While the recent NATO summit in Wales was heavily focused on the growing political conflicts between Russia and Ukraine, and the Islamic State in Iraq and Syria (ISIS), member states extended their agenda to include cyber security; an issue which could place the international community in a position of deep vulnerability if future classified government or civilian information becomes compromised. During the summit, it was unanimously agreed that any if member becomes victim of a severe cyber attack, it would automatically lead to Article 5 of the Washington Treaty being invoked, calling upon all member states to come together to assist that member
Speaking at the summit, NATO Secretary General Anders Fogh Rasmussen spoke of the importance of such an initiative, stating that the decision was ‘part of NATO’s core task of collective defense,’ adding that in addition to invoking Article 5, any future cyber attack ‘would be taken by the North American Council on a case-by-case basis.’
Cyber attacks are growing rapidly and becoming a serious threat to international peace and security. Past online security breaches have shocked the world, highlighting just how vulnerable we are to such threats and making it clear that a unified diplomatic agreement on how to counter such attacks cannot be ignored. Following the Wikileaks publication of thousands of classified diplomatic cables, along with the 2013 NSA scandal in which the existence of extensive U.S. government surveillance details were made public, it has become increasingly obvious that no information can be digitally shared or stored without the possibility of its being hacked.
Individuals who claim responsibility for such cyber attacks fall into two camps. There are those like Wikileaks’ founder Julian Assange and NSA whistleblower Edward Snowden, who believe in transparency and who feel that it is their obligation to make sensitive government information available to the entire international community. Others however, want to take advantage of the economic and political rewards that they could achieve from hacking into personal data accounts by holding a government or a corporation hostage. This latter camp could include action by one state to engage in cyber-spying in order to obtain classified state secrets from another country, as China was recently accused of doing by the United States.
The recent iCloud leak, in which nude celebrity photos were compromised and distributed online, have only highlighted how vulnerable we are to such attacks. Extra precaution needs to be taken especially with regards to online banking, credit and debit card chips, and health records stored and shared digitally. Even as world leaders and policymakers have highlighted the importance of being alert and ready in the event of a cyber attack, many key questions remain.
First, what is classified as a ‘severe’ cyber threat? If the past Wikileaks attacks were to have happened today under the new NATO agreement, would it entail article 5 being invoked? Secondly, should such an attack be deemed severe enough to engage all NATO member states in collective defense, how would such a defense be carried out? Would sanctions or force be used as a means of retaliation, or would political exile of the accused hackers be considered appropriate enough as a measure of defense?
Finally, proper defense includes being proactive rather than simply being reactive. At the NATO summit in Wales, the development of cyber defense capabilities was briefly outlined, but lacked clarity on how states will prevent future cyber attacks from erupting. Would all NATO member states undergo the same cyber defense practices and share the same networks and tools used to monitor cyber threats? Or would each state monitor its own cyber risk independently and then call upon its allies when its security has been breached? Answering such questions are critical if the promised NATO’s ‘core task of collective defense’ is to be properly carried out.