LISTEN TO TLR’S LATEST PODCAST:
By Russ Read
The North Atlantic Treaty Organization would consider a large enough cyber attack against one member an attack on them all, according to NATO officials.
A persistent and devastating attack could trigger what is known as Article 5, NATO’s collective defense measure, the officials told delegates at the International Conference on Cyber Conflict (CyCon) in Estonia Wednesday, according to Defense News. The invocation of Article 5 could theoretically cause the alliance to go to war in defense of a member state.
“Although many of the cyberattacks that we see fall below a level in their seriousness that could trigger NATO’s Article 5, it is plausible that a cyberspace event of great magnitude could take place that might lead to the triggering of Article 5 in special circumstances,” said Catherine Lotrionte, director of Georgetown University’s CyberProject.
The attack would have to be much more dangerous than propaganda or social media activities, she added, but invoking Article 5 is still a “real possibility.”
Estonia fell victim to one of the most destructive cyberattacks in modern history in 2007. The coordinated distributed denial of service, or “DDoS,” attacks caused massive outages in infrastructure, banks and military computer networks. Estonian officials blamed Russia for the attacks. The two countries were engaged in a disagreement over the relocation of a Soviet-era statue at the time.
NATO created a new manual on how international laws apply to cyber warfare in response to the attacks.
NATO’s response today would be much more offensive, according to Brig. Gen. Christos Athanasiadis, the assistant chief of staff cyber at NATO’s Supreme Headquarters Allied Power Europe. He acknowledged that Article 5 could be invoked in the event of a cyber warfare against a member state.
“We would have rules of engagement. There would be a strong cyber or conventional response if what happened to Estonia were to take place now,” he said. “We want to develop a strong early-warning capability. We must develop capacities that also serve as a deterrent to aggressors out there.”
Athanasiadis’ comments come at a time when policymakers in the West are attempting to both secure themselves in the cyber domain and update existing policies to address it. Russian cyber attacks have been a chief concern in recent months, specifically regarding potential meddling in the U.S. presidential election last year. That said, China, Iran and several non-state actors have also posed a cyber threat to NATO members in recent years.