Collective cyber defence and attack: NATO’s Article 5 after the Ukraine conflict


With the Russian invasion of Ukraine on February 24, 2022, American and Western European experts predicted the devastating and harmful cyber effects that predict a kinetic war. However, in recent weeks, numerous Russian actions in cyberspace have largely gone under the radar due to actions by the cybersecurity industry, or so-called “patriotic hackers”, who have taken it upon themselves to oppose Russian cyberspace aggression and attacks. Russian cyber infrastructure. In light of developments such as these, the North Atlantic Treaty Organization (NATO) should consider and formulate a policy for collective cyber defense and potentially attack, according to Article 5 of the NATO Charter.

Cyberspace has spread around the world, especially in critical infrastructure, as technology has overshadowed traditional definitions of computing. Non-traditional computers are in their pockets, they are able to make phone calls and, more and more often, take high-resolution photos. These non-traditional computers also maintain the proper temperature of food in kitchens, give instructions in cars and monitor the movement and health of people’s wrists. But more importantly, these non-traditional computers reside in critical infrastructure centers and display data for operators in the form of large monitors on the walls, showing the physical environment via closed-circuit television cameras. Many of these devices, which often lack antivirus protection and use vulnerable protocols, exist in critical infrastructure, either originally or brought to these environments by employees. Electricity generation and distribution, telecommunications, finance, and water treatment and distribution are some examples of critical infrastructure managed by computer-controlled systems. The problem is exacerbated by the fact that the Internet does not adhere to national borders, which makes forensic investigation and attribution more difficult. Critical infrastructure sectors rely heavily on automation and thus online control, as described in the U.S. National Maritime Cyber ​​Security Strategy.

Recent government activities show how cyber operations can have physical consequences. In the summer of 2020, Iranian hacking of Israeli water treatment plants was close to excessive chlorination of water, turning taps into poison dispensers. Recently, in February 2022, in an attempt to cut off communications within Ukraine, Russian cyber attacks on Viasat satellite networks disrupted the production and distribution of electricity in windmills in Germany. In addition, Russia has in the past – and will continue in the current war only in April 2022 – target systems for the production and distribution of electricity with cyber effects and damage Ukraine’s civilian and military infrastructure. As the examples above show, cyber attacks are not limited to online sites, but their impact can be felt in the physical world. As a result, NATO must prepare for the growth and expansion of these activities.

Following deficiencies in the 2015 report of the United Nations Group of Governmental Experts on Information and Telecommunications in the Context of National Security, there is still a lack of consensus on the seriousness of cyberspace operations targeting critical infrastructure that requires collective and even national responses. Individual nations have constructed individual criteria and response actions, using diplomacy, information, military, or economic action. Mostly they did it alone or in combination with other states. However, NATO has not formulated a coherent analogue response and as a result does not have a publicly recognized policy on cyberspace activities that would be a necessary collective response under Article 5. In order for NATO to maintain its current relevance and maintain it in the coming years this paradigm must change.

NATO needs to adjust its thinking on methods of warfare as cyberspace operations – both destructive attacks and disinformation – continue to grow in complexity and in some areas even replace traditional kinetic operations. To fulfill this role in kinetic and non-kinetic areas, NATO must be prepared for hybrid forms of warfare and be prepared to join the alliance as a cohesive and tailored response to crime. This is increasingly important as Russia continues to threaten potential future NATO members, such as Finland and Sweden, which should join the alliance in the coming months. Russia has openly stated that the invasion of Ukraine was, in part, a response to NATO’s expansion to the east. Although Russia has considered NATO expansion to the former Soviet states problematic since the collapse of the Soviet Union, Moscow has recently begun condemning potential expansion beyond its supposed immediate sphere of influence. For example, on April 14, 2022, Russian Foreign Minister Sergei Lavrov warned that the inclusion of Finland and Sweden in the military alliance would have dire consequences, including the strengthening of Russia’s nuclear weapons in the Baltic Sea region.

Given the increased emphasis and importance of the transatlantic alliance that led to and during the Russian invasion of Ukraine, it is imperative for member states to identify and agree on more pronounced “triggers” or “red lines” that determine what constitutes sufficiently critical action in cyber room for discussion on Article 5, and if necessary, a potential invitation. Furthermore, in order to improve its readiness in cyberspace, special policies must be developed outlining synchronized actions taken jointly by members to prevent Russian malicious activities in the cyberspace under Article 5 to allow for a swift and coordinated response. The dominance of the United States, Britain, Australia, Canada and New Zealand, known in government as the FVEY, or Petooki, underscores the urgent need for the alliance to develop a policy to deal with the collective defense of NATO members. An effective NATO policy should address collective and coordinated cyberspace operations, both offensive and defensive. Currently, NATO, as a military institution, lacks “rules of engagement” for cyberspace, and individual member states lack a standardized threshold or guidelines for response. Therefore, NATO must define the activities, the “red lines” and the threshold to which a response occurs, as well as what a coordinated kinetic / cyber response would entail. The interconnectedness of Europe’s critical infrastructure, as highlighted by Russia’s ViaSat communications attack affecting wind energy production and distribution in Germany, underscores the demand that NATO address cyberspace as a critical domain. As a result, we recommend:

In the event of contradictory actions in cyberspace that justify action under Article 5, the NATO Commander shall become the Commander and Coordinator for all cyberspace activities, both defensive and offensive, by NATO nations in the hostilities zone. NATO identifies, establishes, prioritizes and continuously improves critical infrastructure and key resources within member countries, as well as criteria for what constitutes necessary action for collective responses. NATO identifies boundaries of activity, or “red lines” that result in discussions on the response to Article 5. NATO members present intelligence to the NATO Commander identifying indications, warnings and attributions of cyber attacks, both for response action and, where applicable, for public consumption. NATO members represent the legal limitations and capabilities of nations to the NATO Commander, enabling them to maximize the capacities and capabilities of nations.

NATO must recognize cyberspace as it is – the interlocutor of networks and devices from critical infrastructure control systems to seemingly anonymous devices that work in the background of our lives. This interconnectedness of the invisible thread of information, however, is a critical vulnerability in the stability of societies. NATO must plan to protect member states’ infrastructure and key resources as a concerted effort, not a one-nation operation undertaken by several nations. To do so, NATO must identify and prioritize protection infrastructure, as well as criteria and policies. The recent Russian invasion of Ukraine and the Kremlin’s intensified aggression, not only in the kinetic but also in the non-kinetic spheres, is a stark reminder that the alternative to further delaying the inevitable recognition of cyberspace as it stands will eventually prove costly.

The opinions articulated above represent the views of the authors and do not necessarily reflect the views of the European Leadership Network or any of its members. The goal of the ELN is to stimulate debates that will help develop Europe’s capacity to face the urgent challenges of foreign, defense and security policy of our time.

Image: Wikimedia Commons, Ecole polytechnique

Comments are closed.