NATO To Use Cyber Effects in Defensive Operations

NATO steps up rhetoric on the use of cyber with nations' cyber weapon capabilities to be integrated into NATO missions and operations.

Anita Hawser
10 November 2017
The cyber defense team at Pease National Air Guard Base (US Air National Guard photo illustration by Staff Sgt. Kayla Rorick)



IIntegrating cyber warfare into combatant commands so it can be used both offensively and defensively in operations is the ambition of most modern militaries. The US has made no secret of the fact that in addition to air strikes, it is also conducting cyber operations to try and defeat ISIS or Daesh in Syria and Iraq.

Little is known about the nature of these operations, but they probably entail attempts to disrupt Daesh’s command and control networks, military-related critical infrastructure and weapons capabilities, as well as information warfare; using social and other media to try and counteract Daesh’s message and online propaganda.

Other countries like the Netherlands and the UK have spoken openly about using cyber both offensively and defensively, and now NATO is talking about cyber, and not just in terms of defending NATO military networks against attacks.

Whilst NATO cannot develop offensive cyber capabilities, it is possible within the framework of coalition operations that it could be done unilaterally, multilaterally or bilaterally by countries. NATO Secretary-General Jens Stoltenberg suggested that at this week’s meeting of NATO Defence Ministers in Brussels.

“We must be just as effective in the cyber domain as we are on land, at sea and in the air, with real-time understanding of the threats we face and the ability to respond however and whenever we choose,” he stated at a press conference following the meeting of ministers.

At the meeting, Defence Ministers agreed to create a new Cyber Operations Centre as part of the outline design for the adapted NATO Command Structure. “This will strengthen our cyber defences,” says Stoltenberg, “and help integrate cyber into NATO planning and operations at all levels. We also agreed that we will be able to integrate Allies’ national cyber capabilities into NATO missions and operations. While nations maintain full ownership of those capabilities, just as Allies own the tanks, the ships and aircraft in NATO missions.”



NATO Secretary General Jens Stoltenberg: Using cyber capabilities may be a more proportionate response (Photo courtesty of NATO)




Reading between the lines, that suggests that NATO may not develop cyber offensive capabilities itself, but that it will happily leverage those of its Allies in NATO operations. As Stoltenberg pointed out, “NATO is a defensive alliance, whose actions are subject to political oversight and international law.”

The Tallinn Manual, authored by 19 international law experts, looks at how existing international law applies to the cyber domain. It concludes that international law is applicable to cyber, just as it is in the physical realm, with states having both rights and bear obligations under international law.

The applicabiity of international law in the cyber domain, hasn’t really been put to the test, however. Whilst cyber attacks in Ukraine, Estonia and the West (WannaCry), which impacted the functioning of government networks and public infrastructures, have been attributed to states like Russia and North Korea, other than the Stuxnet virus, which was purportedly developed by the US and Israel to use against Iran's nuclear reactors, little is known about the West or NATO member countries’ cyber offensive capabilities and their use  of them to date.

The suggestion is that whilst countries may have cyber offensive capabilites,  when it comes to using them to degrade or destroy another country's infrastructure,  most countries are exercising a degree of "self-restraint". 

In the example of the Coalition fight against ISIS or Daesh in Syria and Iraq, cyber is just one weapon that is being used alongside more kinetic effects. On its own, cyber attacks are not going to defeat ISIS. Russia, however, has demonstrated to great effect in Ukraine and Georgia how the cyber domain can be used to weaken an opponent to prepare the ground ahead of sending in troops and traditional forms of weaponry. 

One of the ‘attractive’ aspects of cyber for most countries is enshrined in the concept of ‘proportionality’—a cyber attack used as a retaliatory measure could be considered a more proportional response than say a weapon that has a kinetic effect. In response to a question from the press as to whether a cyber weapon is less harmful than a bomb, Stoltenberg had this to say:



“Using cyber capabilities may be a more proportionate response and that's the reason why I welcome that we are now integrating national cyber capabilities into NATO missions and operations and that we have agreed the principles of doing that. For NATO, it is always our aim to use minimum force to achieve maximum effect and therefore cyber effects may be the best response. That depends very much on the situation, but we have seen that NATO allies have been using cyber capabilities against ISIS in Iraq and Syria, and that has been important in the fight against ISIS, and I strongly believe that in any military conflict cyber will be an integrated part, and, therefore, we need to strengthen our cyber defences and our cyber capabilities."

Jens Stoltenberg, NATO Secretary General



Stoltenberg says national cyber capabilities will be integrated into NATO missions and operations as it seeks to integrate conventional capabilities such as ships, tanks and planes. “It will still be under full national control, but they will be integrated into NATO missions and operations,” he explains. “Let me also add that as part of our strengthening of our cyber defences, we have also decided to establish, or have established, cyber as a military domain, and we have also decided that cyberattacks can trigger Article 5. So, integrating national cyber effects into NATO missions and operations is yet another step to strengthen cyber in NATO.”

Interestingly, however,  the WannaCry ransomware cyber attacks this summer on government computer networks across a number of NATO and international countries, did not invoke Article 5 of NATO's charter, which perhaps  serves to highlights the challenge of attribution. If you cannot directly attribute a cyber attack to a particular State, how can you respond in turn with a defensive cyber attack. 

Stoltenberg said he would not speculate exactly when and how NATO would use cyber effects in defensive operations. “I'll only underline that it will be in accordance with international law, it will be national-owned and controlled capabilities, and it will be a way to respond in ways that can be more proportionate than when we are forced to only use conventional forces. But I think it will be wrong if I start to speculate exactly on how and where. I can just refer to that NATO allies have used it against ISIS in a very effective way.”