WannaCry-style cyber attack could trigger full NATO response, says Secretary General
It marks the second time the military alliance has tried to incorporate cyber threats into the treaty

NATO Secretary General Jens Stoltenberg has said a cyber attack on a single member state could constitute an attack on all 29 members.
The announcement effectively incorporates cyber security into Article 5 of the NATO founding treaty, a "collective defence commitment" which compels all members to come to the defence of one or more countries threatened by external powers.
"We have designated cyberspace a domain in which NATO will operate and defend itself as effectively as it does in the air, on land, and at sea," Stoltenberg said, in an article featured in Prospect Magazine. "This means we will deter and defend against any aggression towards allies, whether it takes place in the physical world or the virtual one."
"The more information we have, the more prepared we are," he added. "By working with the European Union, strengthening the ways in which we share information, train, educate, and conduct exercises together, we will ensure that we have the most robust tools possible for responding to the growing cyberthreat."
Stoltenberg cited the WannaCry attack in 2017, which affected NHS hospitals and public sector bodies across the UK, as an example of a major cyber attack that would prompt coordinated action from NATO members.
This is the second time NATO has said it would incorporate cyber security into the treaty, having first announced plans back in 2014. However, little has been done to date to formalise the motion, and Article 5 was not triggered during the WannaCry incident.
The proposed change would largely formalise a response model based on existing examples of countries cooperating to fight cyber attacks. Specifically, Stoltenberg mentions recent joint efforts by the Netherlands and the UK in October 2018 to foil an attack by Russia on the Hague's chemical weapons research group.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
NATO also operates its own Cyber Coalition, a programme that features some of the largest cyber defence exercises in the world.
Article 5 of the NATO treaty has not been triggered since the 9/11 terrorist attacks against US targets in 2001.
Complicated nature of cyber warfare
Although it makes sense to bring Nato's defence capabilities in line with modern threats, the murky world of cyber warfare will almost certainly create problems for the organisation.
As a military alliance, NATO exists to protect its members from the actions of aggressive states or paramilitary groups, protections that now include cyber. However, if cyber warfare in the 21st century has taught us anything, it's that it's almost impossible to attribute blame. Most attacks are coordinated by anonymous hacking groups and only rarely do we get information that could potentially tie one group to a state's government.
What's also unclear is how NATO will define a major cyber attack in the future, and how big it needs to be to merit a coordinated response. The WannaCry attack cited was perhaps one of the most disruptive cases of ransomware we have seen to date, affecting over 200,000 computer systems worldwide yet comparatively speaking we have seen few attacks of that scale since. If that is indeed the threshold, Article 5 may only be triggered in very rare circumstances.
Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs