NATO Declares Joint Cyber DefenseLeaders at Summit Call for Strengthening Cybersecurity
NATO leaders have agreed that a cyber-attack on one member nation could be treated as a cyber-attack on all members, meaning the alliance could respond by launching military or cyber attacks against an adversary.
See Also: Data Security Risk: A CISO's Perspective
"Today, we declare that cyber-defense is part of NATO's core task of collective defense," NATO Secretary-General Anders Fogh Rasmussen says.
But the term "cyber-attack" wasn't defined in the communique issued Sept. 5 at the conclusion of the NATO summit in Wales.
"We affirm ... that cyber-defense is part of NATO's core task of collective defense," the communique states. "A decision as to when a cyber-attack would lead to the invocation of Article 5 would be taken by the North American Council on a case-by-case basis." The North American Council is the principal political decision-making body within NATO.
Article 5 of the NATO charter states that an attack on one member state will be treated as an attack on all member nations. President Obama emphasized that point during his visit to Estonia on Sept. 4 when he pledged that NATO and the United States would come to that nation's defense if Russia attacked the NATO member state.
Defining what constitutes a cyber-attack will be a challenge for the North American Council (see NATO Faces Challenges in Mounting Cyber-Defense). And in reacting to cyber-attacks, a key challenge will be precisely determining who waged the attack, says retired U.S. Air Force Lieutenant Gen. Raduege, who as the former director of the Defense Information Systems Agency worked with his counterparts in NATO.
"As cyber-attacks evolve today, they involve numerous people, organizations or activities that quite often are spread out across in a globally, syndicated activity against a target organization or activity or nation," Raduege says.
NATO leaders agree that cyber-attacks could reach a level that threatens the prosperity, security and stability of its member nations and the Euro-Atlantic area. "They could harm our modern societies as much as a conventional attack," Rasmussen says.
The communique, known as the Wales Summit Declaration, acknowledges that cyber-attacks will become more common, sophisticated and potentially damaging. The NATO leaders endorsed an Enhanced Cyber Defense Policy. According to the policy, each member nation is primarily responsible to defend its own networks, with the assistance of NATO and other member states.
"Strong partnerships play a key role in addressing cyber threats and risks," the communique says. "We will, therefore, continue to engage actively on cyber issues with relevant partner nations on a case-by-case basis and with other international organizations, including the EU, as agreed, and will intensify our cooperation with industry through a NATO Industry Cyber Partnership. Technological innovations and expertise from the private sector are crucial to enable NATO and allies to achieve the Enhanced Cyber Defense Policy's objectives."