International stability has been challenged in recent days. Peace on the European continent has been fundamentally shattered. The Alliance’s foundational commitment to the principles of individual liberty, democracy, human rights, and the rule of law also fully applies in the realm of emerging technological challenges. These evolving threats include those ithin the cyber domain, which increasingly challenge the NATO Alliance as part of the growing strategic competition in international security.
This volume of edited papers is intended to help inform decision-makers so they better understand the critical features of, and differences among, the various cyber threats we face. Threat actors are increasingly seeking to destabilise the Alliance through the cyber domain by employing malicious cyber activities and campaigns below the threshold of an armed attack.
Early in the decade of the 2000s, NATO developed its cyber capabilities as a purely technical issue. Cyber defence first became part of NATO’s core task of collective defence in 2014. Allied heads of state and government endorsed NATO’s Comprehensive Cyber Defence Policy in June 2021, further incorporating cyber defence into NATO’s broader approach of deterrence and defence. These changes build upon the important understanding that the cyber domain must properly align with NATO strategic decision-making.
In the 2021 policy, NATO acknowledged that only a comprehensive approach to cyberspace could respond to a domain that is contested at all times by threat actors. A proactive approach requires a coordinated effort between the distinct cyber mandates and activities at the political, military, and technical levels.
NATO’s core role is to defend its own networks while also using its entire toolbox – political, diplomatic, and military measures – to respond to the full spectrum of cyber threats. Lower-impact malicious cyber campaigns over time by the same threat actor are understood to be potentially as destructive as a single high-impact cyberattack. Allies recognise that the impact of significant and cumulative malicious cyber activities might, in certain circumstances, be considered as amounting to an armed attack.
NATO must and will enhance its role as a platform for political consultation among Allies, to share concerns about malicious cyber activities, possible collective responses, and the option to impose costs on those who harm Alliance security. Increased information and intelligence-sharing supports political consultations. Resilience remains a priority and Allies must be continuously prepared to detect, prevent, mitigate, and respond to vulnerabilities and intrusions. Future efforts in this area will continue to build on the Cyber Defence Pledge that Allies adopted in 2016 to maintain robust defences that also harness partnerships and leverage technological innovation.
Cyber defence is a strategic issue, not just a technical matter to be left to specialists. Malicious cyber activity presents an immense challenge, as it blurs the lines between the traditional thresholds of peace, crisis, and conflict. Preserving security now requires taking into account the constant competition that is taking place in cyberspace. This volume is intended to help leaders and policymakers as they consider the way forward.
Views: 1
