Vol.5, no. 04 (april 2015)2

ATLANTIC TREATY ASSOCIATION

Atlantic Voices, Volume 5, Issue 4 1

- Flora Pidoux

The space was once the stake of

international competition as the one who

has the ability to launch missiles far

enough had the power to destroy their

enemy. This discovery was followed by

technological development, causing more

and more uncertainty. Today, concerns

have moved to the cyberspace. This

virtual arena is the source of a new type

of conflict where war is not declared,

attackers are hardly identifiable and

where skilled individuals can remotely

disable a country’s infrastructures.

Cyber attacks have raised new types of

concerns that demand appropriate

answers. Although using the cyber space

to weaken an opponent is not a new

practice, no appropriate answers have yet

been found while government

infrastructures remain especially

vulnerable.

Combined with other means, cyber

attacks contribute to the development of

a new sort of war, a hybrid combat where

states are no longer the only protagonists.

Power is now at the hand of any

individuals with sufficient motivation and

computer skills.

NATO’s Cyber Strategies and Wireless

Warfare in the Information Age

Volume 5 - Issue 4 April 2015

Contents:

NATO’s Cyber Strategies and Wireless Warfare in the

Information Age

Mr. Alexandru Moldovan analyzes NATO’s cyber security policy by underlining the

major events that contributed to the current state of affairs.

Challenges To NATO’s Cyber Security And Where They

Originate From

Mr. Mikk Raud ‘s article focuses on the challenges that arise from cyber attacks which

are more and more and difficult to deter or counteract.

What Cyber Changes: Using Ethics To Inform Mr. Henri Collis explores cyber attacks from an ethical perspective in an effort to ana-

lyse how attacks of this new kind should be answered to.

Threats to the Cyberspace (Photo: Symantec ISTR)


By Alexandru Moldovan

O ur daily routines are becoming in-

creasingly dependent on the ad-

vancements in information tech-

nology. Virtual reality already influences major as-

pects of our lives, such as the economy, health and

education and it seems that it will not be long until

its influence will expand into our personal and na-

tional security. In the last years, we’ve witnessed a

major increase in cyber attacks which have forced

governments to make space on their agendas to en-

sure the security of their public and private cyber

networks.

The first documented cyber war was fought dur-

ing the Kosovo War. Between March 24, 1999 and

June 10, 1999 operation Allied Force, a conventional

military operation, was conducted by NATO on the

territory of Yugoslavia in order to stop the human

rights abuses in Kosovo. During NATO’s military

operations against Serbia, numerous pro-Serbian

hacker groups attacked NATO’s internet infrastruc-

ture. The hackers were aided in their goal of disrupt-

ing NATO’s war-fighting capabilities by Russian and

Chinese hackers. Their victims were, among others,

NATO’s server and NATO’s public affairs website

dedicated to the war in Kosovo. Containing briefings

and news, the latter was inoperable for several days

due to Distributed Denial of Service attacks.

As a result, small but consistent steps were taken

by NATO to strengthen their digital defence, start-

ing with the establishment of the Cyber Defence

Programme in 2002. The latest confirmation of these

continuous efforts came at the NATO Wales Summit

in September 2014. The Wales Summit Declaration

contains explicit references to the increased importance

that NATO gives to the cyber security domain together

with a detailed plan for the future.

The Tallinn Manual, an international cyber law re-

search and education standard, defines a cyber attack as

a “cyber operation, whether offensive or defensive, that

is reasonably expected to cause injury or death to per-

sons or damage or destruction to objects.” Reinforcing

the major damage that a cyber-attack can lead to, article

72 of the Wales Summit Declaration states that: “Their

[ed. cyber-attacks] impact could be as harmful to mod-

ern societies as a conventional attack. We affirm there-

fore that cyber defence is part of NATO's core task of

collective defence”.

Allies need to clarify what potential cyber attack sce-

narios would cross the Article 5 threshold, and specify

the member states’ duties in the case of a cyber attack.

Even though the moment when a cyber attack will lead

to significant loss of human lives may seem a distant

future, it is clear that the risk must not be treated

lightly. As Professor Michael Schmitt, the Tallinn man-

ual's editor, stated, "I think just as a century ago we

were trying to understand how aviation would impact

the laws of war, today we are in great need of sorting

through these issues in the cyber world today".

This article details the strategic importance of having

a cyber-strategy in place, and highlights the recent

events that caused NATO’s concern.

Strategic Importance Of Cyber Strategies in

Modern Warfare

In order to face the new emerging threats caused by

the aggressive behaviour of Russia, the government of

NATO’s Cyber Strategies and Wireless Warfare in the Information Age


Lithuania decided in February 2015 to reintroduce com-

pulsory military service. Despite this measure, new threats

were signalled by the President of Lithuania Dalia Gry-

bauskaite in a public intervention in March 2015: “The

first stage of confrontation is taking place - I mean infor-

mation war, propaganda and cyber attacks. So we are al-

ready under attack.”

Far from being singular, this type of unconventional

attack was also recorded in 2007 when hackers attacked

official state and bank websites in Estonia and in the 2008

Georgian War. The Estonian attack was attributed to

groups of Russian hackers even though the Russian au-

thorities denied any involvement.

According to James Sherr from

Britain's Royal Institute of Interna-

tional Affairs, this new type of conflict

called hybrid warfare is “designed to

cripple a state before that state even

realizes the conflict has begun”. Elabo-

rating on the topic, Sherr adds that

hybrid warfare “It is a model of war-

fare designed to slip under NATO's

threshold of perception and reaction.” As Deputy Secre-

tary General Ambassador Alexander Vershbow said, we

are facing a new facet of the ancient Trojan Horse tactic.

As cyber attacks usage intensifies, we need to look into

the details of what constitutes a cyber attack and how

NATO and its allies can capitalize on their experience to

ensure that accidents like these will never catch the Alli-

ance on a wrong foot.

Expending the Tallinn Manual definition of cyber at-

tacks, Wittaker defines them as “coordinated actions taken

against a state’s public institutions, digital infrastructure,

and its critical infrastructure through cyber space”. Since

there is no clear terminology that can be used to define

cyber warfare, a range of different theoretical frameworks

have attempted to explain this idea. A first classification

was made by Wittaker who differentiates between

cyber attacks and cyber crimes. While cyber crimes

are directed against individuals and companies, cyber

attacks are targeting public institutions and infrastruc-

ture.

A more in-depth classification is made by Schreier

who distinguishes between cyber vandalism or “cyber

hacktivism”, cyber crime or internet crime, and cyber

espionage. The most dangerous one for governments

is cyber crime which usually affects the banking sec-

tor, financial institutions, and the corporate sector.

Government networks which hold classified data are

also affected, but less often.

Cyber attacks can be clas-

sified as a form of international

terrorism, and as a consequence

there is a need for a coordinated

international approach to address

such treats. Special characteris-

tics of cyber attacks which make

them particularly dangerous are

the difficulties that arise from

identifying their origin, nature and impact. It is in-

deed easier for the cyber criminals to hide their origin

as attacks can be launched from anywhere in the

world. In these conditions, retaliation becomes prob-

lematic because of the hardship of locating the at-

tacker and identifying their intentions. The nature of

the attack is also hard to define as attacks become

more and more sophisticated. Taking into considera-

tion the elaborate schemes of attack that are now de-

veloped by attackers, calculating the damage inflicted

to the victim can become an intricate endeavor.

Most common cyber threats can be used against a

variety of information systems such as transportation,

telecommunication and power systems, and industrial

equipment. These threats can take the form of Au-

Phishing attacks are requesting you to divulge your pass-

word under false arguments

(Photo: RealBusiness.co.uk)


thentication violations, Trojan Horses and Viruses,

Malware, Spyware and Phishing, Sabotage, Fraud,

Insecure passwords, Denial of Service (DoS) and

more modern threats such as Internet of Things. For

these general threats there are a number of solutions,

such as Antivirus software and firewalls, Cryptogra-

phy, Risk analysis and Biometrics. However, we need

to keep in mind that every system has its own hard-

ware and software specificities that the attackers can

exploit.

In order to respond to cyber crimes, cyber secu-

rity measures need to be put in place to ensure the

“safety of the data flow in the global network system,

the protection of databases, of transac-

tions, of access to critical information,

the protection of the integrity of the

national infrastructures, such as the

telecommunications and power sectors,

the protection of personal information

of individuals, the protection of cyber

infrastructure with all its components

etc.” as Hansen and Nissenbaum under-

line in their analysis. Hence, cyber se-

curity should be seen as an enabler that

secures our digital way of life. Every-

body should take responsibility to pro-

tect their private security and not treat this duty as a

burden.

Historical Development of NATO’s Approach

to Cyber Security

The hybrid war gave the opportunity for cyber

warriors and hackers to make use of their capabilities.

Although many of their actions are condemnable, the

end justifies the means in times of war as hackers see

it. On the other hand, NATO has to deal with the

problematic situation of how to make the best of its

cyber capabilities while respecting international law.

Anders Fogh Rasmussen, former NATO Secretary

General, stated in June 2014 that the approach to cy-

ber security that NATO has in place focuses on the

principle of collective defence, which does not fully

respond to the threat, leaving room for further im-

provement when it comes to the details of the strat-

egy. As Rasmussen presents the results of the discus-

sion held in Brussels on August 2015 with the Ameri-

can officials, “Our mandate is pure cyber defence,”

and “Our declaration is a start,” he said, “but I cannot

tell you it is a complete strategy.”

Before the Wales Summit in September 2014, ac-

cording to Limnell, NATO had to face three key chal-

lenges: integrate cyber capabilities,

update Article 5, and better coordinate

national capabilities. Out of these chal-

lenges, the biggest one was: “[...] to

integrate cyber into a broader strategic

and operational concept, both in de-

fence and offence.” This observation is

in line with one made by Rasmussen

who acknowledged that a global strat-

egy is still under development.

What led to the existing state of

affairs is a series of events that continu-

ously shaped NATO’s capabilities for

fighting cyber crimes. In chronological order, the

concept of cyber security made its way on NATO’s

agenda for the first time after the hacking incidents in

the late 1990s that took place during the Kosovo War

and consequently led to the start of NATO's Cyber

Defence Programme. After the 2002 Prague Summit,

initiatives were taken to establish the NATO Com-

puter Incident Response Capability (NCIRC). With

the New Strategic Concept developed by NATO in

November 2010 at the Lisbon Summit, a cyber secu-

rity objective was clearly formulated in the Summit’s

NATO largest ever multinational cyber

defence exercise is “Cyber Coalition

2014” launched on November 18, 2014.

(Photo: NATO)


report. Enhancing the “ability to prevent, detect, defend

against and recover from cyber-attacks, [...] and coordi-

nate national cyber defence capabilities, bringing all

NATO bodies under centralized cyber protection, and

better integrating NATO cyber awareness, warning and

response with member nations” were the guidelines fol-

lowed by NATO at the time. In 2011 a revised NATO

Policy on Cyber Defence was approved and by the end of

2012, the NATO Computer Incident Response Capability

(NCIRC) was in place. The organisation is now under the

NATO Communications and Information Agency (NCI

Agency), which monitors the IT infrastructure and re-

sponds to cyber threats and attacks. Other important

milestones for the organization are the creation of the

NATO Cooperative Cyber Defence

Centre of Excellence (CCDCOE) in

Tallinn, Estonia and the establish-

ment of NATO Cyber-Defence

Management Authority (CDMA) in

2008.

At this point it is important to

underline that NATO’s cyber strat-

egy is purely defensive. NATO’

members are still responsible for

developing their own national cyber defence capabilities

and must protect their own networks. At this level,

NATO’s role is to share expertise and information, pro-

mote coordination and cooperation and facilitate the de-

velopment of national capabilities.

Admittedly, the principle of collective defence and the

enshrined Article 5 still apply in the case of cyber attacks.

As a consequence, the question that can be asked is:

“Would NATO go to war over a cyber attack invocation

of Article 5”? To elucidate this matter, a decision as to

when a cyber attack would lead to the invocation of Arti-

cle 5 would be taken by the North Atlantic Council based

on a political decision taken on a case-by-case basis.

Another relevant aspect for the cyber security topic

is that the new cyber policy has given clarity to the

process the Alliance will use to invoke collective de-

fence while maintaining ambiguity about specific

thresholds as the Alliance’s ministers of defence

stressed. For reconstructing the process, firstly, the

incident is analyzed at a technical level. If the incident

has political implications, the dossier if passed on to the

Cyber Defence Management Board and from the De-

fence Policy and Planning Committee through to the

North Atlantic Council, the principal political decision-

making body of the North Atlantic Treaty Organiza-

tion.

At the moment, it is very unlikely that the North

Atlantic Council would invoke

collective defence unless there

were significant damage and

deaths, equivalent to kinetic mili-

tary force. The criteria for deter-

mining whether an attack should

be viewed as an "armed attack”

are not very clear but several indi-

cations can the traced through the

literature.

Jeffrey Carr, cyber security analyst and expert,

suggests six criteria for determining whether an attack

should be viewed as an "armed attack”. These criteria

are: severity, immediacy, directness, invasiveness,

measurability and presumptive legitimacy. We can

therefore treat a cyber attack as an armed attack if it

produces a great damage for a long duration and with

multiple effects, while crossing multiple physical or

digital borders and having an illegal nature. It is neces-

sary that the victims can quantify its harmful effects in

order for the cyber attack to be considered an “armed

attack”.

The CCDCOE, NATO’s International Military Or-

ganisation to enhance the capability, cooperation and

information sharing on cyber security (Photo: Valentina

http://en.wikipedia.org/wiki/North_Atlantic_Treaty_Organization

http://en.wikipedia.org/wiki/North_Atlantic_Treaty_Organization


Future Development Possibilities in the Area

of Cyber Security

By analyzing the private sector, we can reveal the

positive impact that international standards for infor-

mation security like ISO/IEC 27001 and 27002 can

have. Thanks to the best practices recommendations

that are included in these standards it becomes easier

to manage the security efforts. A future development

could be the adaptation of such a standard by NATO.

Another aspect that needs to be taken into consid-

eration is the lack of transparency from the members

of the Alliance when it comes to the offensive cyber

capabilities that they have at their disposal. Coupled

with the lack of any cyber offensive plans made by

NATO this impediment can negatively influence the

overall cyber capabilities of the Alliance.

One more area that can be improved is the legisla-

tion. NATO hinges to a large extent on legislation

and any gap in it could potentially be dangerous for

the proper functioning of the organization. A good

starting point for improvement would be a better

definition of the concept “armed attack” in the con-

text of cyber conflicts.

Further developments could be an increased num-

ber of common exercises, strengthening of the part-

nership with the private sector or an increased budget

for research and development.

Conclusion

NATO’s cyber capabilities have evolved continu-

ously since the Kosovo War. While the current tactics

describe a defensive thinking, we cannot talk at the

moment about a complete cyber security strategy at

the Alliance level. Nevertheless, NATO made some

important steps by acknowledging the role of cyber

security, founding NCIRC and similar dedicated insti-

tutions, and setting up a clear chain of command in

case of cyber attacks.

However, space for improvement still exists.

There is a need for a revised legislation, like in the

case of Article 5; transparent communication between

members and international needs to be improved;

global standards for information security should be

put in place. By solving all these issues, the process of

integrating a standalone cyber strategy, the Alliance’s

global military strategy will be much easier.

Alexandru Moldovan is currently an IT and Busi-

ness Process Management MSc student with a multid-

isciplinary background in IT, Communication, Public

Relations and Human Resource Management. He is

currently interested in IT, cyber security, sustainabil-

ity, and has previously explored coaching solutions for

human resource professionals. His professional back-

ground includes rich participation in non-

governmental organizations that delivered non-formal

educational projects to youth.

Andra, A. (2012). Cyber Security: An Important Dimension of Romania’s National Security | Center for European Policy Evaluation on WordPress.com. Retrieved March 29, 2015, from http://cepeoffice.com/2012/08/20/cyber-security-an-important-dimension-of-romanias-national-security/

Carr, J. (2010). Inside Cyber Warfare: Mapping the Cyber Underworld. O’Reilly.

Collier, M., & Sibierski, M. (2015). NATO allies come to grips with Russia’s “hybrid warfare” - Yahoo News. Retrieved March 30, 2015, from http://news.yahoo.com/nato-allies-come-grips-russias-hybrid-warfare-182821895.html

Cyber Attacks Against NATO, Then and Now. (n.d.). Retrieved March 29, 2015, from http://www.atlanticcouncil.org/blogs/new-atlanticist/cyber-attacks-against-nato-then-and-now

Hansen, L., & Nissenbaum, H. (2009). Digital Disaster, Cyber Security, and the Copenhagen School. International Studies Quarterly 53, 1156.

Healey, J., & van Bochoven, L. (2011). Issue

About the author

Bibliography


Sanger, D. E. (n.d.). NATO Set to Ratify Pledge on Joint Defense in Case of Major Cyberattack - NY-Times.com. Retrieved March 29, 2015, from http://www.nytimes.com/2014/09/01/world/europe/nato-set-to-ratify-pledge-on-joint-defense-in-case-of-major-cyberattack.html?_r=0

Schreier, F. (2012). On Cyberwarfare, (7), 1–133. Section, P. diplomacy division (PDD)-press and

media. (2013). NATO Cyber Defence, (October). Tallinn Manual Process | CCDCOE. (n.d.). Re-

trieved March 29, 2015, from https://ccdcoe.org/tallinn-manual.html

The statement recently: the real THREAT from Russia. Lithuania has already appealed" - News Round. (n.d.). Retrieved March 29, 2015, from http://news-round.com/the-statement-recently-the-real-threat-from-russia-lithuania-has-already-appealed/

Vipin, K., Lazarevnic, A., & Srivastava, J. (2005). Managing Cyber Threats. Issues, Approaches, and Challenges. New York: Springer.

Wittaker, J. (2004). Cyberspace Handbook. New York: Routledge.

Woudsma, P. (2012). Cyber Defence: A Major Topic in NATO’s Transformation. Retrieved March 30, 2015, from https://www.act.nato.int/article-2013-1-15

Yost, D. S. (2013). Nato Review. Retrieved March 29, 2015, from http://www.nato.int/docu/review/2003/issue4/english/art4.html

Brief, 1–12. Holly, E. (2015). Top 5 cybersecurity risks for 2015.

Retrieved March 30, 2015, from http://www.cnbc.com/id/102283615

Ilves Hendrik, T. (2013). Cybersecurity: A View From the Front - NYTimes.com. Retrieved March 29, 2015, from http://www.nytimes.com/2013/04/12/opinion/global/cybersecurity-a-view-from-the-front.html?pagewanted=all

Jordan Tothova, K. (2014). Would NATO Go to War Over a Cyberattack? | The National Interest. Re-trieved March 29, 2015, from http://nationalinterest.org/feature/would-nato-go-war-over-cyberattack-11199

Libicki, M. C. (2012). Cyberspace Is Not a Warfight-ing Domain. Journal of Law and Policy, 8, 325–336.

Limnell, J. (2014). The Three Cyber-Security Chal-lenges Facing Nato. Retrieved April 2, 2015, from http://www.ibtimes.co.uk/three-cyber-security-challenges-facing-nato-1460995

NATO. (2010). Strategic Concept For the Defence and Security of The Members of the North Atlantic Treaty Organisation, 5.

NATO - News: Preparing for tomorrow: cyber de-fence and the New Strategic Concept, 10-Oct.-2011. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natohq/news_77515.htm?selectedLocale=en

NATO - Official text: The North Atlantic Treaty, 04-Apr.-1949. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natolive/official_texts_17120.htm

NATO - Official text: Wales Summit Declaration issued by the Heads of State and Government participat-ing in the meeting of the North Atlantic Council in Wales , 05-Sep.-2014. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natohq/official_texts_112964.htm

NATO - Opinion: Press Conference by NATO Secre-tary General Anders Fogh Rasmussen following the meeting of the North Atlantic Council at the level of Heads of State and Government during the NATO Wales Summit, 05-Sep.-2014. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natohq/opinions_112871.htm

NATO - Topic: The consultation process and Article 4. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/ro/natolive/topics_49187.htm

NATO Topics - NATO and the Scourge of Terror-ism. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/terrorism/five.htm

Risen, T. (2014). Cybersecurity Remains a Gray Area for NATO - US News. Retrieved March 29, 2015, from http://www.usnews.com/news/articles/2014/08/14/cybersecurity-remains-a-gray-area-for-nato


By Mikk Raud

“ It is serious. If a business gets attacked, it can go

under. If our systems at NATO fail, people may

die.” This is how Ian West, head of the NATO

Communications and Information Agency (NCIA) Cyber

Security Service Line describes his everyday job of re-

sponding to cyber attacks launched against the Alliance.

Numerical data is somewhat intimidating, as NATO’s

computer servers identify 200 million suspicious cyber

activities per day and counter on average five major mali-

cious attempts per week. Luckily, such endeavours have

been ineffective and thus hardly reach the news.

Next to NCIA, which plans and implements all admin-

istrative activities for the Alliance’s cyber security and

responds to cyber attacks, one needs to appreciate the

NATO Computer Incident Response Capability

(NCIRC), which provides general defence to NATO’s

networks. Having managed to absorb the attempts of in-

fringing its own networks so far, the Alliance has shown

that cyber defence is clearly a priority. Yet, technology

develops on a daily basis, providing the malicious actors a

chance to deploy growingly sophisticated attacks. In order

not to fall behind in the increasingly evident cyber race,

NATO needs to clarify its role in different types of cyber

attacks and determine who and for which motives poses

the biggest cyber threat to the Alliance. This paper analy-

ses both issues and argues that threats to NATO’s cyber

safety, which mostly originate from state-actors, can be

best countered through efficient information sharing and

equalizing member states’ cyber capabilities.

Nature Of Cyber Attacks Determines NATO’s Fo-

cus

Whereas the Tallinn Manual’s definition of a “cyber

attack” assumes it to cause injury or death to persons or

damage or destruction to objects, NATO has adopted a

lower threshold by describing cyber attack as “action

taken to disrupt, deny, degrade or destroy information

resident in a computer and/or computer network, or the

computer and/or computer network itself”. This seems

reasonable for addressing more realistic everyday threats,

as even though many analysts have continuously antici-

pated a “Cyber Armageddon” where massive disruptions

of critical infrastructure result in chaos and shake the

world’s stability, nothing comparable has ever occurred.

Though never beyond doubt, even NATO’s possible ene-

mies mostly adhere to proportionality, distinction and

other principles of just war, making it unlikely to see a

state-actor carrying out such an attack even during physi-

cal warfare, let alone in peacetime. Hardly anyone would

benefit from a complete breakdown of the society, except

for extremely backward movements, which fortunately

possess little adequate capabilities. Therefore, one can

rather expect to continue seeing specifically targeted at-

tacks with a narrow focus of imposing political influence,

obtaining financial benefits or committing industrial es-

pionage.

Starting with Estonia in 2007, several member states

have experienced violations of their computer networks,

initiating a debate on what type of attacks exactly belong

to NATO’s responsibility. The Wales Summit Declara-

tion provides that “the fundamental cyber defence respon-

sibility of NATO is to defend its own networks.” Thus, it

Challenges to NATO’s Cyber Security and Where They Originate From


is necessary to distinguish attacks against individual

member states from those against the Alliance.

Hence, despite affirming the validity of collective de-

fence in cyberspace, the Declaration clearly stipulates

that the Allies must develop their independent capa-

bilities for protecting national networks. For exam-

ple, inter-private affairs, such as industrial espionage

against a member state have already earlier been said

not to belong to NATO’s respon-

sibility.

For more severe cases, the

underlying question is how and if

the Alliance should support its

members and whether Article 5

should be invoked or not. The

Wales Summit Declaration rati-

fied that a significant cyber attack can invoke a re-

sponse through Article 5, with the final right of adju-

dication left to the North Atlantic Council on a case-

by-case basis. It is reasonable to expect that the extent

of a cyber attack triggering Article 5 must certainly

involve physical damage and mass casualties – a sce-

nario, which despite its intriguing nature is unlikely

due to the incomprehensible consequences it would

bring to each actor. Thus, even though it is important

to continue developing the readiness of cyber-war,

NATO should primarily ensure the safety of its own

networks, which it has done well so far, and engage

into equalizing the member states’ individual capabili-

ties through well-coordinated information and knowl-

edge sharing. After all, just like in conventional bat-

tlefields, the heavyweight must be born by the mem-

ber states – the Alliance is an institution to organize

cooperation between the members and offer assis-

tance to those in need.

Terrorists and Criminals: Testing NATO’s Cy-

berspace?

Ian West has noted that more than 95% of the cy-

ber attacks NATO absorbs can be categorized as

criminal activities, which do not attempt to cause

physical harm, but aim to steal sensitive data. Addi-

tionally, according to Jamie Shea, the Deputy Assis-

tant Secretary General for Emerging Security Chal-

lenges at NATO, the Alliance’s

everyday challenges are emails

with infected attachments, probes

searching for vulnerabilities, or

denial of services attacks, which

do not differ much from the at-

tacks conducted against banks,

companies, scientific laboratories

and regular citizens. Therefore, as NATO’s networks

face similar threats as those of the member states, it is

important to understand where the threats come from

and tackle them together.

Resulting from various infamous attacks, some

assume that terrorists should also be most feared in

cyberspace. Indeed, only irrational actors could carry

out an attack against critical infrastructure, such as a

nuclear facility to purposely cause mass casualties.

Since most extremists’ ultimate goals justify the

means, they are perhaps the actors dreaming of such

cyber doomsday. Soon after the US started the air

campaign against the Islamic State, the group prom-

ised to develop a “cyber caliphate” to execute large-

scale hackings against the West, including NATO.

Some of their endeavours have been successful, for

example infringing the US Central Command’s Twit-

ter account, or thousands of French websites after the

Charlie Hebdo attack. While these small-scale deface-

ments and denial of service attacks give enough rea-

sons to remain cautious, surveys show little evidence

Despite the threat of a cyber-war, NATO's focus should remain on defensive capabilities (Photo: The Times)


anything significantly more destructive could be exe-

cuted. Whereas terrorists undoubtedly belong to the con-

cern group, much simpler means to cause mass casualties

exist and therefore it is questionable how motivated such

actors are to develop more sophisticated cyber skills.

Also noteworthy next to terrorists are the increasingly

professional cyber criminals, who can cause greater harm

due to clear focus and more elaborate strategies. The an-

nual report of the National Cyber Security Centre of

Netherlands identifies the criminals’ ultimate motivation

as earning money through conducting attacks themselves

or offering services to less proficient actors. Their usual

methods include financial fraud through placing malware

to the victim’s systems, while trying to

avoid the authorities by using border-

crossing internet or host servers which

ensure their anonymity. Therefore, the

more efficient the internal coordination

and information sharing between

NATO members is, the more difficult it

becomes for such actors to harm both

the Alliance and member states. Assuming that the

adopted policies in the New Enhanced Cyber Defence

Framework, including a streamlined cyber defence gov-

ernance will become a reality, the criminals will increas-

ingly have to target individuals and companies paying too

little attention to their cyber security, rather than an alli-

ance like NATO, which has so far managed to shield all

intentions of the criminals.

State-Actors as the Leading Cyber Threat

Despite the rather slim chance of an explicit cyber

conflict between states, the analysis now turns to state-

actors, which are still the largest threat to the Alliance’s

cyberspace, as also noted by a Senior Fellow in the

NATO Cooperative Cyber Defence Centre of Excel-

lence, Dr Rain Ottis. Firstly, a smaller issue arises from

the general insufficient action to limit illegal activities

in cyberspace, thus allowing terrorists and cyber crimi-

nals take advantage of the existing network infrastruc-

ture. Even though the situation is better controlled

inside NATO, many attacks still originate from within

the Alliance, showing that unsatisfactory regulation of

the internet is a universal problem. Secondly, despite

the issue of attribution, which can often be used as a

defence, it has been proven that many malicious actors

are financed and employed by state entities. The coun-

tries immediately coming to mind are China and Rus-

sia, often referred to as the major threats to global cy-

ber stability, while Iran, Syria and North Korea have

been walking a similar path.

Although these countries do

not hide their non-aligning

views towards the Western

internet standards, such as free-

dom of speech or the applica-

bility of international law to

cyberspace, none has ever ad-

mitted involvement in any cyber attacks. Yet, there is

evidence to connect numerous attacks with a respec-

tive state-actor. The following will shed light on some

of the most vivid examples.

To begin with, a US cyber security firm Mandiant

has shown that China’s military units have been di-

rectly involved in years of large-scale cyber espionage

against the West, including NATO members. Whereas

the most well known example is stealing America’s

most expensive military investment, the F-35 stealth

fighter’s designs, the Chinese government has also

been heavily suspected of inducing Chinese telecom

companies such as Huawei to place backdoors into

their products to ease cyber attacks against countries

buying the respective devices, or simplify gathering

economic or military intelligence. Yet, while China has

China's People's Liberation Army during a cyber drill

(Photo: NATOSource)


obtained most of the attention, some analysts consider its

reason to be that the others just do not get caught

enough. Indeed, a fresh US threat assessment report

warns that the threat from Russia is strongly underesti-

mated, bringing examples of more sophisticated and

stealthier cyber attack methods than China has ever used.

Knowingly, Russia has most likely funded the attacks

against Estonia, Georgia and Ukraine, while having re-

cently found a new partner named CyberBerkut – a pro-

Kremlin group of Ukrainian origin, which specifically

targets NATO and its allies, most lately in this March.

Besides these two players, another US cyber security firm

Cylance has deemed Iran as the “new China” by disclosing

the so-called Operation Cleaver that has allegedly stolen

myriads of data from all over the world, following the

upsurge in offensive cyber capabilities after suffering from

Stuxnet a few years ago.

Whereas the state-actors might be motivated to test

the Alliance’s unity and Article 5’s threshold, one can yet

again observe that causing physical harm has not been the

main purpose of the attacks. Rather, widespread cyber

espionage aims to gain economic advantage or access clas-

sified military information, whereas disrupting the nor-

mal functioning of either NATO’s or its members’ net-

works attempts to show political or ideological protest

against the Alliance’s actions. The latter type of attacks

are often concurrent with important events, such as the

parliamentary elections in Ukraine last March, or the

NATO Wales Summit, during which the strength of

NATO’s networks was repeatedly tested. Such challenges

to NATO’s readiness are not expected to decrease and

have raised the discussion of whether the Alliance should

also develop offensive cyber capabilities to tackle the

threats more effectively. However, as Dr Ottis has ex-

plained, just like the Alliance does not have nuclear weap-

ons or aircraft carriers, it is also not reasonable to build

offensive cyber capabilities, since several member states

already have the necessary skills. Moreover, being able

to hamper someone’s network does not necessarily

improve the ability to protect one’s own. Thus, the

Alliance’s focus shall remain on the defensive side,

dominated by multi-layered cooperation between

states and private institutions together with moral and

political pressure on the respective states to withdraw

from undesired cyber acts.

Conclusion

While the recent policies have addressed the right

concerns, there is still a degree of uncertainty in

NATO’s role in organising comprehensive cyber de-

fence. NATO’s own networks have been prioritized

and thus seem well protected. However, NATO con-

sists of 28 member states, and similarly to conventional

armed forces, not every ally possesses equally advanced

cyber capabilities. While the chance of a cyber-war

between NATO and its possible adversaries is rather

slim, acts of espionage and cyber crime are the accessi-

ble methods to various state-actors not having to fear a

unified response. While obtaining adequate cyber skills

belongs to each member’s own responsibility, the mu-

tual threats against the Alliance and the member states

create a clear incentive to further intensify collabora-

tion and equalize the members’ capabilities. The Alli-

ance is as strong as its weakest link, which the cyber

adversaries are bound to take advantage of once the

chance occurs.

Mikk Raud is a third year student at the University of

Hong Kong, where he is obtaining a Bachelor’s degree

in Government & Laws. Prior to starting his current

exchange semester at Tsinghua University, Mr. Raud

completed an internship at the Estonian Embassy in

Beijing. He is also currently involved in a research pro-

About the author


ject on China’s cyber capabilities, strategies and or-

ganisation in cooperation with the NATO Coopera-

tive Cyber Defence Centre of Excellence in Tallinn,

Estonia.

"Cyber Definitions." NATO Cooperative Cyber Defence Centre of Excellence. 2015. Web. 3 Apr. 2015.

"Cyber Security." NATO Communications and Informa-tion Agency. 2014. Web. 3 Apr. 2015.

"Cyber Security." NATO. 19 Jan. 2015. Web. 3 Apr. 2015.

"NATO Websites Targeted in Attack Claimed by Ukrainian Hacker Group Cyber Berkut." ABC News. 16 Mar. 2014. Web. 3 Apr. 2015. "Wales Summit Declaration." NATO. 5 Sept. 2014. Web. 3 Apr. 2015.

Ames, Paul. "NATO Faces About Ten Serious Cy-ber Incidents Each Month." Atlantic Council. 23 May 2014. Web. 3 Apr. 2015.

Cendrowicz, Leo. "Nato Frontline in Life-or-death War on Cyber-terrorists." The Guardian. 30 Oct. 2014. Web. 3 Apr. 2015.

Charlton, Corey. "Islamic State Jihadists Planning Encryption-protected 'cyber Caliphate' so They Can Carry out Hacking Attacks on West." Daily Mail. 11 Sept. 2014. Web. 3 Apr. 2015. Clapper, James R. Worldwide Threat Assessment of the US Intelligence Community. Rep: Senate Armed Ser-vices Committee, 2015. Web. 7 Apr. 2015.

Cyber Security Assessment Netherlands 2014,

National Cyber Security Centre. 2014. Gady, Franz-Stefan. "Russia Tops China as Principal Cyber Threat to US." The Diplomat. 3 Mar. 2015. Web. 7 Apr. 2015.

Jones, Sam. "Nato Summit on ‘high Alert’ for Cyber Attack." Financial Times. 3 Sept. 2014. Web. 3 Apr. 2015.

Krause, Hannes. "NATO on its way towards a com-fort zone in cyber defence." The Tallinn Papers (2014).

Limnell, Jarno. "NATO’s September Summit Must Confront Cyber Threats." Breaking Defense. 11 Aug. 2014. Web. 3 Apr. 2015.

Mcwhorter, Dan. "Mandiant Exposes APT1 – One of China’s Cyber Espionage Units & Releases 3,000

Indicators." Mandiant. 18 Feb. 2013. Web. 3 Apr. 2015. Morgus, Robert. "NATO Tries to Define Cyber War." Real Clear World. 20 Oct. 2014. Web. 3 Apr. 2015.

Nakashima, Ellen. "Confidential Report Lists U.S. Weapons System Designs Compromised by Chinese Cyberspies." Washington Post. 27 May 2013. Web. 7 Apr. 2015.

Ottis, Rain. "Interview on Possible Cyber Attackers." E-mail interview. 25 Mar. 2015.

Pinto, Delwyn. "Sandworm : Russia Backed Cyber Criminals Targeted EU, NATO." TechWorm. 14 Oct. 2014. Web. 3 Apr. 2015. Schmitt, Michael N. Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge UP, 2013. p. 92. The World in 2020 – Can NATO Protect Us? The Challenges to Critical Infrastructure. Rep: NATO Emerging Secu-rity Challenges Division. 10 Dec. 2012. Web. 3 Apr. 2015.

Bibliography


definition of an act of force entails that the attack must

cause physical or personal damage. When considering

the potential impact of a cyber attack, this definition

would appear to exclude an attack on the financial sec-

tor; but such an attack might have the potential to

cause immeasurable economic damage to a nation, sup-

porting the strategic aims of their adversary in a conflict

but still not crossing a legal threshold that allows for a

response.

NATO's own Cooperative Cyber Defence Centre of

Excellence in Tallinn convened a group of experts in

2013, producing a 300-page tome to help doctrine-

writers, advisors and decision makers understand this

complex domain. The discussions about the nature of

conflict have examined the interplay of law and ethics,

looking at concepts such as aggression, discrimination,

proportionality and attribution – the bread and butter

of the law of armed conflict.

Beyond the Cyber Domain: Hybrid Warfare

Analysis of how ethics applies to cyber operations is

focused on the technical application of cyber means

themselves, but in reality the cyber domain is consid-

ered as one tool among others for affecting an adver-

sary. In this sense, the emergence of new technology is

not the only driver of change; the first decade and a half

of the 21st century has seen new ways of integrating

different domains of interstate competition and influ-

ence to project power, challenging the way military

strength is considered and used.

While cyber attack is only one among multiple ele-

By Henri Collis

W ith cyber security making head-

lines with stories that features

rogue states, Hollywood and

the US Federal Government, it has never been more

high profile. This is symptomatic of the fact that, as

the world becomes more connected, the type and

volume of information stored and transmitted is ex-

panding in a way that introduces new risks and a fresh

set of considerations for defence and security. Under-

standing how the game has changed is, however, frag-

mented and addressing these risks requires grasping

not only the implications of cyber war in an opera-

tional sense, but also its complex relationship with the

evolving nature of conflict.

As the ways and means for cyber offence and de-

fence have multiplied, there has been realization for a

need to consider the ethical implications of its use.

Indeed, extensive debates have taken place about how

conflict may proceed in cyberspace. Examining this

through an ethical lens seeks to understand how con-

siderations of what is just and fair can be incorporated

in the debate on cyber security.

Implications at the Operational Level

Understanding whether there are direct legal cor-

ollaries between conventional and cyber conflicts is,

fraught with difficulty. Some discussions are straight-

forward, e.g. a cyber attack that uses network infra-

structure in a neutral country as a proxy is akin to

using their airspace for unauthorised overflight, which

would be illegal under international law. Other legal

definitions are harder to transpose. For example, the

What Cyber Changes:

Using Ethics to Inform


ments in this new, blended or ‘hybrid’ approach, its flexi-

bility and ubiquity means it can be employed in various

ways throughout this type of campaign - using proxies to

manipulate opinion through cyber-enabled information

operations or denying communications infrastructure to

inhibit decision making. The key point when examining

the ethics of using cyber means to project power in this

way, is that any response does not necessarily have to be

via cyber means.

Retaliation can however take different forms, from

the projection of soft power, or political leverage through

international fora, to conventional kinetic operations. A

response through other means, however, is still governed

by the Law of Armed Conflict so principles such as dis-

crimination and proportionality must be carefully consid-

ered. But determining what is proportional when trans-

posing actions from the cyber domain to political or ki-

netic actions again raises a set of complex legal questions.

Moreover, the principle of attribution is particularly

fraught with difficulty in cyber space and the problem of

correctly identifying the perpetrator of an attack has al-

ready inhibited the actions of nations suffering a cyber

attack, this is compounded by the use of proxies as well

as the spontaneous actions of motivated citizens. The re-

sult is a diminished ability to quickly and accurately at-

tribute cyber attacks, meaning the ethical basis and legal-

ity of any response is undermined. This challenges the

principles of what good conduct looks like in a reconsti-

tuted form of conflict that crosses different domains, and

demands reconsideration of the ethical and underlying

legal questions. .

An Evolved and Perennial Competition

At a further level of abstraction these questions of at-

tribution are key to understanding how concepts of cyber

defence are part of a more fundamental evolution in the

nature of conflict and interstate competition. Competi-

tion between state and non-state adversaries now sees

military, informational, and electronic means being

directly used to create political outcomes. This differs

from a traditional concept of war whereby states seek

to set military or security conditions for a political re-

sult.

This shift in the nature of conflict, described by

Emile Simpson in War From the Ground Up, has been

brought to light by understanding the complexity of

counterinsurgency over the last 15 years. This was ob-

viated by NATO’s experience in Afghanistan where the

simple and traditional 'bi-polar' model of two states

confronting each other no longer applied. The conflict

can be viewed as highly fragmented and exploited by

actors at multiple levels for various political and eco-

nomic goals. In some cases these actors opportunisti-

cally adopted the language and activity of insurgency,

as if it were a franchise that they could buy into. Exter-

nally this had the effect of making the insurgency ap-

pear more coherent and unified than it really was,

when in fact many of the groups conducting operations

at a local level were not motivated or controlled by a

centrally administered Taliban.

This analysis of what was a relatively low-tech con-

flict might seem a long way from cyber warfare, but

assuming that states are currently unlikely to engage

overtly in activity that crosses thresholds for armed

attack, which provoke a stronger response, then the

issue of attribution elevates the role of cyber warfare as

an integral part of how they compete - utilizing a dif-

fuse, unattributable set of actors for its execution akin

to the franchisees in an insurgency.

The shift from something recognizable as bi-polar

interstate warfare to fragmented and lower level strug-

gles in this way describes a type of conflict that blends

violence or the threat of violence, with other domains


tion the better.

In the short term this calls for alliance members to

engage in national and international exercises with both

military and civilian agencies to simulate the kind of

practical complexities and ethical dilemmas that might

arise. There is also a need to test readiness of cyber

defences and drive coordination between allies to build

a more resilient cyberspace that further enhances deter-

rence by denying the potential benefits of aggression or

interference.

If the Alliance challenges itself in this way it can help

identify where and how systems can be improved, de-

fine the interplay between different elements and do-

mains of conflict, but also obviate where skills need to

be developed to support long term improvement.

These are big questions and the debates around them

have a long way to go.

Understanding the nature of how conflict has

changed will not only inform those debates on an ethi-

cal and institutional level, but will also inform what is

needed for an effective policy response on a practical

level.

Henry Collis works at the UK Cabinet Office. His

previous experience includes spending three years at

HQ ISAF in Kabul as an assessment analyst and seven

years working across the middle east as an analyst and

consultant. He was a UK Delegate to the NATO Fu-

ture Leaders Summit in Wales in 2014.

Emile Simpson, War From The Ground Up, Co-lumbia University Press, 2012.

Tallinn Manual on the International Law applicable to Cyber Warfare, Cambridge University Press, 2013: https://ccdcoe.org/tallinn-manual.html

such as cyber attack and challenges where the bound-

ary for something recognisable as war now lies. It

brings a new level of uncertainty and raises the likeli-

hood of a new type of security challenge for NATO to

address, i.e. a conflict that is protracted and perennial

but falling short of open hostilities that would clearly

be subject to the law of armed conflict.

Conclusion

This shifting of traditional boundaries and recon-

sideration of conflict highlights the ethical questions

around the use of cyber means; uncertainty around

ethical use becomes amplified in this context. In this

mix, it is essential for policy makers to grasp these

debates, to understand how and why the boundaries

around where a conflict begins and what it looks like

are changing, and to see cyber in as wide a context as

possible to understand the full spectrum of its impact.

Despite the complexity around the use of cyber in

this type of conflict, the simple answer is to improve

the cyber security and information assurance of states

and their allies to deny adversaries benefits in the cy-

ber domain. NATO members, however, have differ-

ent levels of ability in this regard. The creation of pan

-Alliance standards through the NATO Defence Plan-

ning Process and the sharing of best practice from

technology to policy have begun and these must be

followed-through to ensure all members reach a se-

cure baseline of protective and defensive measures.

Nonetheless, policy makers need to prepare for

the complex ethical dilemmas raised by the potential

need to respond to a cyber attack as part of a more

ephemeral but enduring conflict. When this emerges

decisions will need to be made quickly, meaning there

can be little time for lengthy debate - the more think-

ing and preparation can be done ahead of a real situa-

About the author

Bibliography

https://ccdcoe.org/tallinn-manual.html

This publication is coThis publication is coThis publication is co---sponsored by the sponsored by the sponsored by the

North Atlantic Treaty OrganizationNorth Atlantic Treaty OrganizationNorth Atlantic Treaty Organization

Atlantic Voices is always seeking new material. If you are a young

researcher, subject expert or professional and feel you have a valuable

contribution to make to the debate, then please get in touch.

We are looking for papers, essays, and book reviews on issues of

importance to the NATO Alliance. For details of how to submit your

work please see our website. Further enquiries can also be directed to the

ATA Secretariat at the address listed below.

Editor: Flora Pidoux

ATA Programs

On April 28th the NATO Council of Canada will host a confer-

ence on Women,Peace and Security in cooperation with the Royal

Canadian Military Institute. Speakers include: NATO’s Special

Representative for Women,Peace and Security, Amb Marriet

Schuurman; Hon. Mobina Jeffer, US Senator; and Almas Jiwani,

President at the UN Women Canada National Committee.

The Bulgarian Euro-Atlantic Youth Club has the pleasure of invit-

ing participants to the Second NATO Summer School 2015, which is a

one-week international seminar focusing on some of the most important

security aspects for NATO in the period after 2014. The seminar will

take place on the 30th May -7th June 2015 in Smolyan, Bulgaria.

This year’s seminar will focus on key topics such as preparing for

threats in emergent spaces, including cyber space and maritime security,

Smart Defence and planning for the future in times of austerity, NATO's

role as a global security actor, NATO-Ukraine cooperation for 2015,

NATO-Russia relations, women’s role in peace and security, war against

terrorism, and NATO transparency and reforms. Topics like these we

would like to shed light on through discussions, panel debates and group

activities. The seminar will go through a direct contact between young

people, representatives of NGOs, media, representatives of govern-

ments, panel discussions, workshops and debates, presented by experts,

professors and competitive speakers.

Images should not be reproduced without permission from sources listed, and remain the sole property of those sources. Unless otherwise stated, all images are the property of NATO.

Atlantic Voices is the monthly publication of the Atlantic Treaty Associa-

tion. It aims to inform the debate on key issues that affect the North Atlantic

Treaty Organization, its goals and its future. The work published in Atlantic

Voices is written by young professionals and researchers.

The Atlantic Treaty Association (ATA) is an international non-

governmental organization based in Brussels working to facilitate global

networks and the sharing of knowledge on transatlantic cooperation and

security. By convening political, diplomatic and military leaders with

academics, media representatives and young professionals, the ATA promotes

the values set forth in the North Atlantic Treaty: Democracy, Freedom,

Liberty, Peace, Security and Rule of Law. The ATA membership extends to 37

countries from North America to the Caucasus throughout Europe. In 1996,

the Youth Atlantic Treaty Association (YATA) was created to specifially

include to the successor generation in our work.

Since 1954, the ATA has advanced the public’s knowledge and

understanding of the importance of joint efforts to transatlantic security

through its international programs, such as the Central and South Eastern

European Security Forum, the Ukraine Dialogue and its Educational Platform.

In 2011, the ATA adopted a new set of strategic goals that reflects the

constantly evolving dynamics of international cooperation. These goals include:

the establishment of new and competitive programs on international

security issues.

the development of research initiatives and security-related events for

its members.

the expansion of ATA’s international network of experts to countries in

Northern Africa and Asia.

The ATA is realizing these goals through new programs, more policy

activism and greater emphasis on joint research initiatives.

These programs will also aid in the establishment of a network of

international policy experts and professionals engaged in a dialogue with

NATO.

The views expressed in this article are entirely those of the authors. They do not necessarily represent the views of the Atlantic Treaty Association, its members, affiliates or staff.

https://www.facebook.com/TheAtlanticCouncilOfCanada

https://www.facebook.com/pages/Royal-Canadian-Military-Institute/111942478821660

https://www.facebook.com/pages/Royal-Canadian-Military-Institute/111942478821660

https://www.facebook.com/NATO1325

https://www.facebook.com/NATO1325

Vol.5, no. 04 (april 2015)2

Documents

Transcript of Vol.5, no. 04 (april 2015)2