The Cyber Siege of NATO

Recent reports indicate that NATO offices around the world are experiencing cyber attacks of increasing frequency and sophistication. Some estimates place the number of serious attacks intercepted by the NATO cyber defence centre in Mons, Belgium at approximately 2,500 in 2012 alone. In order to augment the defence of information systems integral to NATO operations, plans were announced in June to form teams of cyber defence experts who will actively seek to combat hackers.

2

While some security firms have accused the People’s Republic of China of forming military units dedicated solely to launching attacks on the Internet infrastructure of NATO member states and perhaps even on the Alliance itself, it is unclear as to what extent the attacks experienced by NATO thus far can be attributed to state governments. A number of prominent incidents have emerged in which NATO systems were attacked by non-state actors rather than by government agencies. For example, in July 2011, the group Anonymous launched a series of attacks on NATO servers, obtaining and freely sharing a few classified documents. While the material obtained by those individuals claiming to be affiliated with Anonymous was largely procedural and the release of these documents did not tangibly affect any operations, it became necessary for NATO to divert resources to address the intrusion by these hackers and to investigate the subsequent claims made about the attacks by Anonymous affiliates on social media sites like Twitter.

1

If the number of cyber attacks launched by individual hackers or groups like LulzSec increases, not even the creation of cyber defence teams subordinate to the centre in Mons will be sufficient to protect NATO computer systems. An attack by Anonymous hackers can potentially divert NATO resources at a critical moment, thus giving state-sponsored hackers a possible opportunity to take advantage of the situation.

To forestall this siege scenario, it may be necessary for NATO to pursue ambitious public diplomacy initiatives. Aside from some instances of hooliganism, several of the serious attacks carried out by non-state actors have had an explicitly political agenda. The 2011 attack by Anonymous was accompanied by claims that NATO is acting to undermine civil liberties and privacy rights. Clearly, these hackers acted with a severe lack of understanding as to what NATO is and what the capabilities of the Alliance actually are. If one of the most widely shared grievances toward NATO is that it harbours a ‘secret agenda’, the most effective tool for combating cyber attacks may be increased transparency. While traditional media coverage of NATO Summits has been limited in recent years, actively involving bloggers and citizen journalists in some of the proceedings could build trust in NATO and shed light on what the Alliance actually does.

Public education may also have a role to play in this regard. Despite the vital role NATO has played, and continues to play, in world affairs, the Alliance is not always discussed in sufficient detail in the classrooms of various member states. Shedding a light on the activities of this institution as part of civics and history courses in secondary schools could go a long way toward combating conspiracy theories and mistaken assumptions about the Alliance.

About Paul Pryce

Paul Pryce is a Research Analyst at the NATO Association of Canada, supporting the work of the Canadian Armed Forces Program. Holding degrees from the University of Calgary and Tallinn University, he has previously worked in conflict resolution as a diplomatic aide with the OSCE Parliamentary Assembly and as an infantryman in the Canadian Armed Forces. His research interests are diverse and include maritime security, the African Peace and Security Architecture, and NATO-Russia relations.