Collective Defense in Cyberspace as a new Challenge

Modern Threats and NATO’s New Strategic Concept

For Bosnia and Herzegovina, integration with NATO will mean more than military alliances and joint maneuvers. It will also require cyber integration and coordination against cyber threats as NATO continues to develop its own protocols for responding to cyber threats

The international community has established norms for punishing subversive state behavior: a naval blockade is an act of war; espionage is a capital offence; and the harboring of terrorists is tantamount to casus beli. Yet, what if there were ways for states and individuals alike to paralyze entire economies, compromise state secrets, and instill fear in whole populations for a fraction of the cost and political repercussions?

Reality of Today

This is now a modern reality with the advent of cyber attacks against state infrastructure. In an interview with “The New New Internet,” Scott Borg, an expert in cyber attacks, had this to say:

“The worst cyber attacks would be ones that would physically destroy critical infrastructures:  wrecking large numbers of big electric generators, blowing up oil refineries and pipelines, crashing trains in tunnels and on bridges, causing leakages of toxic substances from chemical plants, and so on.  In addition to killing some people immediately, these sorts of attacks could deprive large populations of essential goods and services for extended periods of time.  Some of them would cause most of the economic activity in the affected region to shut down. The total economic destruction caused by an intense campaign of such attacks could be greater than the damage done to Germany and Japan by strategic bombing during World War II.”[i]

The use of cyber attacks is especially appealing to individual and state actors alike, precisely because it is difficult to trace the specific origin of the attacks. It is well established that governments use proxy organizations to facilitate malicious attacks in order to avoid the international furor raised by the disruption of economic, political, and military processes.[ii]

In April of 2007 Estonia, a NATO member state, suffered a significant attack against its cyber infrastructure. The attack targeted Estonian governmental, media, and banking entities which were damaged as a result. [iii]

Estonia had been spearheading cooperative cyber defence initiatives prior to the cyber attacks of 2007. In 2004, the concept for the Cooperative Cyber Defence Centre of Excellence (CCDCE) was advanced in Estonia and proposed to NATO.[iv] Nevertheless, caught amidst the controversy surrounding the removal of a Soviet soldier memorial, nationalist hackers compromised the technologically advanced infrastructure of Estonia.

As part of its New Strategic Concept, NATO advisors have proposed adding cyber attacks as a new and developing threat. According to the recommendations for NATO’s 2010 New Strategic Concept, “NATO must accelerate efforts to respond to the danger of cyber attacks by protecting its own communications and command systems, helping Allies to improve their ability to prevent and recover from attacks, and developing an array of cyber defence capabilities aimed at effective detection and deterrence.[v]

The New Strategic Concept reflects NATO’s most recent efforts to preserve itself as an effective alliance. Cyber threats pose a unique challenge to NATO. The Alliance formed during a time when threats were wielded primarily by states, as is reflected in the NATO Charter. Yet the twenty-first century has already furnished numerous examples of non-state actors, remotely acting against state infrastructure. NATO now finds itself needing to retool its organization in order to face these emerging threats.

To assist in the effort of transformation, NATO looks to what it calls Centres of Excellence. A Centre of Excellence is a “nationally or multi-nationally sponsored entity, which offers recognized expertise and experience to the benefit of the Alliance, especially in support of transformation. It provides opportunities to enhance education and training, to improve interoperability and capabilities, to assist in doctrine development and/or to test and validate concepts through experimentation.” In the face of growing threats, NATO members are expanding the mission of the Cooperative Cyber Defence Centre of Excellence started in Tallinn.

Critical Element

The Cooperative Cyber Defence Centre of Excellence offers a new form of collective defense, one that does not equate to the amassing of armies and military hardware. Twenty-first century collective defense requires closer collaboration between the state agencies to detect and combat cyber attacks. The CCDCE aims to be at the center of NATO collective cyber security for member and partner states by providing expertise and standards of interoperability.[vi]

By October of 2008, CCDCE in Estonia had received full accreditation by NATO as an International Military Organization. Initially, only seven nations funded the efforts of CCDCE: Estonia, Germany, Italy, Latvia, Lithuania, Slovak Republic, and Spain. By the end of 2008, the United States and Turkey had also announced their intentions to become sponsoring nations.

According to the recommendations for the New Strategic Concept, NATO views partnerships with non-NATO countries as a critical element to its own security. Close partnerships with non-NATO states will help to establish new norms for responding to cyber attacks and increase the effectiveness of NATO efforts.

Text and photo by Michael MORELAND