So the real question is whether or not a cyber attack would constitute an attack invoking Article 5...Given attacks on computer networks in Estonia, Georgia, Latvia and Lithuania in the past several years, the definition of protections for NATO members should be expanded, the NATO Supreme Allied Commander Europe said Feb. 2.
The likelihood that the next conflict will start with a cyber attack rather than a physical attack highlights the importance of changing the treaty's definitions, Adm. James Stavridis said at the Armed Forces Communications and Electronics Association conference.
Article 5 of the NATO alliance says that an attack on any member will be considered an attack on all NATO members. But the definition of what constitutes an attack doesn't include cyber warfare, which didn't exist when the alliance was formed. NATO nations will have to work together to deflect and combat cyber attacks, and those relationships will be complex and difficult, he said.
"Every nation has its own law enforcement, its own approach to privacy, its own system and mores, its own networks, its own technologies," said Stavridis, also head of U.S. European Command. "I am working very hard to encourage the alliance, in my role as Supreme Allied Commander … to grapple with these hard issues in cyber.
"In NATO … we need to talk about what defines an attack. In a country like Estonia, Latvia, Lithuania, all NATO members, what defines an attack? I believe it is more likely that an attack will come not off a bomb rack on an aircraft, but as electrons moving down a fiber optic cable. So this is a very real and germane part of this challenge that we face in the cyber war."
NATO has taken the first step toward making cyber warfare combat an international effort by standing up the Cooperative Cyber Defence Center of Excellence in 2008 in Estonia, but facing cyber threats will require cooperation among U.S. government agencies, and between governments and industry as well, Stavridis said.
What do you guys think? And just 'cuz you can vote for more than one doesn't mean you get to vote "yes" and "no"...
By: Brant
I think Article 5 of the NATO Charter should apply in the case of cyber attack. However, we have to take care in defining the spectrum of cyber attacks, which can range from pranks/vandalism and economically-motivated criminality to espionage and attacks causing physical injuries, death, and damage.
ReplyDeleteI think some of the threshold criteria for an act of cyberwar should include:
1) Physical damage.
2) Physical injuries.
3) Disruption of critical infrastructure such as utilities or transportation.
4) Conducted with the support of the host government -or- non-cooperation of the host government in prosecution of the perpetrators.
There may be a policy document lurking out there that addresses this. Anyone have any insights?
As an aside, I'm skeptical about abstract economic damages (loss of revenue, etc.), in part because I would not put it past a CEO to tell Wall Street, "We would've made our earnings goals this quarter but some Russian teenager hacked our Web site and cost us eleventy billion dollars." I would only consider these more abstract economic impacts to be cyber-war if the attacks were part of a consistent pattern rather than one-off events.
What? You mean the titans of industry might manufacture a war out of a flimsy bit of evidence? What to you think this is, 1898?
ReplyDelete