This week NATO held its largest ever cyber warfare exercise. Cyber Coalition has taken place every year for the past 10 years. It's a chance for NATO countries to get together and test their ability to respond to cyber threats.
For those of us in the cybersecurity industry, it’s also a chance to glean some clues about the future priorities of the coalition. Each time such a large exercise takes place, important information is invariably leaked. This week’s exercise was no different.
According to officials, and reported through Reuters, NATO is considering a shift in its stance on cyber weapons. Up until now, the coalition has focused purely on defending member states from attacks. Now, it appears, some of these states want to allow offensive cyber attacks. "There’s a change in the (NATO) mindset to accept that computers, just like aircraft and ships, have an offensive capability," U.S. Navy Commander Michael Widmann told Reuters.
This is certainly welcome news. NATO is not known as the most agile organization, and it seems that it is slowly coming to realize the importance of cyber warfare. Though the coalition recognized cyber as a "domain of warfare" back in 2014, its policies on how to respond to cyber attacks have remained frustratingly vague.
Quite apart from the inherent conservatism of the organization, there may be several reasons for this.
The first is simply that Western governments are embarrassed to admit that they already possess cyber capabilities. The unending stream of headlines about attacks launched from North Korea and Iran have led to a strong association, in the public mind, between totalitarian states and the use of cyber weapons. Thus, the U.S. and Europe are hesitant to sanction their use, lest they be seen as similarly oppressive.
The second issue, and one often overlooked, is one of standardization. NATO is something of a unique organisation, in that member states are theoretically supposed to have access to precisely the same military hardware and training, in order to make co-operation between them as easy as possible.
This is the reason, for example, why all NATO vehicles use diesel fuel (even the motorbikes!), and why all NATO handguns have the same calibers: if all armies have the same logistic systems, they should be able to support each other easily.
The problem with this, when it comes to cyber warfare, is that it would require the intelligence troops of all NATO nations to be trained on the operation and design of cyber weapons. Sharing cyber weapons — even between allies — runs the risk that they will fall into the wrong hands: tanks and missiles cannot simply be downloaded by Russian hackers — cyber tools can.
By far the biggest problem, though, is one that I have raised in this column before: there remains no agreement on what constitutes a cyber attack, "offensive" or otherwise. For this reason, allowing members of NATO to respond offensively to attacks could lead to a cycle of escalation. If North Korea hacks Sweden, for instance, in order to "merely" steal hundreds of dollars, does this constitute an act of war?
Ultimately, this is not NATO’s fault. The coalition cannot formulate a clear policy on cyber warfare until an underlying issue — the definition of what constitutes a "cyber attack" — is addressed, and this is unlikely to happen any time soon, no matter how frequently people like me argue for it.
Sam Bocetta is a defense contractor for the U.S. Navy, a defense analyst, and a freelance journalist. He specializes in finding radical — and often heretical — solutions to "impossible" ballistics problems. Through Lakeview Capital, he also cultivates funding for projects — usually naval, defense, and UAV startups. He writes about naval engineering, mechanical engineering, electrical engineering, marine ops, program management, defense contracting, export control, international commerce, patents, InfoSec, cryptography, cyberwarfare, and cyberdefense. To read more of his reports — Click Here Now.
© 2022 Newsmax. All rights reserved.