essence, it’s a project to help sharpen the purpose and relevance as the alliance, as we head into what Fred characterized as an inflection point in history. For all of you in our audience, we’re keen on ensuring that the summit next year is not just the last summit on Afghanistan, essentially, the last Afghanistan summit, but it really is a summit that kicks off a new chapter of NATO’s future, a healthy future for the alliance.

For all of you, everyone knows that during the Cold War, the alliance was about deterring deterrence, it was about deterring the Soviet threat. And post-’89, the alliance was known for outreach to the East, helping to transform former adversaries into allies, opening up the historic process of enlargement. With the dissolution of the former Yugoslavia, the alliance became very active in its first operational role and became an institution of first resort for crisis management.

And post-9/11, we saw an alliance that continued to transform, really, to tackle challenges, to tackle threats, regardless of where they may originate in terms of geography, whether that was the Taliban and the Hindu Kush, whether it was missiles originating from facilities in Iran, or whether it was from unknown hackers in cyber space, we saw an alliance beginning to think differently about its approach to security.

And the question facing us today is now what? What’s next? The Washington Treaty, which set up the NATO alliance, it doesn’t identify an enemy. At the end of the day, the alliance is about binding the security of North America and Europe together for all contingencies. It’s actually about deterrence, rather than any particular enemy.

So what does that mean in today’s world, when we have nonstate actors, new actors, global power shifts, disruptive technology, asymmetric threats? NATO has just concluded – I think, on November 8th, NATO concluded a major exercise, a multinational exercise, involving 6,000 troops from 28 nations, called “Exercise Steadfast Jazz.” This was one of the most important exercises the alliance has done in recent years, but it raises the question of what type of exercise, what type of deterrence is this alliance preparing for, for the future?

To get us into this conversation, we’ve got four terrific panelist discussants. Barry Pavel, to our – my far left, is the vice president and director of the Brent Scowcroft Center. Barry will update you on the work that we’ve done to date as part of this project, in laying out a new concept for the deterrence and the alliance. He joined the Atlantic Council after a long career in the Pentagon and also having served as a special assistant to the president, senior director for defense policy and strategy at the White House, and played a heavy role in strategy issues at the Pentagon.

To his left is Stefano Stefanini. He is the newest Atlantic Council senior fellow in the Scowcroft Center. Welcome, it’s a delight to have you with us today. He also holds positions with the Podesta Group and is vice president of Oto Melara and the Finmeccanica Group. But he’s on this panel discussion today because he served, not only as diplomatic adviser to the – to President Napolitano of Italy, but as Italy’s permanent representative to NATO. He also has had diplomatic service in Washington, Moscow and the United Nations.

To his right, Svein Efjestad, the policy director for the Norwegian Ministry of Defense, he served as director general – or security policy director for the Norwegian Ministry of Defense since 1995 and in that capacity, really became known as the father of NATO security policy, Director, so it’s a delight to have you with us. He also served at NATO headquarters and has been one of the intellectual architects of this project that we’re working on.

And finally, next to me, Jason Healey, the director of our cyber statecraft in initiative here at the Atlantic Council, who will speak about deterrence in the cyber realm. He served as a – as a policy director at the White House, as executive director at Goldman Sachs Asia, and is a U.S. Air Force Intelligence officer, bringing all of those attributes together in his work together on cyber space, recently published “A Fierce Domain,” a terrific first history of conflict in cyber space.

So with that, Barry, let me come back to you and turn to you to kick off this discussion. Given the world that Fred laid out of this inflection point, given the new challenges the alliance is facing, what is the relevant meaning of deterrence today as we look to the future?

BARRY PAVEL: Thank you, Damon, and thanks for the really easy questions that you’ve posed to me. But you know, seriously, thank you to our Norwegian partners who have been wonderful to work with, and it’s just a real pleasure to be addressing these critical issues at this critical time.

I thought Fred Kempe did a fantastic job of sort of – not just because he’s my boss – but of sort of summarizing the essence of our June 5th conference, which started this effort, sort of where the world’s headed in the medium and long term, these major changes that are underway, and sort of our job is how do we help posture NATO to be as ready as possible for the surprises that will come for the contingencies that may be likely and for sort of deterrence approaches that are reasonable and effective in light of the budget constraints that we all face.

And so I think the types of issues he addressed – in particular, I think one that I would just add is this rise of individual power, individual empowerment undergirded by the rise of a global middle class, largely focused in Asia, but also by disruptive technologies that are giving individuals and groups, I think, for the – really for the first time in history, the ability to take strategically significant action, you know, in a major way. With biotech, with 3-D printing, with other technologies, I think, it’s clear we’re going to have to spend more time in the future as planners, looking at the individual level of challenges and opportunities, as well as at the state level, which we’re much more comfortable dealing with, which our institutions , including NATO, are much more comfortable dealing with.

So I’ll start my suggestions for new deterrence approaches with sort of two contradictory principles: One is, I think, for deterrence, the first question is always for me, deter whom from doing what? And I think it matters a lot; you know, what deters one leader from taking a specific type of action may be different because they act in a different context than what deters another leader from taking a different type of action.

But the second principle is, we are just terrible at predicting future threats and contingencies. I mean, time and again, we get surprised – we can go through the long list, I’m sure most of you know it. So the problem is, it’s really hard to specify with precision, you know, what military contingency will be the next big one, I’m sure in December of 2010, fi someone had said NATO would be operating an air campaign over North Africa, they would have been, you know, sent to an asylum. But that’s indeed what happened in the following year, as you know, over Libya.

So with those two principles in mind, even though they create some complications, I think it’s really important to think, after 2014, what are – what could NATO’s priority missions be? And there’s a lot of things NATO does, but what should really be the focus areas? And I’m going to pose three as suggestive and would love to hear from you in the discussions about whether these three are about right.

And in no particular order, I think, first, NATO is going to have to engage in some form or fashion in what I call the greater Middle East. This is an area that’s going to be unstable for generations to come and I don’t think we can have the entire underside of Eurasia in turmoil really, and expect it not to demand the attention of the world’s foremost alliance, which is right next door. So I think this will be a priority, perhaps, the top priority, really, whether we wish it to be or not.

Pivoting to Asia would be wonderful, but I don’t think the Middle East is going to accommodate, so I think there are potential roles, which I’ll get into in a little bit, on a steady-state basis for NATO or NATO members, and certainly, also in crises, which I think, unfortunately, will demand NATO’s attention.

Second, I think Russia looms at least as importantly, and I think here, NATO has to think about a hedge against Russian futures. And the Russian future that I worry most about is a declining Russia. And this is in part due to the shale gas revolution, which is dropping the price of energy, which I think in essence is going to bankrupt Russia’s state business model, and then there’s also some very daunting demographic factors that are going to, I think, really create some new challenges for Russia. And I worry about a Russian leader trying to distract a very restive and unhappy domestic population by launching some sort of coercion or aggression in the area. So that’s sort of the Russia that I worry about, and there’s things that can be deterred in those scenarios.

And then third – I think perhaps the third NATO mission is preparing for the unexpected. This one’s tough. This is the one that’s most likely, as we’ve proven. And so I think what this means is, we need to take a portfolio approach.

Now I’ll go through each of these sort of in turn in terms of the specific deterrence issues that I think are important. For the Middle East, I think it’s a bit problematic for the alliance to highlight this, you know, clearly and explicitly due to political constraints for – on NATO planning for contingencies in the Middle East, but we know that threats from this region can directly affect some NATO member nations, such as Turkey, and we know that potentially broader challenges loom. Despite President Rouhani’s magnificent charm offensive – and I do think it’s an important opportunity for our negotiations with Iran – those negotiations ultimately may not bear fruit, as happened with North Korea in the 1990s. North Korea now has roughly a dozen nuclear weapons, and we cannot rule that out – although it would be a really very, very challenging and consequential future, we cannot rule that out. If that happens, we’ve heard Saudi Arabia may acquire nuclear weapons. This is a major disequilibrium right next door to the alliance and that the NATO – that NATO members would have to be attentive to, even though it’s really difficult to deal with.

We also can’t rule out an unstable Pakistan, which would have very significant implications for NATO in particular because of WMD-armed elements getting a hold of these dangerous weapons and using them in ways that would be very dangerous for us.

So that’s just a couple of thoughts on the Middle East.

In terms of Russia, I think we also have some constraints on our deterrence and certainly the Russian challenge is felt much more by northern members of NATO than by other members of the alliance, including the United States government, which I would state rather clearly places Russia as a defense problem in a pretty low – at a pretty low level of priority. I think we just need to state that clearly.

And I think Russian challenges may come in more sophisticated forms than we saw during the Cold War. We’re talking more about energy coercion; about cyber, which we’ll hear about; about covert operations; about Arctic contingencies, which I think are newly important, for obvious reasons; about softer things, like Russia funding pro-Russian mayoral campaigns in the Baltic nations.

And so I think these are questions we should parse through. Where are there roles for NATO? These are serious challenges. NATO’s going to have to get more nuanced, I think, to deal with those types of security issues.

And then in terms of sort of preparing for the unexpected, there are other obvious difficulties in this area, but here we take a portfolio approach.

Asia looms very large, as Fred Kempe said. This is where economic power is shifting, and defense budgets across Asia are rising very rapidly, and we can talk about some of the statistics. But there’s also challenges associated with nonstate actors – as I said, individuals and groups – and I worry in particular about bioterrorism these days. With a very significant expansion of the proliferation of centers of biological expertise, unfortunately, I think it’s much more likely that we’ll see bioterrorism. And I think NATO publics could be better informed and made more resilient to these types of threats. And so there are elements of deterrence and assurance approaches even in dealing with nonstate actors, which we could talk about more.

And then even in Asia, I think, there are NATO members that have territory in – on the Pacific Ocean. For instance, if a North Korean ICBM hits Guam, that’s an Article 5 Pacific contingency. We should talk about sort of what that means for NATO and for NATO planning and NATO responses, but I don’t think there’s any getting around that essential fact.

Now in terms of the tools that we have, because I wanted to address tools before I passed to my other panelists, I think there’s sort of three categories of those types of tools that we can use to underwrite the deterrence approaches that I just talked about.

The first category is traditional areas. We’ll hear about some of them later today, as the DDPR also discussed, and I think you all know that list pretty well.

There’s also some emerging areas, and I would put cyber and space still in the emerging areas. Let me focus on space, because we’ll hear about cyber, but I think space is an area that NATO’s sorely behind in. Russia’s doctrine calls for taking out NATO’s access to critical space assets in the early days or even hours of any sort of conflict or contingency, and NATO’s approach is – well, I’m not sure if anyone here knows what NATO’s approach is, but it seems to not really address it, for a couple of reasons that some of us know.

So I think it’s really important, in terms of all of the areas where we should be erecting deterrence efforts and where there is demand and challenges that might be associated with these domains, space may be the one where supply just doesn’t come close to demand. And I think it’s important to note that weaknesses in space deterrence can undermine general deterrence, because NATO and the U.S. in particular are the most reliant on space assets for our military operations.

There was some good stuff in RAND study in terms of how to address space deterrence – just very quickly, international norms, enhancing collective space security capabilities, enhancing the resilience of space architecture, which involves sort of redundancy and potentially using some new technologies, such as cubesats. Where we don’t have these very expensive satellites that have everything in them, we can put up a constellation and more of a network approach.

And then I also think we need to have a deterrence policy, a declaratory policy, for space that people actually understand and that adversaries and allies like understand. That includes concepts of proportionate escalation that are not just limited to space.

And then thirdly, new areas that I think are worth considering as the world is changing so quickly for deterrence tools – one is energy. I mean, it’s possible we’ll see a crisis in the future in the Pacific, maybe in the European area, where there’s some sort of blockade or some there’s some sort of energy coercion, and with the new shale gas revolution, with other new energy developments going on, I think it’s possible we could use energy supply as a tool for reassurance and potentially also deterrence.

And then secondly, Juan Zarate has a new book out called “Treasury’s War,” which looks at financial instruments, how do those play a role in compellence, in deterrence. I think they can be better integrated into NATO’s deterrence approach.

And so at the Atlantic Council here we’re looking at a lot of these tools and trying to look at how to better integrate them in terms of deterrence in Asia and, in this conversation, deterrence in Europe.

Let me just end by saying I think everything I’ve just said sort of has four implications for the portfolio approach we need to take to NATO’s deterrent.

Number one, I think NATO has to really greatly differentiate its partnerships in the Middle East and in Asia, for the reasons that are quite obvious in terms of what’s going on in the world.

Number two, I think the alliance’s technology advantage is in danger of being lost. I mean, there are so many pacing competitive activities under way in China, in Russia, among individual, in niche areas. I think it takes a much more concerted, focused effort for the alliance to retain its technology advantages in key areas.

Third, I think strategic foresight should be practiced at NATO, and that is looking more at these longer-term trends but coming back to the present and saying, what do all these things mean for our current planning, for our contingency planning, for our strategic concept, for our capabilities discussions, et cetera. I think this is a new but important element to be added.

And then lastly – and I think many of you in this audience can help us – I think a lot of nonstate actors, private sector actors, need to be brought more into NATO’s efforts, be they energy companies, be they financial companies, technological companies, because if we’re really moving to a world that I call Westphalian plus – it’s not just state actors but nonstate – then I think we really need to much more strongly leverage the assets, knowledge and capabilities that such companies can bring to NATO’s deterrence approach.

So if I had to summarize everything I just said, I would sort of basically call it the cross approach, which is for NATO’s deterrent, I think it needs to be cross-domain, cross-regional and I think it needs to be cross-actor.

Thanks very much.

MR. WILSON: Terrific. Thank you very much, Barry, for taking the time to lay out that concept.

I want to pivot from the American perspective and come to Svein first, before picking up Jay and Stefano.

Barry’s just laid out this concept of an alliance thinking about an engagement and prepared for the greater Middle East, which I hope you’ll get into as well – hedging against Russia, preparing for the unexpected. He’s talking about bioterrorism, space, energy, these new tools. And yet in our conversations in our last event, there was a sense among some of our European participants, weary of a decade-plus of battle in Afghanistan, leery of future commitments, and where you saw commitments, as in Libya, an effort to try minimize the engagement of the alliance.

So I want to turn to you, Svein. This impetus among some that we hear – and our European colleagues have hunkered down, back to core Article 5. There’s a crisis in capabilities because theres’s a crisis in defense spending. How do you reconcile what Barry has just laid out with how you, as a European defense planner, think about where the alliance is going, where it needs to go, in terms of deterrence? Please, over to you.

SVEIN EFJESTAD: Thank you very much, Damon, and thank you very much for the Atlantic Council, for its tireless effort to keep this trans-Atlantic dialogue going and interesting people in the U.S. So it’s very impressive to have all these high-ranking Americans present to discuss these issues today.

What Barry Pavel said about preparing for the unexpected –

MR. : Pardon me – (inaudible).

MR. EFJESTAD: Sorry. (Technical adjustments.)

I don’t have to repeat that, I suppose. (Laughter.)

MR. WILSON: No, I think you’re fine.

MR. EFJESTAD: What Barry said about preparing for the unexpected is very much what I will talk about. And as you said, Damon, also, it is to some extent returning to the basics.

But I think this is a very timely initiative because your ISAF operation is coming to an end, and we are preparing for the summit next fall.

In my intervention today, I will focus on what I believe is necessary in order to implement the Strategic Concept from 2010. NATO – we in NATO have been quite good in creating new slogans, in creating new programs, but we have failed to a large extent to implement that, in my view. And I think those who know NATO really well – and I see there are some here – know that the state of the structures in NATO is not always what we want it to be. And I believe therefore that correcting some of these things is absolutely the best thing we can do in order to prepare for the unexpected.

I’ll try to be a little bit more concrete. As we approach the next summit, we need to make sure that NATO remains relevant, as you said, and effective. Next year we have an opportunity, because we are going to update the political guidance – it used to be called ministerial guidance – and that is the document in which you set the real priorities and the programs for what we need to do with NATO’s defense capabilities and defense structures. And that, as – is the most important document, in addition to the Strategic Concept. I think we need to take a hard look at that one.

And I will suggest, in order to be brief, only six points that I think we should look at there.

One, we should need – we should change our level of ambition. Today the level of ambition is that we should be able to conduct two major and six small operations at the same time. We’ve had that ambition for long time, and since we started with that ambition, our resources have decreased tremendously, and we are – totally different situation today. In my view, we should change that level of ambition dramatically. And I would not change it by saying one plus two or something, but rather describe it in a totally different way.

For example, saying that we need to be able to deter and defend the territories of the member countries, and we need to be able to deploy military capability, to do crisis management at a certain distance. We need to be able to hedge against cyberattacks, space attacks, perhaps, but we should take a totally new look, in my view, at the level of ambition.

Secondly, I believe we need to incorporate cyberoperations in NATO’s planning. We talk about cyber, but it is, to me, at least, almost inconceivable that there will be a future military conflict in which cyber doesn’t play a prominent role. And I don’t think we have really incorporated that into the planning mechanism in NATO.

My third point is I think we should establish a general framework for contingency planning in NATO, so that national defense plans can be attached to and linked to the wider NATO operational planning.

I’m sorry to say that there is no common policy for contingency or operational planning in NATO. We had during the Cold War. After that we had some aspects of contingency planning, but we don’t have a general policy covering it. And as we do our national planning in Norway, we really do need something to attach it to.

One of the unique features of NATO is its command structure, and we all believe – at least the small countries in NATO believe – that in case of a serious crisis, we would ask NATO to take the lead and take the command of operations.

We have seen time and again that the NATO command structure, as it is today, is not fully capable and ready to take on such tasks. One of many examples is the conflict in Libya. We had to send big reinforcements to the air command in Italy in order to take on that task, to do the targeting business, and I think we cannot afford to have such a big command structure as we had, say, 20 years ago. So I think the best way to fix this is to create a pool of qualified personnel in member states, so that they can be deployed and support different operational commands if a conflict is rising. This is a cheap, I think, way to reinforce NATO’s credibility in the command structure.

One thing which is also relevant in this regard is to establish an educational certification program for officers in NATO jobs. We are now 28 nations, with very different structures and backgrounds, and I think the allied command transformation could do a very, very useful job in training and qualifying officers and, for that matter, civilians to take on NATO jobs.

My last point is that I think we should establish a policy for training and exercises to ensure interoperability and ability to participate in joint and combined operations. And this policy should cover all elements of our force structure. NATO has focused on very narrow force categories, like the NRF, for example, but that is only a very, very small proportion of NATO’s structures. So if we could create a common policy for training and exercises to do that job, I think that would greatly increase cohesion in the military system in NATO, its defense capability and thereby also deterrence.

NATO’s Strategic Concept entails three core tasks: collective defense, crisis management and cooperative security, which basically is partnerships. And I firmly believe that collective defense is the basis for the alliance, as described in the Atlantic Treaty, and our credibility in relation to collective defense is basic for public support in many countries and also for NATO’s relevance and ability to take on tasks such as crisis management and cooperative security. In other words, sit is not possible to do the other two if you don’t do the first task right. That’s my point.

But I think also, when we talk about collective defense, it is very important, as I said, to incorporate new aspects of this, like cyber but also missile defense and space – a policy for space. So I – it is – it needs to be updated in relation to the technological development.

There’s a lot of critical shortfalls in NATO, of course – joint reconnaissance, intelligence, special forces, air refueling and so on and so forth. But still I believe that what really makes NATO attractive, credible and unique is that it has a permanent decision-making machinery; it has a permanent command structure; there’s a common force planning and a common operational planning. This builds the credibility, the cohesion of the alliance, and deterrence.

One often says that NATO is changing from deployed to prepared. And Barry, you posed a question: Prepared for what? In my view, we must be prepared for collective defense and for international crisis management, both of them. And I fully agree with you – what you said about the Middle East. We need therefore also to have a situational awareness, which has been lacking to a large extent in NATO. One of our initiatives pointed directly at the situational awareness. And as the Norwegian Air Force was planning to participate in Libya, we have to admit we didn’t know very much about Libya or the surrounding areas. Later, we got quite a bit of information from Italy and France. But NATO as such had also very little knowledge. And definitely NATO needs to have a situational awareness for the Mediterranean, for the Middle East so that it can make recommendations to the political level if NATO can use its forces and policies in a relevant way to solve crisis in that region. And the same goes for Eastern Europe.
I think I’ll stop there because I think I used my time.
MR. WILSON: Perfect. Svein, let me ask you just quick follow-up because you put an idea on the table to dramatically change the level of ambition for the alliance. And for many out there this may sound like a technical issue, but it’s an incredibly, inordinately political issue as well, because for many, they would argue, this is the alliance sort of looking at itself and saying, we’re actually incapable of doing what we said we would do – to defend our populations – and we need to ratchet back our ambition, ratchet back our expectations of what the alliance can deliver.
How do you – how do you navigate the shoals? I’m going to turn to an ambassador who had to deal with the politics of this next, but let me ask you real quick. I mean, how do you deal with the criticism that this would be a admission of defeat for the alliance in some respect?
SVEIN EFJESTAD: Well, frankly speaking, I think it was never very realistic that NATO should do six plus two operations almost at the same time. And then I don’t think many would be very disappointed if that level of ambition was changed a little bit because we are not going to do two plus six operations at the same time anyway. It is not credible, and it is undermining our credibility. That’s my short answer.
MR. WILSON: All right . Thank you, Svein.
Let me turn to your left. I’ll come back to you, Jay, to wrap up with cyber, but let me turn to Ambassador Stefanini who, unlike Norway, which had to find its way, information about Libya, Italy, as it projects into the Mediterranean, is intimately familiar with your neighbors to the South and the instability that the alliance is facing from that region. From your perspective, Italy is a stalwart member of the alliance, a founding member of the alliance, but one that is also trying to balance the financial challenges that we’ve been seeing throughout the euro zone, combined with the reality of instability to your south – something that’s quite palpable, obviously, for your country. How does it sound when you’re hearing about the concept that Barry’s laid out, hedging against Russia while still planning for greater ambition in the Middle East, preparing for the unprepared when you have to deal with the constraints of budgets and what your populations will support? Give us the perspective from the south.
STEFANO STEFANINI: Thank you, Damon. And it’s good to be here, and it’s good to be next to Norway. I must say surprisingly – that might surprise someone – Norway’s been one of the countries I work the most closely in my time at NATO, mostly because, you know, one from the north, one from the south and together we sort of match the perspective of, say, European NATO.
Before I get into the answer to your question, let me just touch on something which was – I tried to focus for this panel, which is the relationship between deterrence and collective effects, and then I’ll come to the Mediterranean, which obviously is close to my heart.
And I was feeling a bit rusty, you know, five months after leaving foreign service – three years – I left NATO immediately after the strategic (concept ?), and I’m completely affirmative in December 2010. We had no clue, no idea that there might be – (inaudible) – to a point, then I was asked, because some might may remember Gadhafi just made a most state visit in Italy that August, and the bilateral agreement with Libya could be – (inaudible). And it was at odds with our NATO commitment. But when the question, which we asked ourselves at the time, could that be a problem – the answer was absolutely – (inaudible) – why should ever NATO have anything to do with Libya? That was just eight months before the operation. (Chuckles.) So that shows that that kind of unpredictability that you outlined.
So I’m feeling a bit rusty. I had to – I needed some help. I found some help in a young diplomat, young and bright – (inaudible) – at my – that actually took my seat in the audience, Alessandro Catani (ph). Was – at the embassy we have – as you know, Italy – (inaudible) – NATOized (ph) embassy here with former deputy secretary-general, who is actually Ambassador Claudio (ph) – (inaudible).
But Alessandro’s (sp) help wasn’t enough, so I went a bit further. And, you know, dealing with new tools and new challenges, I thought a bit of old wisdom was in order, and I found the best – what in think the best – one of the best definitions of deterrence in a phrase from Machiavelli – there was an exhibition on Machiavelli, just opened yesterday at the Italian embassy.
MR. WILSON: And Mr. Ambassador, I might just say, you walked in today and I said I appreciate the pin you have on your lapel, and indeed, it is a pin of Machiavelli.
MR. STEFANINI: Yes. (Laughter.)
MR. WILSON: So I thought it might figure into your remarks.
MR. STEFANINI: Machiavelli says fear preserves you by a dread of punishment which never fears. That’s the essence of deterrence. And the problem we come with here again is that there are guys which there is no punishment. They don’t fear a punishment. Either they’re just too – subcategories, if you wish – either because they think they would not be caught – that’s the case with possibly cyberdefense, or because they – the punishment doesn’t – you know, typically that the terrorist is not – is not being punished. So I think the issue is whether or not – I mean, the new challenges, there’s also – (inaudible) – about them; new tools, there is a bit less son. And the issue is whether or not deterrence is part of these new tools. I think it is, but it has to be a combination; and that you imply when you’re talking about a portfolio, it has to be a combination of measures, cannot be only military deterrence. It has to use political, diplomatic and economic means. And that calls on more – in my view, on more reliance on Article IV, more reliance on our partners and what I’d call engagement. And obviously when I say engagement, it is very much with Russia on my mind, rather than Georgia.
The point about – and very briefly I’d come to Russia, which you mentioned. I like very much the way you – Barry, you pointed out about the issue of hedging against Russia when you said that your main concern is about a declining Russia, which obviously is not going to be deterred purely by a military hedge but with a sort of an array of means and – on one hand, sort of credible, clear-cut military ability; on the other hand, a political outreach to Russia, even if at the present moment the circumstances are not the most favorable.
The issue – so my take on the relationship between collective – between deterrence and collective defense would be, we should deter when we can. When we cannot deter, we have to think about collective defense. But the point is that this defense has to be collective. NATO has been defined by values and by common goods – security being a common good – not by the threats or the challenges. What I mean is what whatever the challenge or of the challenges, the common good we want to protect is the same. So in that respect, we have to be able to interpret – not even extensively – but to update the concept of our armed attack. The point we made here about no military warfare being possibly way today – waged today without a cyber dimension, but it – you know, space, it’s a clear case for considering these dimensions as part of NATO responsibility. It may well be that some of them require NATO to work with other organizations or with – or in other fora, energy being a case in point. But there has to be –they have to be present also in it.
We – the bottom line about where we can deter and where we cannot deter – you mentioned about Westphalia plus international environment – is two states, even the most democratic one and the most authoritarian dictatorship, to some extent share the same language. They don’t share the same values but they share the same objective, you know, the preservation of territorial integrity. This, when we talk about terrorists or pirates, for instance – there’s the movie that was just out, “Captain Phillips” – you know, the captain and the hijacker do not speak the same language. They just talk. And it’s – the movie is very well done because there’s a lot – certainly not sympathy, but empathy for the – it makes you understand what makes those pirates tick. So when they – and we face this problem mainly when our interlocutor does not have a physical control of territory.
And this I come to which is my point: We cannot deter asymmetrical threats by definition, but we can address at least some of the root causes. I know it’s not always politically correct – (inaudible) – that create the asymmetrical (trap ?). And without going to much, let’s say at least one which we’ll call (intermediate cause ?), which is a failed state. To the extent we can prevent a failed state with certain limit the possibility of asymmetrical threats, what’s that mean? What’s that in Afghanistan? What’s that in Somalia? I’m afraid we now – the risk has moved very much to Northern Africa. While the U.S. may or may not have done its pivot to Asia, I think al-Qaida and associates are turning people to Africa for a very simple reason, because the Arab Springs or the Arab Awakening have created a situation where there is a potential for a failed state or at least large part of land where there is no control by any state authority.
So here come to, you know, question about the Mediterranean. Damon, I certainly think NATO has to think about that as a possible source of new threats, and a threat which is not simply a threat – (inaudible) – southern flank of NATO. It’s a threat that affects the entire Europe – I would say the entire Atlantic area. But there might be also some reason to think about – because when we – we cannot sort of dump all the great Middle East in the same heap. The northern Africa, the Maghreb, the Sahel has some different dynamics, and there could be some – especially when we talk about Africa, some role for the EU in association with NATO.
I think – I hope this answers your question.
MR. WILSON: Thank you very much. Thank you for that. I want to pick up on a couple of things that several of you said and come to Jay on this point. I think the way you teed it up, Ambassador, the way I’ll punt it to Jay, is how do you apply Machiavelli to cyberspace? How do you – how do you create the fear of punishment?
So as we turn to Jay, we’ve heard from Svein that it’s inconceivable that the alliance could face a conflict where cyber would not be among the fronts. We’ve heard the concern about the fear that they can be caught as being the essence of deterrence and how that applies here, and we’ve also heard if you – for those NATO nicks (ph) in the audience – the potential need to update thinking about what an armed attack means. If you read the Washington Treaty, Article 5, which says an attack on one ally will be considered an attack on all allies, it actually says an armed attack. So what does this mean, and what does the cyber domain mean and the concept of collective defensive deterrence for the alliance in the future?
JASON HEALEY: Great. Thank you, Damon. I also want to thank NATO – I mean, the organization itself, as well as everyone that’s helped to make it strong. Yesterday was Veterans Day, Remembrance Day, and hopefully, because of NATO, we never have to create another holiday like Remembrance Day to think of such a terrible war. And, frankly, I think the Nobel Peace Prize probably went to the wrong organization, but thanks to NATO, and hopefully we can prevent that from ever happening again.
So to pick up on cyber – and now everyone’s supposed to say, ooh, cyber, ooh, cyber, because that’s what you’re supposed to do, right? It’s this new challenging area, and I want to help put some of that to be, I hope, and show that a lot of NATO’s traditional strengths, traditional areas that were strong and are going to serve us much better in cyber than we’ve really been led to believe.
So when we talk specifically about cyberdeterrence – uh-oh – I made General Cartwright’s eyebrows go closer together. That means I might be in trouble later. So when we talk about cyberdeterrence, the main things that people are going to talk about and say, well, cyberdeterrence is practically impossible because it’s such an easy capability. Two kids in their basement can constitute a strategic capability. All you need are computers and the right brain, and how could we ever deter that? Or we’ll never know who’s responsible for it. You can’t prove who did it, and therefore you can’t deter it. Or it happens at the speed of light and you can’t warn it, so how could you ever deter it. And there are several more of these that we could go on that constitute the – I think the main pillar of thinking on cyberdeterrence.
But all of those are over here on the technical side. It’s looking what happens at the level of tactical combat, and extrapolating it to say that it’s – that it’s the whole of conflict. And we don’t have to do that. It’s like saying that what happens at the level of missile defense, you know, and how fast an engagement could go, or the level of aerial combat, that because a dogfight is so – happens so quickly, that therefore you could never deter an adversary from sending their bombers that could go nearly the speed of sound – what happens at the tactical and technical levels within the domain, we’ve just said that therefore it’s completely impossible. And that tends to be the strongest.
As David mentioned, we just finished our first military history of cyber conflict called “A Fierce Domain.” And what we saw that when we look at what our cyber problem, not just as – this is Fred telling me to stop pitching my book, and Fred Kempe is the last person to tell you to not pitch a book. (Laughter.)
MR. WILSON (?): I think this may have been our own cyberattack here at the Atlantic Council, as some folks frown on your comments.
MR. HEALEY: And when we look at what’s happened in cyber – and not just as crime, not just as a collection of individual cyberattacks, but as actual conflict – and how else should NATO look at cyber other than actual conflict? – we find that all of these technical things – it’s speed of light, you never know who’s responsible, it’s so difficult to warn about, two kids and a computer constitute a strategic capability – none of that – it’s true at the technical level, but it’s not true at the level of conflict, because what we found when you look at it as conflict is that it overwhelmingly takes place within existing conflict or an ongoing conflict between existing national rivals, which means that all of these technical truths fall away because you’re generally going to know who’s responsible because it’s going to be the country that you’re involved with an existing conflict about. Anyone that was confused about Estonia in 2007, people would say, ah, it traces back to 178 different countries; we couldn’t possibly tell who’s responsible for this cyberassault on Estonia. They’re looking at that over here on the technical level. If you want to see past that to the political truths behind that, it does not have to be difficult. NATO might make it difficult, but that’s different from the dynamics of the underlying conflict.
Likewise, the cyberattacks are easy to warn about, or they’re more easy to warn about than we’ve been told, because you don’t have to stare down the wire looking for the evil ones and zeros; you can look at the overall dynamics of the conflict, the geopolitical realities. And the geopolitical realities are that cyberattacks, cyberconflicts tend to follow physical conflicts and physical attacks. If you see a protest at the World Bank, you can expect there’s going to be an online protest at the World Bank. If you see an ongoing conflict in the East China Sea or South China Sea or a dust-up, say, over natural gas deliveries in Eastern and Central Europe from Russia, you can guess that there’s going to start being a cyberconflict – or a cyber component to that as well. You don’t have to treat it as some new dark, mystic thing that’s different from cyberconflicts that have come before.

So what we found – and this is incredibly important for NATO – is that the more strategically significant the conflict, the more similar it is to conflict in the air, land and sea, to the more – I’ll say that again. The more strategically significant the conflict, the more similar it is to conflict in the air, land and sea. So one reason why deterrence seems so tough now – or why cyber seems so tough now is that we’re looking at these collection of individual incidents and racking our brains over how to deter these, when these are individual incidents that are probably not getting into NATO’s typical lanes where we work with.

I’ll summarize that point when we get to the end. I would contend, to close out the main point, that cyberdeterrence is obviously working. People that say that it’s difficult or impossible are focusing on the technical, or they’re focusing on these day in, day out incidents. Maybe they’re focusing on espionage. But they’re disruptive attacks, especially the most strategic cyberconflicts. I would contend the facts show, that history shows – here’s where I hold up the book – that history shows – $9.99 on Amazon – that history shows that cyberdeterrence is clearly working because we’ve been talking about a cyber Pearl Harbor since 1991, over 20 years since – I’m sorry, over 20 of the years – we’ve been talking about a cyber Pearl Harbor for 20 of the 70 years since the actual Pearl Harbor. Clearly, there’s a different dynamic going on.

So what we see is that countries are willing to spy on one another. They’re willing to have proxies that conduct attacks on others. They’re willing maybe to have low-level cyberattacks on one another. But we haven’t seen a big nation use real cyber – really disruptive – or disruptive cybercapabilities against another big nation. You haven’t seen big nations use really disruptive cybercapabilities against a small nation outside of an existing conflict. You know, it’s not out of the blue; it’s taking place during existing tensions. So one of my colleagues says, well, you can’t call that deterrence; you have to call that restraint, that we’re not willing to go above a certain threshold. Fine, call it restraint. But what you’re saying is nations are acting extremely similarly in this place to they do the other. They’re not willing to do big, disruptive attacks on one another because they fear getting caught; they fear getting punishment; they fear that this thin – that attribution might prove a very thin veil once people start to die.

So I would say NATO, going forward, needs to look at three separate areas, and this gets to Barry’s point of who and what are we trying to deter. First is we have today’s issues: espionage, large levels of cybercrime, proxies by some countries. But that’s not real cyberconflict the way that we’ve tended to think about it. Today’s problems tend to be – call it hostilities below the level of cyberconflict and how NATO is going to be getting involved in that area. And that, I think, can be tractable, and I think NATO’s been doing a good job of improving their own defenses and the rest.

Second, you’ve got an area where we might someday really have a cyberconflict because that first tier, what’s happening today, is never going to get us to an Article 5. Second, we might have an – if we get ourselves into an Article 5 situation, it’s not going to be from a “bolt out of the blue” cyberattack. I would strongly – I would guess it would not. It’s not going to be some spooky way we get there. It’s almost certainly going to be there through existing conflict with normal national power rivals that happens to escalate in some cyber fashion that you’ve got a massive impact to GDP, far larger than we’ve ever seen to date from a cyberattack, or we have dead bodies, which we’ve never had from a cyberattack that I can find. So it’s going to look and feel like a normal Article 5, which radically, I think, simplifies NATO’s planning to get to this.

And last, my closing point that my colleague and senior fellow Greg Rattray makes a lot, when you talk about cyberdeterrence, especially in the United States, we always tend to think that we’re going to be the ones doing the deterring, and especially with our level of strategic vulnerability. I think within the United States, and also NATO as a whole, needs to look at how we might be getting deterred, how can – how we can make sure that we won’t be the one deterred from getting into a conflict, I mean, how we can stop others from deterring us.

And that means how can we – it means, in addition to other things, how we can make sure that NATO’s systems and our societies can survive the first strike from the adversary, because this doesn’t happen speed of light. Cyberconflicts tend to take place over weeks, months or years. So what we want is to make sure we can survive that first strike so that we can get into the place that we’re good. We’re democracies. We tend not to be good right out of the box. It takes us awhile to warm up. So we need to avoid something like a Six-Day War, where it was kind of lost in the first morning in the early airstrikes, to make sure that we’ve got time to warm up. And I think NATO has been doing pretty well by making sure – by focusing on defense of their own systems as a strong first goal there.

Thank you, Damon.

MR. WILSON: Thank you, Jay.

Let me just pick up real quick before we bring in the audience. We’ve got time for discussion. And as I look across the audience, there’s an inordinate depth of NATO expertise here, so I want to bring in the conversation to hear from all of you. But here at the Atlantic Council, we actually went out and recruited Jay. We started the Cyber Statecraft Initiative precisely because we were hearing from many of our allies and partners a concern about the disconnect between potentially how fast an how far where the United States was going and where its closest allies were both in terms of doctrine and concepts, but in terms of capabilities. And that was sort of the purpose of actually standing up Cyber Statecraft Initiative here at the Atlantic Council, focusing how to keep our like-minded partners in sync on where we’re going, and that’s what you’ve been working a lot on. We’re here having this conversation in the wake of yet another – yet another round of headlines that keep sort of the issues of the cyber domain, with Snowden, the NSA leaks, as a source of tension, perhaps, in the trans-Atlantic space.

How do we make sure that what we’re doing – first of all, you talked about national versus NATO capabilities, and there’s quite a distinction. How do you meet Svein’s remit to incorporate cyber into defense planning, making this a source of real strength for the alliance, unity of the alliance projecting outward, rather than yet another source of tension and division that can be used by external actors to play divide and conquer, if you will?

MR. HEALEY: Yeah, there’s, I think, a couple of – maybe three solid areas. One, I think within the DOD, just getting to accept that NATO has a strong role to play in this, and I think focusing on actual Article 5 and improving their own will help there. I’ve heard too many defense officials, even at – too many U.S. military cyber officials, even at NATO events, downplaying the role of NATO. One of our four-star generals – he wouldn’t come out and said it was Russia that was responsible for Estonia; he wouldn’t come out and say that China was behind the espionage, even though the president would say that. So he was diplomatic about that, but he couldn’t actually find anything nice to say about NATO in cyber, and that’s just putting us in a wrong direction.

Second, I think we can deal with our classification schemes. Right now our – we so highly classify this in the United States. It completely limits our ability to have a debate even within our own country, and it especially makes it difficult for working with our allies. Department of Defense has – you know, there are computer vulnerabilities that have to get patched. The DOD version of that is something called IAVAs. They’re unclassified but for official use only. And we wouldn’t even share those FOUO with our NATO allies for a while. It took months and months to get this approved, and they’re for official use only. And the comment that I heard was, well, what would they do it – why would we need to share this? Ah, you know, and it’s just the wrong way of thinking about – and I’m afraid that’s only going to get worse now post-Snowden, that we’re going to continue to clamp down ever further on that.

Third is we’re coming out with some additional ideas on exactly what you said. I’ll only focus on one, and it’s really Frank Kramer’s idea. He said, you know, NATO’s been in this place before, for example, looking at the Nuclear Planning Group, of a capability, especially if you’re looking at offensive capability, that only a few NATO allies have, but it gives everyone a voice and a stake in this discussion, and it’s thinkable to have that on the offensive side, that the allies that have offensive capability can come together and talk about how that might be used. If we come up with another out-of-area operation, we might need something like that so that we can talk about it, we can – we can think about how to bring these national capabilities best to bear.

For sharing defensively, I think the things that the alliance has been up to, increasing the capability of the NCIRC, having the Emerging Security Challenges Divisions, NATO – I’m sorry, and SACEUR involved are all going in the right direction.

MR. WILSON: Terrific. Thank you, Jay.

As we get into the conversation, we have the Ambassador of Estonia, we have General Cartwright, others that know a lot about cyber, so I would welcome your comments on this.

I’m going to remind the audience that we are welcoming, encouraging your tweeting today. For the whole – throughout the day we’re using the hashtag #futurenato, so feel free to tweet away, and on your agenda, you’ll see the handles of each of our speakers as well.

To kick off the conversation, I’m going to turn to Harlan Ullman, who caught my eye first. And part of this – I want to – I want to hear, as we get – take questions – field questions for the panel – is there almost a little bit of a Pollyanna-ish attitude up here? Are we not facing the reality of austerity? Can – we’ve heard about the strategic level. We’ve heard about a national work plan. But is this doable given where we are financially as well as politically?

Harlan, please pick up the ball for us. And if you could catch my eye, we’ll get a microphone to you, and if I could ask, even if I know you, for our television audience, if you could introduce yourself, say your name and ask your question. Please, Harlan.

Q: I’m Harlan Ullman with the Atlantic Council. First, many thanks to the panel for really excellent discussion. And I particularly associate myself with Svein’s remarks. I think you’re absolutely right. And maybe you should put your hat in the ring for a sec-gen. (Laughter.)

My question is really a provocation. I would assert that deterrence is a concept of the 20th century and really isn’t relevant to the 21st. And I think the panel, by what they said or didn’t say, may support that contention. Now, the question is what would take its place. And I would also observe that perhaps the two most important things that NATO can do and that can arise from the coming summit have not been mentioned: one, support TTIP; and two, develop some kind of argument to rally domestic support, because the most crucial issue, in my judgment, is that we’re lacking domestic support. I just came back from yet again another trip to NATO, and this is really missing in action.

So it seems to me, to follow on what Svein said – and this is extremely difficult because NATO remains, whenever what we say about it, a military alliance – should the issue not be collective security and not collective defense? And if we can make that switch without too much language to go along with it, it seems to me that that would be ambiguous enough to bring into play all these other issues that have been – that are so important but which individual members have some difficulty in dealing with. So should we not be looking at collective security rather than collective defense?

MR. WILSON: Got it. Thank you. I’m going to pick up a couple of comments. I’ve seen a lot of hands. We’ve got some time to work through them all. Let me come up to the front here with Lisa, Lisa Aronsson, and then we’ll come to these two here as well.

Q: Thanks. I’m Lisa Aronsson. I’m at the council, a visiting fellow from RUSI, London. All the presentations mentioned the importance of credibility to deterrence, but nobody mentioned Afghanistan. I’d like to just ask – I think this is understandable. Damon’s mentioned several times we want this next summit to be the first one looking forward and not necessarily focused on Afghanistan, but I’d like to ask the panelists to reflect on how do we integrate efforts to answer big questions about Afghanistan, whether that’s spending commitments, mechanisms for managing cash flow, sustainability of the ANSF or status of forces agreement, integrating partners into the post-2014 Afghan mission. These are all very sensitive issues, and it’s important for NATO’s credibility, especially given the risks of ungoverned space in Afghanistan or even possibly a terrorist attack being planned there from the future. So how do we look forward for deterrence purposes but also keep enough attention on ISAF? Thanks.

MR. WILSON: So I’m going to make a pointed add to Lisa’s question because she’s being polite in some respects. If the best recipe for deterrence is success and credibility and the Afghan mission is not seen as that, it’s seen perhaps as a failure by many of our publics, isn’t that at the heart of how – getting that right – isn’t that at the heart of how you sustain deterrence going forward? Or how do you fix that conundrum? So I’d make a little pointed add.

And then the – we’ll take two questions right here and then come back to the panel. Please, this gentleman and lady in the – yes, both of you.

Q: Thank you very much for such an educative discussion. This is Dr. Nisa Chaudhry (sp). I am with the Pakistan American League. The world is going through a constant transition from a unipolar world to a multipolar world. And my friend Barry Pavel mentioned about Russia because of their system, the way they govern, and then virtually nonexistence of true democracy. And then because of technology, it’s so much of oil and gas – (inaudible) – then they are going to go down. They can’t bounce back. And then the – Turkey’s name was also mentioned, which is a member of NATO. My question is that NATO had been doing a lot of firefighting in many areas of the world. Does NATO have the capacity to act unilaterally also with the – (inaudible) – leadership of USA to prevent low-intensity conflict or intercept the conflicts and resolve them? And Turkey is a member of the NATO. And – (inaudible) – somebody educate me on this. OK, what were the (niches and glitches ?) that he could not become the member of European Union at the same time? Thank you.

MR. WILSON: Thank you, sir. That last question is a topic of a whole other conference that we’ve actually got running as well. (Laughter.) But let me – and just to his left, and we’ll take this last question and come back to the panel.

Q: Thank you. My name is Dr. Lydia Kostopoulos, and I’m representing the Cyber Security Forum Initiative. I oversee our mission in Europe, and I’ve dealt quite a bit with various nations there, more specifically in the Mediterranean. And as we deal with cyber issues, I’ve been engaging the communities there with cyber. And I have a question regarding austerity and our cyberallies and helping them out in the era of Snowden leaks. So what I’ve found is many government officials, military officials have said that they look up to the U.S. and the way we do things. They respect our strategy and our efficiency and effectiveness. However, when it comes to cybersecurity now, many people are standing up their commands. And this is a sensitive national security issue. Seeing as our – some of our NATO allies are standing up their commands, how can we help them in a way that would not infringe on the sensitivity of standing up a cyber command, considering the Snowden situation? Thank you.

MR. WILSON: Terrific. Thank you for those questions. Let me come back, and let me start with you, Barry. I want to – let’s take the first two questions because I think Harlan asked a fundamental one: Is deterrence not a Cold War concept? And how do we talk about NATO’s future deterrence if we bury under the carpet the issue of Afghanistan?

MR. PAVEL: Sure. Well, I don’t think – I don’t think deterrence is an outdated concept. I wish it were because the essence of deterrence is trying to threaten harm on those who might think to do you harm in the international system. And unfortunately, the world has proven over the – we can just take a couple of examples from the last couple of years, be they state actors or nonstate actors. You know, Russia invaded Georgia, and we have terrorists still committing acts. I do think that in certain cases, terrorists can be deterred, and have written about it in an article with nonresident senior fellow Matt Kroenig that there are ways to deter terrorists if you really focus your efforts as well.

And so I think, unfortunately, the nature of the world is such that deterrence is still very central, but we have always had a lot of other activities going on next to and complementing and, hopefully, reinforcing deterrence, including security cooperation and various other forms of engagement. So I think, you know, deterrence by itself would be one hand clapping. But it’s never been that case. I think it’s a different form of deterrence. It’s a much more tailored set of deterrence approaches that’s required for a much more complex world.

On the question of Afghanistan, I sort of have sort of two basic answers, and I think it’s a very important question. Number one, those who understand what’s going on in Afghanistan better than I say it’s going much better than the press – which tends to follow negative stories, I’ve heard, more than positive stories – would lead you to believe, but that doesn’t change the perception question. So on the broader question, I think, you know, NATO’s activities in Libya proved that it’s rather adaptable. And so my sort of general answer to NATO and its credibility, et cetera, is it’s the best we’ve got. I mean, it’s adapted multiple times. As Damon has said, it’s sort of entering its fifth chapter of major adaptation. And I think the key answers and the key questions at this conference is, what will be the defining parameters of that fifth chapter of adaptation?

So I think Afghanistan is – my short answer is it’s probably going better than we’re being led to believe. But even that said, there’s a broad enough record of adaptation that I think credibility isn’t quite at an issue, but we need to work at it because, as I said in my remarks, the challenges and the circumstances that NATO faces going forward over the next five to 10 years are very different than the challenges that NATO is comfortable dealing with from its history.

MR. WILSON: Thank you. Mr. Ambassador?

MR. STEFANINI: Thank you. I’ll just focus on Afghanistan, mostly because my nearly four years at NATO was very much Afghanistan years, and I’ve been doing lots of thinking what’s after that 2014. Obviously, there would be a lot of thinking about NATO, after 2014, about Afghanistan. And the lessons learned, we will know more about them after we’ve gone out, and when we will be able to gauge what Afghanistan we leave behind.

I agree with Barry that we – I go even further – with NATO we leave an Afghanistan much better than it found. Afghanistan is being – Afghanistan and Afghanis (sic) are being given a chance, which they didn’t have before.

There is another element which I think is very – from the NATO point of view, that Afghanistan proves a stamina in solidarity, which we may not have suspected.

MR. WILSON: Say it one more time, Stephano.

MR. STEFANINI: A stamina in solidarity. Who would have guessed that we, after 10 years, having all of us suffered fairly high losses, not to mention the cost, financial cost, that we would still be there and we will actually – I mean, in together/out together is a reality, and is – (inaudible) – is happening in the midst of the Hindu Kush, that proves a certain political solidarity, political core of NATO which is probably higher than we suspected, especially in 2003-2004 when we got into Afghanistan.

Obviously, there are lessons to be learned also in terms of – exactly in terms of deterrence. Deterrence has worked. I mean, just imagine in four years the Taliban are back in power in Kabul. Would they do the same they did before, the hosting, giving a safe haven to al-Qaida, and risk again destruction? Probably not. In that respect, what happened is a lesson in deterrence.

Where we’ve not been able to be effective is in convincing the regional powers surrounding – Pakistan was mentioned before earlier – that Afghanistan is not a zero-sum game.

MR. WILSON: I just want to echo that one point. I asked you to repeat that because we are often up on the Hill briefing about the alliance, and we hear many concerns about the question that Harlan raised – political will, political support. And when you make the argument that we’ve been fighting a war in the middle of Asia for more than a decade with tens of thousands of European forces by our side, a scenario that we could little imagine, and at the height of the strain on the alliance military forces exacerbated by one of the worst economic crises on the continent, the political will was still mustered to launch an operation in Libya, and we still have sustained our forces in Kosovo during this period – so there are ways to look at this. And I think that was an important point you made, so I just wanted to draw that out.

Svein, please, pick up on a few of these elements. And then we’ll come to Jay on cyber on I’ll come back to the audience.

MR. EFJESTAD: To Harlan, I would say that deterrence is a very old concept back from Machiavelli, as we heard. So it was not invented for the Cold War. But I agree it has to be different, it has to be tailored to a new situation. And when we talk to Russia, for example, deterrence and the military policy is accompanied by a set of cooperative programs. So cooperation and military readiness doesn’t exclude each other. So I think in total, this makes a policy which is (substantially ?) good.

I fully agree with you that we need to work much more on rallying domestic support for NATO and defense in general. And the problem is that people don’t really realize, I believe, what the risk of not doing that is. So we need to – we are working very actively in Norway on that, and with good result, I would say. We have very good support.

On Afghanistan, I fully agree with the ambassador here. And when we decided already in 2001, in the autumn, to send special forces to Afghanistan, full support from all political parties. I think the credibility of NATO as an organization and of the bilateral trans-Atlantic relationship – it was not NATO who actually did the first operations there – I think it proved quite effective.

But of course the truth is also that there is a limitation as to what you can do with military force. We have seen that in Afghanistan, even in Libya. And I think we have to be very clear we can’t just throw military forces at the problem. We need to think – to create a strategy where military component is only a part of it, a comprehensive approach, if you like. And I think that we have done now a tremendous effort in Afghanistan for 12 years or so. Fifty countries are engaged there now. I do not think that this will undermine NATO’s credibility as it is, but there is a limitation as to what you can do with military force in a place like Afghanistan.

MR. WILSON: Thank you. Very important point.

Jay, wrap up here.

MR. HEALEY: Thank you.

First to Harlan’s point on the – I like the collective defense because I keep trying to make the point, at least on cyber, we don’t have to think about this as differently as we’ve been led to expect, and that the – you know, because cyberconflicts are not that fundamentally different from other kinds of conflicts. So I would – I would like to see as little change as possible because I think we make it more confusing the more we try and think of it as different.

For CSFI, I think it’s a great plan. And I think the United States has certainly created the perception right now that we’re an exporter of insecurity into the Internet rather than exporter of security, which is how we like to think of ourselves and how our policies are. I mean, I can imagine it would be very difficult, if you are any other country and you were going to have American exporters – I mean American experts come in to help you set up a cybercommand or set up your cyber systems, I think it would be reasonable for many countries to be doubtful about inviting us in – hey, we’re just going to bring in the NSA cyber-experts to help configure these systems – which a year ago might have made a lot of sense, and nowadays would be much more difficult. So I think this is going to hurt us in a lot of ways.

There are at least three things that we can do. One is to continue to encourage regional groupings. I’ve heard a lot of great things that are happening among Nordic countries that have now set up. They can share classified information between the cyberdefenders in each of the countries. Things like that, I think, will be very useful. We could see that in Visegrad countries and others.

Second, I think there’s much more that we could do on pooling and sharing. I suspect that amongst the ally nations we have got 28 separate contracts with Microsoft, we’ve got 28 separate training houses to teach the same underlying standards in how to run Microsoft desktops and Cisco routers. We’re largely using the same gear, the same standards, the same – the same software. I suspect we could a lot more pooling and sharing.

For example, look at monitoring. Right now I bet every country monitors their own military networks. You could find great ways to say, OK, what countries can we just share, and we’ll just have one monitoring center for several different countries. Yes, it could be difficult, but we’ve got ally nations that are sharing navies, right? So this should be easier than that.

Last, the real capability for defense in all of our countries, even the United States, is not the military, it’s the private sector. It’s going to be – they’re the ones that are going to be winning or losing. They’re the ones that have the bulk of the capability to defend. And a lot of the issues that we worry about – for example, sharing threat data, sharing vulnerability data – you don’t have to spend two years to come up with an agreement with the United States on that. You can take your credit card and you can go to Symantec or McAfee or other – these countries, and you can just buy the capability, and it’s pretty reasonable.

So there’s a lot of stuff that we can do just by – increasing within the countries by just buying the capability that we need rather than trying to recreate it within the alliance, within national militaries.

MR. WILSON: Thank you, Jay. Let me pick up another round of questions. Let me start with Ambassador Marina here in the front, and then I saw a hand in the back early on, Isabelle, we’ll come over here as well. Please.

Q: Thank you, Damon. First of all, I would like – my name is Marina Kaljurand, and I’m Estonian ambassador. First of all, I would like to thank all the panelists for your excellent remarks and very good discussion. And as Estonian ambassador, perhaps I’m supposed to react on two words, cyber and Russia. So I’m not going to disappoint you, but only partly. (Laughter.) I will react on the word cyber.

It was extremely good to hear that almost all panelists in one form or another mentioned cyber. And my comment is that, first of all, we have Cyber Center of Excellence that could be used in much better way than it is used today. It’s good, it’s efficient, but it could be used even better. And another thing is that at least my government is proposing very concrete facilities for cyber-exercises and cybertraining that we also need to do in the context of NATO.

And my question to the panelists is, taking into account that the next summit, 2014, will be 10 years after expansion of NATO, what we consider being a successful expansion, what should be the message in 2014 to those countries who are either waiting for MAP or full membership? What should be the message of NATO?

MR. WILSON: Terrific. And let me pick up the question in the far back and then come up here to Isabelle.

Q: Thank you. I’m Stanley Kober. I’m looking at an article in today’s Guardian of London. It’s about young men from Turkey going to Syria to fight. Hundreds are thought to have been recruited by units affiliated to al-Qaida. A father of one of these young men goes there to get his son back, and he is confronted by one of these commanders. They are here to be martyred, he’s told; they will be rewarded in paradise.

A few days ago, maybe a couple weeks ago now, Turkish President Mr. Gul said, Afghanistan may be coming to the Mediterranean – referring to Syria. This is happening in Turkey, a NATO member.

We have been discussing deterrence. How do you deter people who want to be martyred?

MR. WILSON: Good question. Afghanistan to the Med.

Let me come up here to Isabelle Francois. Sorry, I think we have our mics running, so you’re about to – .

Q: Thank you. Isabelle Francois, senior fellow at the Atlantic Council’s Scowcroft Center. My question is perhaps more directed to Svein, and it has to do with level of ambition. And I would agree that indeed we need to look at this level of ambition for credibility’s sake if nothing else. But my question to you is, if you rein down, if you lower the level of ambition, how do you actually maintain the effort and the push that has been our guidance for so long on capabilities? You know, would you expect that nations will continue to make that effort if NATO’s level of ambition goes down?

Thank you.

MR. WILSON: Good question. And then let me pick you right here on the aisle, please. Thank you.

Q: Thank you. My name is Trine Flockhart. I’m from the Atlantic – Transatlantic Academy – sorry. I’m usually at the Danish Institute for International Studies.

I would agree that deterrence is not an outdated concept, but I think in NATO there’s a tendency to think about deterrence in outdated ways. And perhaps the clearest example of that is the – to put it bluntly, the retardation that NATO has to think and speak sensibly about deterrence and defense outside the box. I think that was especially clear during the Deterrence and Defense Posture Review, that was closed surreptitiously and brought to an end in the Chicago summit last year.

So I suppose my question is – and I completely agree with the point made by Frederick Kempe at the beginning – that as NATO moves towards this inflection point, it is utterly imperative that NATO is able to think out of the box and to talk openly out of the box about how to approach deterrence in a new security environment. But my question is – and there are so many people here who have direct input into NATO – how do we actually overcome those political obstacles to make NATO an organization that can talk about these issues in a sensible way that actually can lead to the change that is necessary?

Thank you.

MR. WILSON: Terrific. Thank you. So I take it you were disappointed in the ambition of the Defense and Deterrence Posture Review. We might hear a little bit of that –

Q: Very much so.

MR. WILSON: – with Ambassador Daalder, who has now arrived and joined us.

So let me come back to the panel. We’ve got a medley of questions, if you will, that span from open door, to the use of the Cyber Center of Excellence, to the deterrence of an Afghanistan on the Mediterranean, to the DDPR.

Svein, maybe I start with you on this, and if you want to pick up the free fall in capabilities that Isabelle asked about.

MR. EFJESTAD: Yes, thank you. I’ll try to answer that. I think that the level of ambition needs to be changed, not necessarily reduced, but there are other ways of formulating it. Because if you maintain the guidance to have six-plus-two operations, you also ask for tremendous command-and-control apparatus. And sometimes I wonder whether we have too much focus on that and too little focus on the actually forces to go into it. We have seven corps commands in NATO, multinational corps commands, none of which are U.S., by the way. And of course, if you will go into a serious operation, we would certainly like the U.S.to be – to be there at the top. That’s just one example of what I’m alluding to.

I think the planning needs to be totally changed, in my view, because we have to take into account that there are national requirements, too. We have national requirements. We cannot put all our resources to the NATO level of ambition and NATO requirements. We need to focus NATO’s force planning on what is the critical shortages and to create that. And what we see in practice is that a lot of countries are cutting big structures out of their forces without any consultation whatsoever. So this is not a process where you can optimize contributions from all countries to field that level of ambition.

I’m not sure I answered your question, but I think we can formulate this in a better way without losing the need for countries to contribute.

MR. WILSON: Terrific.

Stefano, let me turn to you. The issue in particular – you pick up on what you’d like, but in particular, how do you deter those that are going now to Syria to be martyred, this idea you end up having Afghanistan on the Mediterranean? How does this fit into the concept of deterrence we’ve been talking about?

MR. STEFANINI: I think, you know, we have to be honest with ourselves, in the sense that there are things we cannot do, possibly. We’re not going to deter would-be martyrs. There are things that can be done a bit. On this specific point, you know, young people, middle-aged people who go from Europe, from wherever, to fight with al-Qaida, possibly more could be done in terms of homeland security.

You know, just an example. I mean, there is a track record of British – of Pakistani origin but with British passport and nationality going to Pakistan and Afghanistan. Pakistan requires visa for non-citizens even if they were originally – Pakistan does not recognize your nationality, so these are just British and they need a visa to travel to Pakistan. It – that can be monitored and possibly – and there are many, many examples like that, but we enter in an era which is more homeland security than purely military.

But that goes back to the point which I made, and I certainly agree that deterrence needs to be updated. That’s why I said it cannot be military only, it has to be – it does involve intelligence, economic, political and homeland security; all of the above. And since NATO cannot do everything, that will require NATO to work closely with nations and other organizations in such a way that each one does his own job, but there is coordination.

I think in the U.S., you face domestically the same problem of intelligence coordination and secure – and homeland security.

MR. WILSON: So Barry, let me bring you in on this because I think – I think you and Matt perhaps did a piece, as you mentioned, on deterring individuals in these circumstances. So pick up on that as well as the concern from our Danish colleague about perhaps a lack of creativity in NATO’s work on deterrence and defense posture within the alliance structures right now. Is it capable of taking this next step?

MR. PAVEL: Maybe I’ll take the easier one first, which is deterring terrorists. I think there are sort of two basic answers to that question, and as I said, we wrote a piece in the Washington Quarterly, deterring terrorists, that can easily be looked up. And there was a chapter about this work when I was in the government in the – in a book by Eric Schmidt and Thom Shanker called “Counterstrike,” which gives you some of the more, you know, juicier backroom details.

But the essence of deterrence is to hold something at risk of the – that the person or that the organization or the leadership values, and you do that through two things. You threaten some sort of retaliation in response and you try to raise the costs or raise the defenses a priori because no terrorist, no terrorist organization wants to suffer a failed attempted. So they’ll – it’ll either dissuade them from trying or it’ll raise the cost to a point that they’re not willing to try it.

But even a martyr – and this is – this is obviously a level of difficulty that we’re not as nuanced as a – as a government or as an alliance yet, but even a martyr values something. Some martyrs value how they die. You know, if they die in a bus or, you know, with certain foodstuffs that are not considered helpful for getting them to heaven, they’re not going to do it. The Saudis used to go to the families of would-be terrorists and say if you don’t stop this activity that’s being prepared, then we will, and we’ll take it out on the family. So some terrorists value their families.

And there’s also different types of actors in a terrorist network. There are the foot soldiers and there are martyrs, but there’s also financiers, there’s logistics, there’s command-and-control and others and they’re – they all value different types of things and they’re not all committed at the risk of their lives. And so another way to deter terrorist networks is to, you know, continue to press legal proceedings against sponsors, against state sponsors of terrorist activities, as is still going on with the 9/11 – with the 9/11 hijackers. And that’s sort of the essence of the framework that was actually used in the Pentagon and the U.S. government about seven, eight years ago to try to make some progress against al-Qaida. And it is not only a military effort, it’s a broad-based effort that requires various arms of government.

But on the question of Syria in particular, you know, we ultimately need to try to dry up the sources of disaffection and alienation that lead to extremism, and you have to look at the West’s record of activity – or I should say non-activity – regarding Syria. And we’re actually creating more terrorists by the policy that we are choosing, which is basically let it burn and try to stay away and try to stay disengaged.

I’m being very frank here because I think it’s an extremely serious problem. I was told by a senior intelligence official within the last couple of months that Syria now is jihadi destination number one and that the flow of jihadis into Syria is much greater than the peak of jihadis going into Iraq, I believe that was in 2007. And so we are really creating more terrorists by our policy of relative disengagement in Syria that we’re following, and it’s a very, very important question that we should be attentive to.

MR. WILSON: Thank you, Barry. Jay, do you want to pick up at all on the Center of Excellence’s role in –

MR. HEALEY: Yeah. Without a doubt, I mean, I think we can use CCDCOE better. It’s – I think it’s done some fantastic work, but it hasn’t been fantastic work that I think the Alliance has really – has really recognized or embraced, so I would be – I would be hopeful that in the ways forward and coming out of 2014, I think the members could fund some of the things that are more useful to the central debates that are going on.

The next CCDCOE conference is going to be on active defense. It’s a fascinating concept. I think there’s a lot of things that can be interesting. NATO is years and years and years away from anything relating to active defense, I think, so I think we can do better to make that connection, and it’s really going to be up to members.

And I think that we can tie this in to the – to the ambition question, which I think is really central. Because I’ll tell you, I’d be – I’m pretty happy with a lack of ambition with NATO on cyber issues. I’m almost even ecstatic about it because I think the opportunities to get it wrong in a very flashy and expensive way that sends money down the drain so that we can cut ribbons or call a success is the much larger danger that I’m worried about, and that we’re not going to make progress and we’re going to – and we’re going to waste a lot of really limited resources.

My main ambition is that we stop thinking about the cyber as a technological issue – or primarily as a technological issue. Great. We – you know, the techies have a lot that they have to worry about and we should let that happen, but let’s separate that away from the warfare – the warfare issues.

There’s a couple of things that I think we can do going in for the 2014 summit. First, as you can guess, I am very happy with the status quo. If we just come out of the British – the UK summit and just saying let’s stay with our commitments to worry about our defense within NATO defenses and let’s have that as the primary thing that we keep our focus on, I think that’s a win. I know some of the – some of the other countries would not be happy with that, but there’s a few other things that we could do.

I think a focus on Article 5 – for example, having a military staff or having think tanks get together to say what kinds of things get us into Article 5, and more importantly, what we do what – once we’re there. Right now, it’s difficult to imagine how we get there or what we would because we’re in fog. Things are very gray right now. It’s difficult to see where the lines are. This has been my advice to the Department of Defense also.

Imagine in a world – even as a thought experiment – where we’re in a real cyber war. Take it just as a thought experiment. We’ve got smoking holes in the ground, many, many, many people dead. Neither side has been willing to escalate to kinetic weapons yet. What would NATO be doing in that place for Article 5? Forget about RRTs and the things that we do now, we’re really in a place with dead people and we know which country is responsible. What are we going to do at that point?

This is going to be difficult at the political level to do, so again, I think it’s better to do a military planning staff or think tanks and think through that and then see how far down that clarity goes, how far down the spectrum of conflict that clarity can extend.

I also think a focus on Article 5 will change the way that we do warning. Right now, a lot of the warning that we do out of the NATO technical capability or the ESCD is still focused on the ones and zeroes and we should be looking at the cyber aspects of the real geopolitical conflicts that will – that might get us to an Article 5.

We talked about a cyberplanning group. I think that’s very achievable and – even with modest levels of ambition. I think pooling and sharing we can do under a modest level of ambition that will be really helpful. I will be the first one to propose that the NATO Monitoring Center for Military Members to come – for member nations to come together should be in Tartu. Why don’t we just – we could just put it right out there.

And last, I think there’s a lot of things that we can do under a very modest level of ambition to say what we do beyond rapid reaction teams. So right now, in cyber, the main answer is well, we’ll help deploy a handful of techies to go to the country. That’s most a show of political – that’s mostly a political show. There’s a lot more that we can do. As someone that’s had to run incidents – I was the vice chairman of the Financial Services ISAC, running this for the finance sector altogether.

Sometimes, you just needed a major or a senior NCO to help take notes or to be a project manager. Sometimes, you just need technical capability or satellite phones. Sometimes, you just need – and there’s a long list of things that you need beyond a handful of people that can help with forensics. There’s a lot more we can do on getting beyond RRTs at a very modest level of ambition.

MR. WILSON: Thank you, Jay. We may have some folks that want to challenge your level of ambition for the Cyber Summit. I’m going to take one last round of comments.

Madam Ambassador, you also mentioned Open Door. We aren’t drilling down on that today, but we are looking towards, as you mentioned, the anniversaries next April, and we have a whole line of programming and we’ll talk to you about – just as the EU is headed towards its eastern partnership and thinking about the next challenges in the European integration. That narrative, that story has to have a place as the alliance plays out as well at its summit next year.

Let me pick up just a final round with my eye on the clock. I had Matt, Batu and these two right here. And try to keep them tight, and we’ll come back to the panel to wrap up. Please.

Q: Great. Matthew Kroenig, a new nonresident senior fellow at the Scowcroft Center at the Atlantic Council. And my question is for Jason Healey.

You made the interesting point that the fact that there hasn’t been a major cyberattack by a great power against another great power suggests that there’s some element of cyber deterrence at work or at least restraint. And it’s an interesting point, but it gets to kind of the classic problem of assessing the effectiveness of deterrence, which is that if an attack doesn’t occur, is the adversary deterred or did he just not have the intent to conduct an attack in the first place. So I was hoping you could say a little bit more about why you think it’s deterrence and not just that great powers haven’t had the reason to attack and then the attack might just be right around the corner.

MR. WILSON: Thank you Matt. Please, Batu – Ambassador Kutelia.

Q: Thank you. Batu Kutelia, McCain Institute, and I’m from Georgia.

First of all, I would like to now thank Estonian ambassador for asking question about the future of NATO in terms of its enlargement and open door policy. My question is on cyber aspect of the future potential conflict, and I fully share your opinion that the source of the conflict is the one, and the reflection is either cyber or conventional.

But my question is what should be the correlation between, let’s say, the size and the scope of the response and also the asymmetry of the response. While in terms of the – responding to the cyberattack, those who are attackers in most of the case are not vulnerable toward the reciprocal cyberattack, they are more vulnerable to the conventional one, so – or responses. So what are potentially considered as boundaries of the asymmetry of this response?

MR. WILSON: Thank you. Let me take the last two questions right here. And if you could be brief, I would appreciate that. Thank you.

Q: Hi, I’m Joseph Wolfsheimer. For 25 years, I worked in NATO and SHAPE – first at the SHAPE Technical Center working on command-and-control and SATCOM systems and then I was at SHAPE helping with nuclear planning and with – helping support the Nuclear Planning Group’s staff group and the HLG which some of you are familiar with.

I noted that my – since I had both feets – both feet – I have had one foot in the computer world and one foot in the consultation world, that in terms of the Nuclear Planning Group, that group over time, with the consultation mechanisms that they’ve set up, created a mechanism for diplomats to understand military planning considerations and for the military planners to understand diplomatic considerations.

I see with the two groups that I work with, computer folks and diplomats, that there is a sort of a gorge between the two that’s not been filled. The technicians don’t understand the consultation considerations and the diplomats don’t always understand the other side. Last year, I think in CMX, NATO had a little bit of a cyberplay. How can we look – work this going forward so that we get to the same level of co-understanding that we have in the military world?

MR. WILSON: Thank you.

Q: Sorry to have been so long.

MR. WILSON: The final question please?

Q: Thanks, Damon. Steve Shapiro, a Atlantic Council member. I want to just push back a little on Jason’s comment that it’s the techies on one side and the warfighting on the other side and use that to get to Barry’s point, which I think is probably – from my perspective, the major point of the – of the day or of the panel.

In a meeting I had in the end of ’11 with the Latvian presidential cyber team, it was disclosed to my – to my group that the major cyber problem Latvia faced at that moment was not warfighting problems, but in fact that most every operating system by – owned by civilians throughout the country was purchased on the black market.

And the black market, of course, was produced in the east, and as a result, it was estimated in December of ’11 that 80 percent of personal computers in Latvia were infected with Botnets controlled by some mysterious third party. So the idea that the techies and the warfighting are totally separate in this regard, I think, need to be blended because, of course, Latvia viewed that as a major national security threat, including, by the way, one of the presidential team’s own PCs. He bought his system on the black market, which leads – and it was an expense issue.

And shortly after our visit, word got back to Microsoft, and suddenly, Windows’ price dropped, so that was an interesting thing. And then that, I think, implicates the whole concept of out-of-the-box thinking. What is defense? What is an attack? And Barry’s comments about attacks or threats to security, including everything from political funding to real estate attacks to demographic attacks, et cetera, I think – I sadly didn’t hear the Europeans pick up on those as their versions of threats to security. So that’s my comment.

MR. WILSON: Thank you. Thank you, Steve. With that onslaught, let me start with you, and if others would like to comment on that, we will. And why don’t we use this to wrap up this session as the clock is running.

MR. HEALEY: Matt, great question. I’m just trying to get us to ask the right question because a lot of times, we just jump to this theoretical or technical facts of saying deterrence is this, that or the other. I want us to zoom in and explain this question: if countries have had capabilities to affect one another for over 20 years and we’ve been vulnerable for at least 20 years, what explains this fact?

So let’s start this from our traditional international relations, traditional national securities to take this fact because I’m so tired of hearing people say, oh, this is all anonymous, you can never trace it back, deterrence is impossible, which is – which is ivory tower theory combined with technical looking at the ones and zeroes. So I want to – I want to start from that – from that point. To me, it’s clear. I’m waiting for someone to explain this vulnerability and capability and take it from that part.

Two, on the asymmetry, it’s a great question, and I think because we make it – a lot of the cyber people are trying to – those of us that do cyber defense, a lot of us want to just terrorize our political leadership about how bad things are today. Things are so bad right now, you have to be really, really, really scared that we’ve really confused a lot of the issue about how bad things could actually become in the future. So again, that’s why I want to separate these things that could be clearly Article 5 and let’s treat those separately, and then the issues that are really been bothering us day-to-day and have gotten us to this point.

So for example, for Estonia, I – you know, to me, we were well away from Article 5 on that. If I had been at the White House during that point, I would have told the president ignore all of the other countries, some of the attacks are coming from the U.S. We’ve got to stop those. But Russia’s the country really responsible here. Let’s pick up the phone, let’s call Mr. Putin, tell him that here’s what we’re going to do. We’re going to – we’re going to tell Cyber Command to start military – or JFCC NW to start military planning for counterstrikes. We’re going to ask the NATO Sec-Gen to start making similar calls.

We’ll start an additional – there’s all sorts of stuff that you can do that are below the level of Article 5 that can start putting on military, diplomatic, political pressure that stays within these asymmetries. You know, cancelling visas. I mean, we’ve got so many other elements of state power that we could use if we can just get ourselves out of this technical bit.

The – I think cyber exercises help encourage – or at least, when I was in the military – help encourage this view of worrying about the technical bit. So many exercises seem – that I’ve been part of seem to get us into this. You can’t tell who it is and it’s happening speed-of-light aspect that make it more difficult that I think we tend to always jump to the most difficult scenarios. I would love that we exercise simple scenarios. We know who it is, it’s part of – we’ve got warning about this and we start solving the simple issues and then start solving the most difficult issues and using the exercises for that.

And last, when we – a couple of years ago, I got asked to write about non-states’ role in cyberconflict. And when we talk about non-states, we almost all tend to say yes, isn’t it terrible how much capability that they have to do harm. You know, getting to our work with Global Trends 2030, super power and individuals, diffusion of power. Yes, it’s terrible how these – this – these non-states can do bad, bad things.

But that jumps on the worst part of it. The non-states can also be there for the defense. They can also be there to help solve the problems, and frankly, they’re the ones with the agility, the flexibility. They have their hands deep in cyberspace to help fix those problems. So a lot of our solutions are going to be relying on the private sector. That’s going to be difficult for governments to do.

MR. WILSON: Terrific. I love the way that round of questions took Jay from advocating the status quo to – (laughter) – escalation. A quick comment to close Svein.

MR. EFJESTAD: Yes, I’ll just say that when we played in a – in a crisis management exercise in NATO for the cyber, we had the problem that we didn’t really have a catalog of options that we could present to the political – politicians because the politicians needs also to be explained what are the implications of the different courses of action. Now we have done that, and that, at least gives us a tool to work with when and if a crisis arises. Thank you.

MR. WILSON: Terrific. Let me take that and I’m going to – I’m going to wrap up, I think, right there just with the interest of time.

Svein just captured the essence of what we’re trying to do today. How do you adapt concepts of deterrence to the new reality, this historic inflection point that we began the conversation with today? And in many respects, as we’ve heard, NATO is premised on deterrence, it’s premised on protection of its members’ collective defense.

But just as recent history as taught the alliance to defend itself, to deter that it actually means it has to operate far from Europe in many cases, I think part of what we’re trying to get at today and what we started, I think, very effectively on this panel, is exploring how these new global shifts, these new actors, these new tools, disruptive technology, how the alliance adapts both its concepts but its tools to ensure its deterrence and collective defense going forward.

So please join me in thanking this terrific group of panelists for an insightful conversation. (Applause.) Recognizing that we’re on military time with so many uniforms in the audience, we’re inviting you to – yourself to help yourself to a box lunch in the main lobby here. We’ll take about 30 minutes, try to re-convene sharply at noon with Ambassador Ivo Daalder, who has now joined us from Chicago. Welcome.


Related Experts: Harlan Ullman