The increasing threats from hackers and cyber-criminals has finally been put on the top of the NATO agenda, as the 10 years old strategic concept is about to be replaced with a new transatlantic command structure at the NATO summit in Lisbon on 19th and 20th of November.
“Active cyber-defense is a very sensitive topic. Many experts have brought it up, that in order to have defense, you need some offense as well.”
The new document is to replace a 10-year-old strategy paper written before the internet age and before France joined the transatlantic alliance’s command structure. The office of NATO secretary general, Anders Fogh Rasmussen, drafted the new Strategic Concept and distributed it to the 28 member countries last week.
In addition, the 28 allied counties have to deal with the French opposition to a joint nuclear strategy.
The new NATO “Strategic Concept,” has to be adopted by the representatives in consensus.
“Active cyber-defense is a very sensitive topic. Many experts have brought it up, that in order to have defense, you need some offense as well. I would be very surprised if NATO will find consensus to include it,” a diplomat from one of the Baltic states says.
Cyber-attacks is outlined as a growing threat, and NATO will have to be “adaptable and flexible” in its capacity to react is a likely compromise, the draft paper says.
Following attacks in 2008 on its classified military network, the Pentagon established a new cyber-command, making “active cyber-defense” one of its policy pillars, according to US deputy secretary of defense, Mr. William J. Lynn.
The US cyber-command goes beyond the passive “Maginot Line” mentality of the past, he explains.
Passive defense systems are sufficient to meet 80 percent of attacks, but the other 20 percent need active systems, such as sensors that operate at network speed to detect and block intrusions.
At the heart of the Pentagon’s new cyber-policy lies the recognition that military networks cannot be safe unless other critical infrastructures, such as power grids and financial networks, are protected.
Stuxnet; Made In USA?
The US is itself suspected of having created Stuxnet, a computer worm that cane be introduced via USB sticks into industrial plants and used to sabotage operations, including in nuclear facilities.
Over 60 percent of reported Stuxnet cases are in Iran.
Against this background, Mr. Lynn in September called for “collective defense” – the core principle of the alliance – to be applied to computer networks:
“The Cold War concepts of shared warning apply in the 21st century to cyber-security. Just as our air defenses, our missile-defenses have been linked so too do our cyber-defenses need to be linked as well,” he said.
European allies are keen to protect themselves against Estonia-type cyber-strikes (which saw bank and government websites paralyzed in 2007).
But they are showing little appetite for US-model, “pre-emptive cyber-strikes,” on hostile countries or organizations.
A group of experts, chaired by former US secretary of state Madeleine Albright and tasked by Mr. Fogh Rasmussen, recently did a report on the new NATO strategy, but was rather cautious on the subject.
“Over time, NATO should plan to mount a fully adequate array of cyber-defense capabilities, including passive and active elements,” the report, published in May, says.
It underlined the need for NATO to co-operate better with the EU, as this could be “helpful in addressing unconventional threats such as terrorism, cyber-attacks, and energy vulnerabilities.”
A bolder move in the report is suggesting to give Mr. Fogh Rasmussen, or NATO generals a “pre-delegated authority” to respond in emergencies “such as a missile or cyber attack.”
But the idea is unlikely to fly, diplomatic sources says.
Another contentious area is that of common nuclear planning.
This has turned into a balancing act between the Washington-led drive for nuclear disarmament, and at the same time keeping nuclear warheads in Europe as a deterrent to hostile countries.
France, which re-joined NATO’s military structures in 2009 after staying out for over 40 years, is legally bound by its constitution have exclusive sovereign power over its nuclear arsenal. And the French has opted out of a Rasmussen-chaired nuclear planning group, in which the alliance is looking at ways to reduce NATO’s reliance on atomic weapons.
“Anything on nuclear policy will have to be agreed with France. There is no consensus over this at the moment,” one NATO source told the EUobserver.com.
Meanwhile, the NATO-Russia relations – normally a hot topic between the alliance’s older and newer members – seems to have slipped into the background of the strategic concept discussions.
NATO froze relations with Moscow for six months after the Georgia war in 2008 only to restart them again – even though Russian troops are still stationed in Georgia’s separatist regions in violation of a ceasefire agreement.
Tbilisi has filed for NATO membership, but the prospect, confirmed at a NATO summit in 2008, remains distant.
“There is a sense that nothing will move in the foreseeable future on Georgia,” the NATO source says.
Related by the Econotwist’s:
- Pentagon says global cyber war is just beginning (taragana.com)
- NATO Document Addresses Nuclear Disarmament (nytimes.com)
- A NATO Cyber Alliance | Defense Tech (defensetech.org)
- Cyber Attacks Test U.S., Allies and Foes (online.wsj.com)
- Special report: The Pentagon’s new cyber warriors (reuters.com)
- Stuxnet worm brings cyber warfare out of virtual world (canada.com)
- US urges NATO to build ‘cyber shield’ (newsinfo.inquirer.net)
- Why The Pentagon’s ‘Cyber Shield’ Concept Is Hopelessly Flawed (blogs.forbes.com)