vol.5, no. 04 (april 2015)2
TRANSCRIPT
ATLANTIC TREATY ASSOCIATION
Atlantic Voices, Volume 5, Issue 4 1
- Flora Pidoux
The space was once the stake of
international competition as the one who
has the ability to launch missiles far
enough had the power to destroy their
enemy. This discovery was followed by
technological development, causing more
and more uncertainty. Today, concerns
have moved to the cyberspace. This
virtual arena is the source of a new type
of conflict where war is not declared,
attackers are hardly identifiable and
where skilled individuals can remotely
disable a country’s infrastructures.
Cyber attacks have raised new types of
concerns that demand appropriate
answers. Although using the cyber space
to weaken an opponent is not a new
practice, no appropriate answers have yet
been found while government
infrastructures remain especially
vulnerable.
Combined with other means, cyber
attacks contribute to the development of
a new sort of war, a hybrid combat where
states are no longer the only protagonists.
Power is now at the hand of any
individuals with sufficient motivation and
computer skills.
NATO’s Cyber Strategies and Wireless
Warfare in the Information Age
Volume 5 - Issue 4 April 2015
Contents:
NATO’s Cyber Strategies and Wireless Warfare in the
Information Age
Mr. Alexandru Moldovan analyzes NATO’s cyber security policy by underlining the
major events that contributed to the current state of affairs.
Challenges To NATO’s Cyber Security And Where They
Originate From
Mr. Mikk Raud ‘s article focuses on the challenges that arise from cyber attacks which
are more and more and difficult to deter or counteract.
What Cyber Changes: Using Ethics To Inform Mr. Henri Collis explores cyber attacks from an ethical perspective in an effort to ana-
lyse how attacks of this new kind should be answered to.
Threats to the Cyberspace (Photo: Symantec ISTR)
Atlantic Voices, Volume 5, Issue 4 2
By Alexandru Moldovan
O ur daily routines are becoming in-
creasingly dependent on the ad-
vancements in information tech-
nology. Virtual reality already influences major as-
pects of our lives, such as the economy, health and
education and it seems that it will not be long until
its influence will expand into our personal and na-
tional security. In the last years, we’ve witnessed a
major increase in cyber attacks which have forced
governments to make space on their agendas to en-
sure the security of their public and private cyber
networks.
The first documented cyber war was fought dur-
ing the Kosovo War. Between March 24, 1999 and
June 10, 1999 operation Allied Force, a conventional
military operation, was conducted by NATO on the
territory of Yugoslavia in order to stop the human
rights abuses in Kosovo. During NATO’s military
operations against Serbia, numerous pro-Serbian
hacker groups attacked NATO’s internet infrastruc-
ture. The hackers were aided in their goal of disrupt-
ing NATO’s war-fighting capabilities by Russian and
Chinese hackers. Their victims were, among others,
NATO’s server and NATO’s public affairs website
dedicated to the war in Kosovo. Containing briefings
and news, the latter was inoperable for several days
due to Distributed Denial of Service attacks.
As a result, small but consistent steps were taken
by NATO to strengthen their digital defence, start-
ing with the establishment of the Cyber Defence
Programme in 2002. The latest confirmation of these
continuous efforts came at the NATO Wales Summit
in September 2014. The Wales Summit Declaration
contains explicit references to the increased importance
that NATO gives to the cyber security domain together
with a detailed plan for the future.
The Tallinn Manual, an international cyber law re-
search and education standard, defines a cyber attack as
a “cyber operation, whether offensive or defensive, that
is reasonably expected to cause injury or death to per-
sons or damage or destruction to objects.” Reinforcing
the major damage that a cyber-attack can lead to, article
72 of the Wales Summit Declaration states that: “Their
[ed. cyber-attacks] impact could be as harmful to mod-
ern societies as a conventional attack. We affirm there-
fore that cyber defence is part of NATO's core task of
collective defence”.
Allies need to clarify what potential cyber attack sce-
narios would cross the Article 5 threshold, and specify
the member states’ duties in the case of a cyber attack.
Even though the moment when a cyber attack will lead
to significant loss of human lives may seem a distant
future, it is clear that the risk must not be treated
lightly. As Professor Michael Schmitt, the Tallinn man-
ual's editor, stated, "I think just as a century ago we
were trying to understand how aviation would impact
the laws of war, today we are in great need of sorting
through these issues in the cyber world today".
This article details the strategic importance of having
a cyber-strategy in place, and highlights the recent
events that caused NATO’s concern.
Strategic Importance Of Cyber Strategies in
Modern Warfare
In order to face the new emerging threats caused by
the aggressive behaviour of Russia, the government of
NATO’s Cyber Strategies and Wireless Warfare in the Information Age
Atlantic Voices, Volume 5, Issue 4 3
Lithuania decided in February 2015 to reintroduce com-
pulsory military service. Despite this measure, new threats
were signalled by the President of Lithuania Dalia Gry-
bauskaite in a public intervention in March 2015: “The
first stage of confrontation is taking place - I mean infor-
mation war, propaganda and cyber attacks. So we are al-
ready under attack.”
Far from being singular, this type of unconventional
attack was also recorded in 2007 when hackers attacked
official state and bank websites in Estonia and in the 2008
Georgian War. The Estonian attack was attributed to
groups of Russian hackers even though the Russian au-
thorities denied any involvement.
According to James Sherr from
Britain's Royal Institute of Interna-
tional Affairs, this new type of conflict
called hybrid warfare is “designed to
cripple a state before that state even
realizes the conflict has begun”. Elabo-
rating on the topic, Sherr adds that
hybrid warfare “It is a model of war-
fare designed to slip under NATO's
threshold of perception and reaction.” As Deputy Secre-
tary General Ambassador Alexander Vershbow said, we
are facing a new facet of the ancient Trojan Horse tactic.
As cyber attacks usage intensifies, we need to look into
the details of what constitutes a cyber attack and how
NATO and its allies can capitalize on their experience to
ensure that accidents like these will never catch the Alli-
ance on a wrong foot.
Expending the Tallinn Manual definition of cyber at-
tacks, Wittaker defines them as “coordinated actions taken
against a state’s public institutions, digital infrastructure,
and its critical infrastructure through cyber space”. Since
there is no clear terminology that can be used to define
cyber warfare, a range of different theoretical frameworks
have attempted to explain this idea. A first classification
was made by Wittaker who differentiates between
cyber attacks and cyber crimes. While cyber crimes
are directed against individuals and companies, cyber
attacks are targeting public institutions and infrastruc-
ture.
A more in-depth classification is made by Schreier
who distinguishes between cyber vandalism or “cyber
hacktivism”, cyber crime or internet crime, and cyber
espionage. The most dangerous one for governments
is cyber crime which usually affects the banking sec-
tor, financial institutions, and the corporate sector.
Government networks which hold classified data are
also affected, but less often.
Cyber attacks can be clas-
sified as a form of international
terrorism, and as a consequence
there is a need for a coordinated
international approach to address
such treats. Special characteris-
tics of cyber attacks which make
them particularly dangerous are
the difficulties that arise from
identifying their origin, nature and impact. It is in-
deed easier for the cyber criminals to hide their origin
as attacks can be launched from anywhere in the
world. In these conditions, retaliation becomes prob-
lematic because of the hardship of locating the at-
tacker and identifying their intentions. The nature of
the attack is also hard to define as attacks become
more and more sophisticated. Taking into considera-
tion the elaborate schemes of attack that are now de-
veloped by attackers, calculating the damage inflicted
to the victim can become an intricate endeavor.
Most common cyber threats can be used against a
variety of information systems such as transportation,
telecommunication and power systems, and industrial
equipment. These threats can take the form of Au-
Phishing attacks are requesting you to divulge your pass-
word under false arguments
(Photo: RealBusiness.co.uk)
Atlantic Voices, Volume 5, Issue 4 4
thentication violations, Trojan Horses and Viruses,
Malware, Spyware and Phishing, Sabotage, Fraud,
Insecure passwords, Denial of Service (DoS) and
more modern threats such as Internet of Things. For
these general threats there are a number of solutions,
such as Antivirus software and firewalls, Cryptogra-
phy, Risk analysis and Biometrics. However, we need
to keep in mind that every system has its own hard-
ware and software specificities that the attackers can
exploit.
In order to respond to cyber crimes, cyber secu-
rity measures need to be put in place to ensure the
“safety of the data flow in the global network system,
the protection of databases, of transac-
tions, of access to critical information,
the protection of the integrity of the
national infrastructures, such as the
telecommunications and power sectors,
the protection of personal information
of individuals, the protection of cyber
infrastructure with all its components
etc.” as Hansen and Nissenbaum under-
line in their analysis. Hence, cyber se-
curity should be seen as an enabler that
secures our digital way of life. Every-
body should take responsibility to pro-
tect their private security and not treat this duty as a
burden.
Historical Development of NATO’s Approach
to Cyber Security
The hybrid war gave the opportunity for cyber
warriors and hackers to make use of their capabilities.
Although many of their actions are condemnable, the
end justifies the means in times of war as hackers see
it. On the other hand, NATO has to deal with the
problematic situation of how to make the best of its
cyber capabilities while respecting international law.
Anders Fogh Rasmussen, former NATO Secretary
General, stated in June 2014 that the approach to cy-
ber security that NATO has in place focuses on the
principle of collective defence, which does not fully
respond to the threat, leaving room for further im-
provement when it comes to the details of the strat-
egy. As Rasmussen presents the results of the discus-
sion held in Brussels on August 2015 with the Ameri-
can officials, “Our mandate is pure cyber defence,”
and “Our declaration is a start,” he said, “but I cannot
tell you it is a complete strategy.”
Before the Wales Summit in September 2014, ac-
cording to Limnell, NATO had to face three key chal-
lenges: integrate cyber capabilities,
update Article 5, and better coordinate
national capabilities. Out of these chal-
lenges, the biggest one was: “[...] to
integrate cyber into a broader strategic
and operational concept, both in de-
fence and offence.” This observation is
in line with one made by Rasmussen
who acknowledged that a global strat-
egy is still under development.
What led to the existing state of
affairs is a series of events that continu-
ously shaped NATO’s capabilities for
fighting cyber crimes. In chronological order, the
concept of cyber security made its way on NATO’s
agenda for the first time after the hacking incidents in
the late 1990s that took place during the Kosovo War
and consequently led to the start of NATO's Cyber
Defence Programme. After the 2002 Prague Summit,
initiatives were taken to establish the NATO Com-
puter Incident Response Capability (NCIRC). With
the New Strategic Concept developed by NATO in
November 2010 at the Lisbon Summit, a cyber secu-
rity objective was clearly formulated in the Summit’s
NATO largest ever multinational cyber
defence exercise is “Cyber Coalition
2014” launched on November 18, 2014.
(Photo: NATO)
Atlantic Voices, Volume 5, Issue 4 5
report. Enhancing the “ability to prevent, detect, defend
against and recover from cyber-attacks, [...] and coordi-
nate national cyber defence capabilities, bringing all
NATO bodies under centralized cyber protection, and
better integrating NATO cyber awareness, warning and
response with member nations” were the guidelines fol-
lowed by NATO at the time. In 2011 a revised NATO
Policy on Cyber Defence was approved and by the end of
2012, the NATO Computer Incident Response Capability
(NCIRC) was in place. The organisation is now under the
NATO Communications and Information Agency (NCI
Agency), which monitors the IT infrastructure and re-
sponds to cyber threats and attacks. Other important
milestones for the organization are the creation of the
NATO Cooperative Cyber Defence
Centre of Excellence (CCDCOE) in
Tallinn, Estonia and the establish-
ment of NATO Cyber-Defence
Management Authority (CDMA) in
2008.
At this point it is important to
underline that NATO’s cyber strat-
egy is purely defensive. NATO’
members are still responsible for
developing their own national cyber defence capabilities
and must protect their own networks. At this level,
NATO’s role is to share expertise and information, pro-
mote coordination and cooperation and facilitate the de-
velopment of national capabilities.
Admittedly, the principle of collective defence and the
enshrined Article 5 still apply in the case of cyber attacks.
As a consequence, the question that can be asked is:
“Would NATO go to war over a cyber attack invocation
of Article 5”? To elucidate this matter, a decision as to
when a cyber attack would lead to the invocation of Arti-
cle 5 would be taken by the North Atlantic Council based
on a political decision taken on a case-by-case basis.
Another relevant aspect for the cyber security topic
is that the new cyber policy has given clarity to the
process the Alliance will use to invoke collective de-
fence while maintaining ambiguity about specific
thresholds as the Alliance’s ministers of defence
stressed. For reconstructing the process, firstly, the
incident is analyzed at a technical level. If the incident
has political implications, the dossier if passed on to the
Cyber Defence Management Board and from the De-
fence Policy and Planning Committee through to the
North Atlantic Council, the principal political decision-
making body of the North Atlantic Treaty Organiza-
tion.
At the moment, it is very unlikely that the North
Atlantic Council would invoke
collective defence unless there
were significant damage and
deaths, equivalent to kinetic mili-
tary force. The criteria for deter-
mining whether an attack should
be viewed as an "armed attack”
are not very clear but several indi-
cations can the traced through the
literature.
Jeffrey Carr, cyber security analyst and expert,
suggests six criteria for determining whether an attack
should be viewed as an "armed attack”. These criteria
are: severity, immediacy, directness, invasiveness,
measurability and presumptive legitimacy. We can
therefore treat a cyber attack as an armed attack if it
produces a great damage for a long duration and with
multiple effects, while crossing multiple physical or
digital borders and having an illegal nature. It is neces-
sary that the victims can quantify its harmful effects in
order for the cyber attack to be considered an “armed
attack”.
The CCDCOE, NATO’s International Military Or-
ganisation to enhance the capability, cooperation and
information sharing on cyber security (Photo: Valentina
Atlantic Voices, Volume 5, Issue 4 6
Future Development Possibilities in the Area
of Cyber Security
By analyzing the private sector, we can reveal the
positive impact that international standards for infor-
mation security like ISO/IEC 27001 and 27002 can
have. Thanks to the best practices recommendations
that are included in these standards it becomes easier
to manage the security efforts. A future development
could be the adaptation of such a standard by NATO.
Another aspect that needs to be taken into consid-
eration is the lack of transparency from the members
of the Alliance when it comes to the offensive cyber
capabilities that they have at their disposal. Coupled
with the lack of any cyber offensive plans made by
NATO this impediment can negatively influence the
overall cyber capabilities of the Alliance.
One more area that can be improved is the legisla-
tion. NATO hinges to a large extent on legislation
and any gap in it could potentially be dangerous for
the proper functioning of the organization. A good
starting point for improvement would be a better
definition of the concept “armed attack” in the con-
text of cyber conflicts.
Further developments could be an increased num-
ber of common exercises, strengthening of the part-
nership with the private sector or an increased budget
for research and development.
Conclusion
NATO’s cyber capabilities have evolved continu-
ously since the Kosovo War. While the current tactics
describe a defensive thinking, we cannot talk at the
moment about a complete cyber security strategy at
the Alliance level. Nevertheless, NATO made some
important steps by acknowledging the role of cyber
security, founding NCIRC and similar dedicated insti-
tutions, and setting up a clear chain of command in
case of cyber attacks.
However, space for improvement still exists.
There is a need for a revised legislation, like in the
case of Article 5; transparent communication between
members and international needs to be improved;
global standards for information security should be
put in place. By solving all these issues, the process of
integrating a standalone cyber strategy, the Alliance’s
global military strategy will be much easier.
Alexandru Moldovan is currently an IT and Busi-
ness Process Management MSc student with a multid-
isciplinary background in IT, Communication, Public
Relations and Human Resource Management. He is
currently interested in IT, cyber security, sustainabil-
ity, and has previously explored coaching solutions for
human resource professionals. His professional back-
ground includes rich participation in non-
governmental organizations that delivered non-formal
educational projects to youth.
Andra, A. (2012). Cyber Security: An Important Dimension of Romania’s National Security | Center for European Policy Evaluation on WordPress.com. Retrieved March 29, 2015, from http://cepeoffice.com/2012/08/20/cyber-security-an-important-dimension-of-romanias-national-security/
Carr, J. (2010). Inside Cyber Warfare: Mapping the Cyber Underworld. O’Reilly.
Collier, M., & Sibierski, M. (2015). NATO allies come to grips with Russia’s “hybrid warfare” - Yahoo News. Retrieved March 30, 2015, from http://news.yahoo.com/nato-allies-come-grips-russias-hybrid-warfare-182821895.html
Cyber Attacks Against NATO, Then and Now. (n.d.). Retrieved March 29, 2015, from http://www.atlanticcouncil.org/blogs/new-atlanticist/cyber-attacks-against-nato-then-and-now
Hansen, L., & Nissenbaum, H. (2009). Digital Disaster, Cyber Security, and the Copenhagen School. International Studies Quarterly 53, 1156.
Healey, J., & van Bochoven, L. (2011). Issue
About the author
Bibliography
Atlantic Voices, Volume 5, Issue 4 7
Sanger, D. E. (n.d.). NATO Set to Ratify Pledge on Joint Defense in Case of Major Cyberattack - NY-Times.com. Retrieved March 29, 2015, from http://www.nytimes.com/2014/09/01/world/europe/nato-set-to-ratify-pledge-on-joint-defense-in-case-of-major-cyberattack.html?_r=0
Schreier, F. (2012). On Cyberwarfare, (7), 1–133. Section, P. diplomacy division (PDD)-press and
media. (2013). NATO Cyber Defence, (October). Tallinn Manual Process | CCDCOE. (n.d.). Re-
trieved March 29, 2015, from https://ccdcoe.org/tallinn-manual.html
The statement recently: the real THREAT from Russia. Lithuania has already appealed" - News Round. (n.d.). Retrieved March 29, 2015, from http://news-round.com/the-statement-recently-the-real-threat-from-russia-lithuania-has-already-appealed/
Vipin, K., Lazarevnic, A., & Srivastava, J. (2005). Managing Cyber Threats. Issues, Approaches, and Challenges. New York: Springer.
Wittaker, J. (2004). Cyberspace Handbook. New York: Routledge.
Woudsma, P. (2012). Cyber Defence: A Major Topic in NATO’s Transformation. Retrieved March 30, 2015, from https://www.act.nato.int/article-2013-1-15
Yost, D. S. (2013). Nato Review. Retrieved March 29, 2015, from http://www.nato.int/docu/review/2003/issue4/english/art4.html
Brief, 1–12. Holly, E. (2015). Top 5 cybersecurity risks for 2015.
Retrieved March 30, 2015, from http://www.cnbc.com/id/102283615
Ilves Hendrik, T. (2013). Cybersecurity: A View From the Front - NYTimes.com. Retrieved March 29, 2015, from http://www.nytimes.com/2013/04/12/opinion/global/cybersecurity-a-view-from-the-front.html?pagewanted=all
Jordan Tothova, K. (2014). Would NATO Go to War Over a Cyberattack? | The National Interest. Re-trieved March 29, 2015, from http://nationalinterest.org/feature/would-nato-go-war-over-cyberattack-11199
Libicki, M. C. (2012). Cyberspace Is Not a Warfight-ing Domain. Journal of Law and Policy, 8, 325–336.
Limnell, J. (2014). The Three Cyber-Security Chal-lenges Facing Nato. Retrieved April 2, 2015, from http://www.ibtimes.co.uk/three-cyber-security-challenges-facing-nato-1460995
NATO. (2010). Strategic Concept For the Defence and Security of The Members of the North Atlantic Treaty Organisation, 5.
NATO - News: Preparing for tomorrow: cyber de-fence and the New Strategic Concept, 10-Oct.-2011. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natohq/news_77515.htm?selectedLocale=en
NATO - Official text: The North Atlantic Treaty, 04-Apr.-1949. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natolive/official_texts_17120.htm
NATO - Official text: Wales Summit Declaration issued by the Heads of State and Government participat-ing in the meeting of the North Atlantic Council in Wales , 05-Sep.-2014. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natohq/official_texts_112964.htm
NATO - Opinion: Press Conference by NATO Secre-tary General Anders Fogh Rasmussen following the meeting of the North Atlantic Council at the level of Heads of State and Government during the NATO Wales Summit, 05-Sep.-2014. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/en/natohq/opinions_112871.htm
NATO - Topic: The consultation process and Article 4. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/cps/ro/natolive/topics_49187.htm
NATO Topics - NATO and the Scourge of Terror-ism. (n.d.). Retrieved March 29, 2015, from http://www.nato.int/terrorism/five.htm
Risen, T. (2014). Cybersecurity Remains a Gray Area for NATO - US News. Retrieved March 29, 2015, from http://www.usnews.com/news/articles/2014/08/14/cybersecurity-remains-a-gray-area-for-nato
Atlantic Voices, Volume 5, Issue 4 8
By Mikk Raud
“ It is serious. If a business gets attacked, it can go
under. If our systems at NATO fail, people may
die.” This is how Ian West, head of the NATO
Communications and Information Agency (NCIA) Cyber
Security Service Line describes his everyday job of re-
sponding to cyber attacks launched against the Alliance.
Numerical data is somewhat intimidating, as NATO’s
computer servers identify 200 million suspicious cyber
activities per day and counter on average five major mali-
cious attempts per week. Luckily, such endeavours have
been ineffective and thus hardly reach the news.
Next to NCIA, which plans and implements all admin-
istrative activities for the Alliance’s cyber security and
responds to cyber attacks, one needs to appreciate the
NATO Computer Incident Response Capability
(NCIRC), which provides general defence to NATO’s
networks. Having managed to absorb the attempts of in-
fringing its own networks so far, the Alliance has shown
that cyber defence is clearly a priority. Yet, technology
develops on a daily basis, providing the malicious actors a
chance to deploy growingly sophisticated attacks. In order
not to fall behind in the increasingly evident cyber race,
NATO needs to clarify its role in different types of cyber
attacks and determine who and for which motives poses
the biggest cyber threat to the Alliance. This paper analy-
ses both issues and argues that threats to NATO’s cyber
safety, which mostly originate from state-actors, can be
best countered through efficient information sharing and
equalizing member states’ cyber capabilities.
Nature Of Cyber Attacks Determines NATO’s Fo-
cus
Whereas the Tallinn Manual’s definition of a “cyber
attack” assumes it to cause injury or death to persons or
damage or destruction to objects, NATO has adopted a
lower threshold by describing cyber attack as “action
taken to disrupt, deny, degrade or destroy information
resident in a computer and/or computer network, or the
computer and/or computer network itself”. This seems
reasonable for addressing more realistic everyday threats,
as even though many analysts have continuously antici-
pated a “Cyber Armageddon” where massive disruptions
of critical infrastructure result in chaos and shake the
world’s stability, nothing comparable has ever occurred.
Though never beyond doubt, even NATO’s possible ene-
mies mostly adhere to proportionality, distinction and
other principles of just war, making it unlikely to see a
state-actor carrying out such an attack even during physi-
cal warfare, let alone in peacetime. Hardly anyone would
benefit from a complete breakdown of the society, except
for extremely backward movements, which fortunately
possess little adequate capabilities. Therefore, one can
rather expect to continue seeing specifically targeted at-
tacks with a narrow focus of imposing political influence,
obtaining financial benefits or committing industrial es-
pionage.
Starting with Estonia in 2007, several member states
have experienced violations of their computer networks,
initiating a debate on what type of attacks exactly belong
to NATO’s responsibility. The Wales Summit Declara-
tion provides that “the fundamental cyber defence respon-
sibility of NATO is to defend its own networks.” Thus, it
Challenges to NATO’s Cyber Security and Where They Originate From
Atlantic Voices, Volume 5, Issue 4 9
is necessary to distinguish attacks against individual
member states from those against the Alliance.
Hence, despite affirming the validity of collective de-
fence in cyberspace, the Declaration clearly stipulates
that the Allies must develop their independent capa-
bilities for protecting national networks. For exam-
ple, inter-private affairs, such as industrial espionage
against a member state have already earlier been said
not to belong to NATO’s respon-
sibility.
For more severe cases, the
underlying question is how and if
the Alliance should support its
members and whether Article 5
should be invoked or not. The
Wales Summit Declaration rati-
fied that a significant cyber attack can invoke a re-
sponse through Article 5, with the final right of adju-
dication left to the North Atlantic Council on a case-
by-case basis. It is reasonable to expect that the extent
of a cyber attack triggering Article 5 must certainly
involve physical damage and mass casualties – a sce-
nario, which despite its intriguing nature is unlikely
due to the incomprehensible consequences it would
bring to each actor. Thus, even though it is important
to continue developing the readiness of cyber-war,
NATO should primarily ensure the safety of its own
networks, which it has done well so far, and engage
into equalizing the member states’ individual capabili-
ties through well-coordinated information and knowl-
edge sharing. After all, just like in conventional bat-
tlefields, the heavyweight must be born by the mem-
ber states – the Alliance is an institution to organize
cooperation between the members and offer assis-
tance to those in need.
Terrorists and Criminals: Testing NATO’s Cy-
berspace?
Ian West has noted that more than 95% of the cy-
ber attacks NATO absorbs can be categorized as
criminal activities, which do not attempt to cause
physical harm, but aim to steal sensitive data. Addi-
tionally, according to Jamie Shea, the Deputy Assis-
tant Secretary General for Emerging Security Chal-
lenges at NATO, the Alliance’s
everyday challenges are emails
with infected attachments, probes
searching for vulnerabilities, or
denial of services attacks, which
do not differ much from the at-
tacks conducted against banks,
companies, scientific laboratories
and regular citizens. Therefore, as NATO’s networks
face similar threats as those of the member states, it is
important to understand where the threats come from
and tackle them together.
Resulting from various infamous attacks, some
assume that terrorists should also be most feared in
cyberspace. Indeed, only irrational actors could carry
out an attack against critical infrastructure, such as a
nuclear facility to purposely cause mass casualties.
Since most extremists’ ultimate goals justify the
means, they are perhaps the actors dreaming of such
cyber doomsday. Soon after the US started the air
campaign against the Islamic State, the group prom-
ised to develop a “cyber caliphate” to execute large-
scale hackings against the West, including NATO.
Some of their endeavours have been successful, for
example infringing the US Central Command’s Twit-
ter account, or thousands of French websites after the
Charlie Hebdo attack. While these small-scale deface-
ments and denial of service attacks give enough rea-
sons to remain cautious, surveys show little evidence
Despite the threat of a cyber-war, NATO's focus should remain on defensive capabilities (Photo: The Times)
Atlantic Voices, Volume 5, Issue 4 10
anything significantly more destructive could be exe-
cuted. Whereas terrorists undoubtedly belong to the con-
cern group, much simpler means to cause mass casualties
exist and therefore it is questionable how motivated such
actors are to develop more sophisticated cyber skills.
Also noteworthy next to terrorists are the increasingly
professional cyber criminals, who can cause greater harm
due to clear focus and more elaborate strategies. The an-
nual report of the National Cyber Security Centre of
Netherlands identifies the criminals’ ultimate motivation
as earning money through conducting attacks themselves
or offering services to less proficient actors. Their usual
methods include financial fraud through placing malware
to the victim’s systems, while trying to
avoid the authorities by using border-
crossing internet or host servers which
ensure their anonymity. Therefore, the
more efficient the internal coordination
and information sharing between
NATO members is, the more difficult it
becomes for such actors to harm both
the Alliance and member states. Assuming that the
adopted policies in the New Enhanced Cyber Defence
Framework, including a streamlined cyber defence gov-
ernance will become a reality, the criminals will increas-
ingly have to target individuals and companies paying too
little attention to their cyber security, rather than an alli-
ance like NATO, which has so far managed to shield all
intentions of the criminals.
State-Actors as the Leading Cyber Threat
Despite the rather slim chance of an explicit cyber
conflict between states, the analysis now turns to state-
actors, which are still the largest threat to the Alliance’s
cyberspace, as also noted by a Senior Fellow in the
NATO Cooperative Cyber Defence Centre of Excel-
lence, Dr Rain Ottis. Firstly, a smaller issue arises from
the general insufficient action to limit illegal activities
in cyberspace, thus allowing terrorists and cyber crimi-
nals take advantage of the existing network infrastruc-
ture. Even though the situation is better controlled
inside NATO, many attacks still originate from within
the Alliance, showing that unsatisfactory regulation of
the internet is a universal problem. Secondly, despite
the issue of attribution, which can often be used as a
defence, it has been proven that many malicious actors
are financed and employed by state entities. The coun-
tries immediately coming to mind are China and Rus-
sia, often referred to as the major threats to global cy-
ber stability, while Iran, Syria and North Korea have
been walking a similar path.
Although these countries do
not hide their non-aligning
views towards the Western
internet standards, such as free-
dom of speech or the applica-
bility of international law to
cyberspace, none has ever ad-
mitted involvement in any cyber attacks. Yet, there is
evidence to connect numerous attacks with a respec-
tive state-actor. The following will shed light on some
of the most vivid examples.
To begin with, a US cyber security firm Mandiant
has shown that China’s military units have been di-
rectly involved in years of large-scale cyber espionage
against the West, including NATO members. Whereas
the most well known example is stealing America’s
most expensive military investment, the F-35 stealth
fighter’s designs, the Chinese government has also
been heavily suspected of inducing Chinese telecom
companies such as Huawei to place backdoors into
their products to ease cyber attacks against countries
buying the respective devices, or simplify gathering
economic or military intelligence. Yet, while China has
China's People's Liberation Army during a cyber drill
(Photo: NATOSource)
Atlantic Voices, Volume 5, Issue 4 11
obtained most of the attention, some analysts consider its
reason to be that the others just do not get caught
enough. Indeed, a fresh US threat assessment report
warns that the threat from Russia is strongly underesti-
mated, bringing examples of more sophisticated and
stealthier cyber attack methods than China has ever used.
Knowingly, Russia has most likely funded the attacks
against Estonia, Georgia and Ukraine, while having re-
cently found a new partner named CyberBerkut – a pro-
Kremlin group of Ukrainian origin, which specifically
targets NATO and its allies, most lately in this March.
Besides these two players, another US cyber security firm
Cylance has deemed Iran as the “new China” by disclosing
the so-called Operation Cleaver that has allegedly stolen
myriads of data from all over the world, following the
upsurge in offensive cyber capabilities after suffering from
Stuxnet a few years ago.
Whereas the state-actors might be motivated to test
the Alliance’s unity and Article 5’s threshold, one can yet
again observe that causing physical harm has not been the
main purpose of the attacks. Rather, widespread cyber
espionage aims to gain economic advantage or access clas-
sified military information, whereas disrupting the nor-
mal functioning of either NATO’s or its members’ net-
works attempts to show political or ideological protest
against the Alliance’s actions. The latter type of attacks
are often concurrent with important events, such as the
parliamentary elections in Ukraine last March, or the
NATO Wales Summit, during which the strength of
NATO’s networks was repeatedly tested. Such challenges
to NATO’s readiness are not expected to decrease and
have raised the discussion of whether the Alliance should
also develop offensive cyber capabilities to tackle the
threats more effectively. However, as Dr Ottis has ex-
plained, just like the Alliance does not have nuclear weap-
ons or aircraft carriers, it is also not reasonable to build
offensive cyber capabilities, since several member states
already have the necessary skills. Moreover, being able
to hamper someone’s network does not necessarily
improve the ability to protect one’s own. Thus, the
Alliance’s focus shall remain on the defensive side,
dominated by multi-layered cooperation between
states and private institutions together with moral and
political pressure on the respective states to withdraw
from undesired cyber acts.
Conclusion
While the recent policies have addressed the right
concerns, there is still a degree of uncertainty in
NATO’s role in organising comprehensive cyber de-
fence. NATO’s own networks have been prioritized
and thus seem well protected. However, NATO con-
sists of 28 member states, and similarly to conventional
armed forces, not every ally possesses equally advanced
cyber capabilities. While the chance of a cyber-war
between NATO and its possible adversaries is rather
slim, acts of espionage and cyber crime are the accessi-
ble methods to various state-actors not having to fear a
unified response. While obtaining adequate cyber skills
belongs to each member’s own responsibility, the mu-
tual threats against the Alliance and the member states
create a clear incentive to further intensify collabora-
tion and equalize the members’ capabilities. The Alli-
ance is as strong as its weakest link, which the cyber
adversaries are bound to take advantage of once the
chance occurs.
Mikk Raud is a third year student at the University of
Hong Kong, where he is obtaining a Bachelor’s degree
in Government & Laws. Prior to starting his current
exchange semester at Tsinghua University, Mr. Raud
completed an internship at the Estonian Embassy in
Beijing. He is also currently involved in a research pro-
About the author
Atlantic Voices, Volume 5, Issue 4 12
ject on China’s cyber capabilities, strategies and or-
ganisation in cooperation with the NATO Coopera-
tive Cyber Defence Centre of Excellence in Tallinn,
Estonia.
"Cyber Definitions." NATO Cooperative Cyber Defence Centre of Excellence. 2015. Web. 3 Apr. 2015.
"Cyber Security." NATO Communications and Informa-tion Agency. 2014. Web. 3 Apr. 2015.
"Cyber Security." NATO. 19 Jan. 2015. Web. 3 Apr. 2015.
"NATO Websites Targeted in Attack Claimed by Ukrainian Hacker Group Cyber Berkut." ABC News. 16 Mar. 2014. Web. 3 Apr. 2015. "Wales Summit Declaration." NATO. 5 Sept. 2014. Web. 3 Apr. 2015.
Ames, Paul. "NATO Faces About Ten Serious Cy-ber Incidents Each Month." Atlantic Council. 23 May 2014. Web. 3 Apr. 2015.
Cendrowicz, Leo. "Nato Frontline in Life-or-death War on Cyber-terrorists." The Guardian. 30 Oct. 2014. Web. 3 Apr. 2015.
Charlton, Corey. "Islamic State Jihadists Planning Encryption-protected 'cyber Caliphate' so They Can Carry out Hacking Attacks on West." Daily Mail. 11 Sept. 2014. Web. 3 Apr. 2015. Clapper, James R. Worldwide Threat Assessment of the US Intelligence Community. Rep: Senate Armed Ser-vices Committee, 2015. Web. 7 Apr. 2015.
Cyber Security Assessment Netherlands 2014,
National Cyber Security Centre. 2014. Gady, Franz-Stefan. "Russia Tops China as Principal Cyber Threat to US." The Diplomat. 3 Mar. 2015. Web. 7 Apr. 2015.
Jones, Sam. "Nato Summit on ‘high Alert’ for Cyber Attack." Financial Times. 3 Sept. 2014. Web. 3 Apr. 2015.
Krause, Hannes. "NATO on its way towards a com-fort zone in cyber defence." The Tallinn Papers (2014).
Limnell, Jarno. "NATO’s September Summit Must Confront Cyber Threats." Breaking Defense. 11 Aug. 2014. Web. 3 Apr. 2015.
Mcwhorter, Dan. "Mandiant Exposes APT1 – One of China’s Cyber Espionage Units & Releases 3,000
Indicators." Mandiant. 18 Feb. 2013. Web. 3 Apr. 2015. Morgus, Robert. "NATO Tries to Define Cyber War." Real Clear World. 20 Oct. 2014. Web. 3 Apr. 2015.
Nakashima, Ellen. "Confidential Report Lists U.S. Weapons System Designs Compromised by Chinese Cyberspies." Washington Post. 27 May 2013. Web. 7 Apr. 2015.
Ottis, Rain. "Interview on Possible Cyber Attackers." E-mail interview. 25 Mar. 2015.
Pinto, Delwyn. "Sandworm : Russia Backed Cyber Criminals Targeted EU, NATO." TechWorm. 14 Oct. 2014. Web. 3 Apr. 2015. Schmitt, Michael N. Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge UP, 2013. p. 92. The World in 2020 – Can NATO Protect Us? The Challenges to Critical Infrastructure. Rep: NATO Emerging Secu-rity Challenges Division. 10 Dec. 2012. Web. 3 Apr. 2015.
Bibliography
Atlantic Voices, Volume 5, Issue 4 13
definition of an act of force entails that the attack must
cause physical or personal damage. When considering
the potential impact of a cyber attack, this definition
would appear to exclude an attack on the financial sec-
tor; but such an attack might have the potential to
cause immeasurable economic damage to a nation, sup-
porting the strategic aims of their adversary in a conflict
but still not crossing a legal threshold that allows for a
response.
NATO's own Cooperative Cyber Defence Centre of
Excellence in Tallinn convened a group of experts in
2013, producing a 300-page tome to help doctrine-
writers, advisors and decision makers understand this
complex domain. The discussions about the nature of
conflict have examined the interplay of law and ethics,
looking at concepts such as aggression, discrimination,
proportionality and attribution – the bread and butter
of the law of armed conflict.
Beyond the Cyber Domain: Hybrid Warfare
Analysis of how ethics applies to cyber operations is
focused on the technical application of cyber means
themselves, but in reality the cyber domain is consid-
ered as one tool among others for affecting an adver-
sary. In this sense, the emergence of new technology is
not the only driver of change; the first decade and a half
of the 21st century has seen new ways of integrating
different domains of interstate competition and influ-
ence to project power, challenging the way military
strength is considered and used.
While cyber attack is only one among multiple ele-
By Henri Collis
W ith cyber security making head-
lines with stories that features
rogue states, Hollywood and
the US Federal Government, it has never been more
high profile. This is symptomatic of the fact that, as
the world becomes more connected, the type and
volume of information stored and transmitted is ex-
panding in a way that introduces new risks and a fresh
set of considerations for defence and security. Under-
standing how the game has changed is, however, frag-
mented and addressing these risks requires grasping
not only the implications of cyber war in an opera-
tional sense, but also its complex relationship with the
evolving nature of conflict.
As the ways and means for cyber offence and de-
fence have multiplied, there has been realization for a
need to consider the ethical implications of its use.
Indeed, extensive debates have taken place about how
conflict may proceed in cyberspace. Examining this
through an ethical lens seeks to understand how con-
siderations of what is just and fair can be incorporated
in the debate on cyber security.
Implications at the Operational Level
Understanding whether there are direct legal cor-
ollaries between conventional and cyber conflicts is,
fraught with difficulty. Some discussions are straight-
forward, e.g. a cyber attack that uses network infra-
structure in a neutral country as a proxy is akin to
using their airspace for unauthorised overflight, which
would be illegal under international law. Other legal
definitions are harder to transpose. For example, the
What Cyber Changes:
Using Ethics to Inform
Atlantic Voices, Volume 5, Issue 4 14
ments in this new, blended or ‘hybrid’ approach, its flexi-
bility and ubiquity means it can be employed in various
ways throughout this type of campaign - using proxies to
manipulate opinion through cyber-enabled information
operations or denying communications infrastructure to
inhibit decision making. The key point when examining
the ethics of using cyber means to project power in this
way, is that any response does not necessarily have to be
via cyber means.
Retaliation can however take different forms, from
the projection of soft power, or political leverage through
international fora, to conventional kinetic operations. A
response through other means, however, is still governed
by the Law of Armed Conflict so principles such as dis-
crimination and proportionality must be carefully consid-
ered. But determining what is proportional when trans-
posing actions from the cyber domain to political or ki-
netic actions again raises a set of complex legal questions.
Moreover, the principle of attribution is particularly
fraught with difficulty in cyber space and the problem of
correctly identifying the perpetrator of an attack has al-
ready inhibited the actions of nations suffering a cyber
attack, this is compounded by the use of proxies as well
as the spontaneous actions of motivated citizens. The re-
sult is a diminished ability to quickly and accurately at-
tribute cyber attacks, meaning the ethical basis and legal-
ity of any response is undermined. This challenges the
principles of what good conduct looks like in a reconsti-
tuted form of conflict that crosses different domains, and
demands reconsideration of the ethical and underlying
legal questions. .
An Evolved and Perennial Competition
At a further level of abstraction these questions of at-
tribution are key to understanding how concepts of cyber
defence are part of a more fundamental evolution in the
nature of conflict and interstate competition. Competi-
tion between state and non-state adversaries now sees
military, informational, and electronic means being
directly used to create political outcomes. This differs
from a traditional concept of war whereby states seek
to set military or security conditions for a political re-
sult.
This shift in the nature of conflict, described by
Emile Simpson in War From the Ground Up, has been
brought to light by understanding the complexity of
counterinsurgency over the last 15 years. This was ob-
viated by NATO’s experience in Afghanistan where the
simple and traditional 'bi-polar' model of two states
confronting each other no longer applied. The conflict
can be viewed as highly fragmented and exploited by
actors at multiple levels for various political and eco-
nomic goals. In some cases these actors opportunisti-
cally adopted the language and activity of insurgency,
as if it were a franchise that they could buy into. Exter-
nally this had the effect of making the insurgency ap-
pear more coherent and unified than it really was,
when in fact many of the groups conducting operations
at a local level were not motivated or controlled by a
centrally administered Taliban.
This analysis of what was a relatively low-tech con-
flict might seem a long way from cyber warfare, but
assuming that states are currently unlikely to engage
overtly in activity that crosses thresholds for armed
attack, which provoke a stronger response, then the
issue of attribution elevates the role of cyber warfare as
an integral part of how they compete - utilizing a dif-
fuse, unattributable set of actors for its execution akin
to the franchisees in an insurgency.
The shift from something recognizable as bi-polar
interstate warfare to fragmented and lower level strug-
gles in this way describes a type of conflict that blends
violence or the threat of violence, with other domains
Atlantic Voices, Volume 5, Issue 4 15
tion the better.
In the short term this calls for alliance members to
engage in national and international exercises with both
military and civilian agencies to simulate the kind of
practical complexities and ethical dilemmas that might
arise. There is also a need to test readiness of cyber
defences and drive coordination between allies to build
a more resilient cyberspace that further enhances deter-
rence by denying the potential benefits of aggression or
interference.
If the Alliance challenges itself in this way it can help
identify where and how systems can be improved, de-
fine the interplay between different elements and do-
mains of conflict, but also obviate where skills need to
be developed to support long term improvement.
These are big questions and the debates around them
have a long way to go.
Understanding the nature of how conflict has
changed will not only inform those debates on an ethi-
cal and institutional level, but will also inform what is
needed for an effective policy response on a practical
level.
Henry Collis works at the UK Cabinet Office. His
previous experience includes spending three years at
HQ ISAF in Kabul as an assessment analyst and seven
years working across the middle east as an analyst and
consultant. He was a UK Delegate to the NATO Fu-
ture Leaders Summit in Wales in 2014.
Emile Simpson, War From The Ground Up, Co-lumbia University Press, 2012.
Tallinn Manual on the International Law applicable to Cyber Warfare, Cambridge University Press, 2013: https://ccdcoe.org/tallinn-manual.html
such as cyber attack and challenges where the bound-
ary for something recognisable as war now lies. It
brings a new level of uncertainty and raises the likeli-
hood of a new type of security challenge for NATO to
address, i.e. a conflict that is protracted and perennial
but falling short of open hostilities that would clearly
be subject to the law of armed conflict.
Conclusion
This shifting of traditional boundaries and recon-
sideration of conflict highlights the ethical questions
around the use of cyber means; uncertainty around
ethical use becomes amplified in this context. In this
mix, it is essential for policy makers to grasp these
debates, to understand how and why the boundaries
around where a conflict begins and what it looks like
are changing, and to see cyber in as wide a context as
possible to understand the full spectrum of its impact.
Despite the complexity around the use of cyber in
this type of conflict, the simple answer is to improve
the cyber security and information assurance of states
and their allies to deny adversaries benefits in the cy-
ber domain. NATO members, however, have differ-
ent levels of ability in this regard. The creation of pan
-Alliance standards through the NATO Defence Plan-
ning Process and the sharing of best practice from
technology to policy have begun and these must be
followed-through to ensure all members reach a se-
cure baseline of protective and defensive measures.
Nonetheless, policy makers need to prepare for
the complex ethical dilemmas raised by the potential
need to respond to a cyber attack as part of a more
ephemeral but enduring conflict. When this emerges
decisions will need to be made quickly, meaning there
can be little time for lengthy debate - the more think-
ing and preparation can be done ahead of a real situa-
About the author
Bibliography
This publication is coThis publication is coThis publication is co---sponsored by the sponsored by the sponsored by the
North Atlantic Treaty OrganizationNorth Atlantic Treaty OrganizationNorth Atlantic Treaty Organization
Atlantic Voices is always seeking new material. If you are a young
researcher, subject expert or professional and feel you have a valuable
contribution to make to the debate, then please get in touch.
We are looking for papers, essays, and book reviews on issues of
importance to the NATO Alliance. For details of how to submit your
work please see our website. Further enquiries can also be directed to the
ATA Secretariat at the address listed below.
Editor: Flora Pidoux
ATA Programs
On April 28th the NATO Council of Canada will host a confer-
ence on Women,Peace and Security in cooperation with the Royal
Canadian Military Institute. Speakers include: NATO’s Special
Representative for Women,Peace and Security, Amb Marriet
Schuurman; Hon. Mobina Jeffer, US Senator; and Almas Jiwani,
President at the UN Women Canada National Committee.
The Bulgarian Euro-Atlantic Youth Club has the pleasure of invit-
ing participants to the Second NATO Summer School 2015, which is a
one-week international seminar focusing on some of the most important
security aspects for NATO in the period after 2014. The seminar will
take place on the 30th May -7th June 2015 in Smolyan, Bulgaria.
This year’s seminar will focus on key topics such as preparing for
threats in emergent spaces, including cyber space and maritime security,
Smart Defence and planning for the future in times of austerity, NATO's
role as a global security actor, NATO-Ukraine cooperation for 2015,
NATO-Russia relations, women’s role in peace and security, war against
terrorism, and NATO transparency and reforms. Topics like these we
would like to shed light on through discussions, panel debates and group
activities. The seminar will go through a direct contact between young
people, representatives of NGOs, media, representatives of govern-
ments, panel discussions, workshops and debates, presented by experts,
professors and competitive speakers.
Images should not be reproduced without permission from sources listed, and remain the sole property of those sources. Unless otherwise stated, all images are the property of NATO.
Atlantic Voices is the monthly publication of the Atlantic Treaty Associa-
tion. It aims to inform the debate on key issues that affect the North Atlantic
Treaty Organization, its goals and its future. The work published in Atlantic
Voices is written by young professionals and researchers.
The Atlantic Treaty Association (ATA) is an international non-
governmental organization based in Brussels working to facilitate global
networks and the sharing of knowledge on transatlantic cooperation and
security. By convening political, diplomatic and military leaders with
academics, media representatives and young professionals, the ATA promotes
the values set forth in the North Atlantic Treaty: Democracy, Freedom,
Liberty, Peace, Security and Rule of Law. The ATA membership extends to 37
countries from North America to the Caucasus throughout Europe. In 1996,
the Youth Atlantic Treaty Association (YATA) was created to specifially
include to the successor generation in our work.
Since 1954, the ATA has advanced the public’s knowledge and
understanding of the importance of joint efforts to transatlantic security
through its international programs, such as the Central and South Eastern
European Security Forum, the Ukraine Dialogue and its Educational Platform.
In 2011, the ATA adopted a new set of strategic goals that reflects the
constantly evolving dynamics of international cooperation. These goals include:
the establishment of new and competitive programs on international
security issues.
the development of research initiatives and security-related events for
its members.
the expansion of ATA’s international network of experts to countries in
Northern Africa and Asia.
The ATA is realizing these goals through new programs, more policy
activism and greater emphasis on joint research initiatives.
These programs will also aid in the establishment of a network of
international policy experts and professionals engaged in a dialogue with
NATO.
The views expressed in this article are entirely those of the authors. They do not necessarily represent the views of the Atlantic Treaty Association, its members, affiliates or staff.