NATO Secretary General Jens Stoltenberg has said a cyber attack on a single member state could constitute an attack on all 29 members.
The announcement effectively incorporates cyber security into Article 5 of the NATO founding treaty, a "collective defence commitment" which compels all members to come to the defence of one or more countries threatened by external powers.
"We have designated cyberspace a domain in which NATO will operate and defend itself as effectively as it does in the air, on land, and at sea," Stoltenberg said, in an article featured in Prospect Magazine. "This means we will deter and defend against any aggression towards allies, whether it takes place in the physical world or the virtual one."
"The more information we have, the more prepared we are," he added. "By working with the European Union, strengthening the ways in which we share information, train, educate, and conduct exercises together, we will ensure that we have the most robust tools possible for responding to the growing cyberthreat."
Stoltenberg cited the WannaCry attack in 2017, which affected NHS hospitals and public sector bodies across the UK, as an example of a major cyber attack that would prompt coordinated action from NATO members.
This is the second time NATO has said it would incorporate cyber security into the treaty, having first announced plans back in 2014. However, little has been done to date to formalise the motion, and Article 5 was not triggered during the WannaCry incident.
The proposed change would largely formalise a response model based on existing examples of countries cooperating to fight cyber attacks. Specifically, Stoltenberg mentions recent joint efforts by the Netherlands and the UK in October 2018 to foil an attack by Russia on the Hague's chemical weapons research group.
NATO also operates its own Cyber Coalition, a programme that features some of the largest cyber defence exercises in the world.
Article 5 of the NATO treaty has not been triggered since the 9/11 terrorist attacks against US targets in 2001.
Complicated nature of cyber warfare
Although it makes sense to bring Nato's defence capabilities in line with modern threats, the murky world of cyber warfare will almost certainly create problems for the organisation.
As a military alliance, NATO exists to protect its members from the actions of aggressive states or paramilitary groups, protections that now include cyber. However, if cyber warfare in the 21st century has taught us anything, it's that it's almost impossible to attribute blame. Most attacks are coordinated by anonymous hacking groups and only rarely do we get information that could potentially tie one group to a state's government.
What's also unclear is how NATO will define a major cyber attack in the future, and how big it needs to be to merit a coordinated response. The WannaCry attack cited was perhaps one of the most disruptive cases of ransomware we have seen to date, affecting over 200,000 computer systems worldwide yet comparatively speaking we have seen few attacks of that scale since. If that is indeed the threshold, Article 5 may only be triggered in very rare circumstances.
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
