CyberCrimeSecuritySecurity Management

NATO Plots Cyber Warfare Rules

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

NATO members to draw up rules and on how and when to deploy its cyber warfare capabilities

Member states of the North Atlantic Treaty Organisation (NATO) are drawing up cyber warfare principles that will govern how and when to conduct cyber warfare operations.

NATO is hoping to have these new principles in place for agreement by 2019, and their creation reflects how cyber warfare operations are now being viewed as a valid military measure.

Ever since 2011 the United States has said that it reserves the right to to retaliate with military force against a cyber attack from a hostile state.

cyber war - Shutterstock: © jcjgphotography

Warfare Guidelines

And now NATO countries including the United States, the UK, Germany, Norway, Spain, Denmark and the Netherlands are drawing up cyber warfare principles.

These principles will guide NATO military forces on issues such as what justifies deploying cyber attack weapons more broadly, Reuters reported.

The move signals that NATO is preparing to develop the ability to respond military to state-sponsored computer hackers. This could mean that NATO doctrine shifts from a defensive stance, to a much more confrontational approach.

The development comes after Western officials have pointed to the offensive cyber warfare capabilities of nation states such as Russia, China and North Korea.

Cyber attacks from these countries have often resulted in either the theft of valuable data, or crippling attacks against electricity grids, as evidenced by the recent attacks in Ukraine which shut down electricity supplies in major cities.

“There’s a change in the (NATO) mindset to accept that computers, just like aircraft and ships, have an offensive capability,” US Navy Commander Michael Widmann told Reuters.

Widmann was speaking at the NATO Cooperative Cyber Defence Centre of Excellence, a research center affiliated to NATO that is coordinating doctrine writing.

Does IoT security concern you?

View Results

Loading ... Loading ...

Offensive Capabilities

It is well known that Western countries have been playing catch up over the last few years to develop their own offensive cyber attack weapons, and increase the resilience of current weapon platforms against cyber attack.

In February the then British Defence Secretary Sir Michael Fallon issued a stark warning about the scale of Russian cyber attacks.

He said that Russia was carrying out a sustained campaign of cyber attacks targeting democracy and critical infrastructure in the West.

“Russia is clearly testing NATO and the West,” he said at the time. “It is seeking to expand its sphere of influence, destabilise countries, and weaken the Alliance. It is undermining national security for many allies and the international rules-based system.”

The UK has also doubled its investment on defensive and offensive cyber capability to £1.9 billion and is known to have its own cyber offensive capabilities.

The United States has also modernised its own cyber warfare weapons arsenal.

Indeed, the US and Israel are widely believed to have developed the Stuxnet malware, that caused so much carnage to Iranian nuclear infrastructure. That malware is said to have damaged nearly 3,000 centrifuges in the Natanz facility in Iran.

And it is report that the United States, Britain, the Netherlands, Germany and France have their own “cyber commands”, essentially special headquarters to combat cyber espionage and hacks of critical infrastructure.

Indeed, in 2015 British and American security officials teamed up to attack each other’s financial districts, as part of a war-games attack on Wall Street and the City of London.

Earlier this month US-CERT and the FBI warned that North Korea has a cyber army working in the shadows to attack western interests.

In 2013 NATO drew up a legal manual that said that cyber war attacks could be a legitimate part of international conflict, but they should not hit civilian targets such as the technology behind hospitals and power stations.

Do you know all about security in 2017? Try our quiz!