NATO is taking further steps to adapt to emerging technological challenges. At the Warsaw Summit member states made significant long-term decisions on cyber security, including recognition of cyber space as a fifth domain of warfare, in which will be operational, in addition to air, sea, land and space.
Official recognition of cyberspace as a domain of warfare means that, under Article 3 of the Washington Treaty, that member states have a responsibility to defend and develop national cyber security infrastructure in order to protect the Alliance’s own networks and communication systems. Enhancing defensive capabilities of Information and Communications Technology (ICT) networks is key to guaranteeing the success of future NATO missions, in both the physical and cyber domains.
NATO is entering into a cyber battlefield. Virtual space will be an inherent part of the NATO operations and exercises from this point onward. Recent military exercises, such as Ankonda 2016 in Poland, the inclusion of a cyber scenario explicitly demonstrated that this element is a significant component of preparation for future military operations.
Recognising cyberspace updates NATO cyber defence posture to “protect and conduct operations across these domains and maintain our freedom of action and decision, in all circumstances.” From a practical perspective, this decision means that attacks carried out in cyberspace on NATO members may trigger an invocation of Article 5.
The Warsaw Cyber Defence Pledge to “keep pace with the fast evolving cyber threat landscape …” is a good prognostic for the future cyber security policy of the Alliance. Member states perceive the importance of cyber space in ensuring a country’s overall security. The pledge address primary steps toward enhanced cyber capabilities, but some member states may find this challenging as it will likely require an increase, if not only a reallocation, of funding to support these objectives.
The decision to intensifying the Cyber Range framework is a consequence of the need to organise more cyber trainings and exercises for NATO members in order to integrate cyberspace with NATO military operability.
NATO should align its cyber defence policy with its strategic posture in the Strategic Concept. The Alliance should adopt a cyber security doctrine and procedures as part of the Concept in order to define its role as a military alliance in the cyberspace. Establishment of a cyber doctrine would provide a clear message to NATO partners as well as adversaries.
Moreover, NATO should establish a Cyber Command aimed at conducting defensive cyber operations, and doing so in immediately following the recognition of the cyber domain of warfare is the ideal opportunity.
Following the establishment of a Cyber Command, NATO must develop offensive cyber capabilities. Including offensive capabilities into the Alliance’s cyber doctrine would play an inter alia deterrence role in cyber space. This addition to NATO’s force structure and response doctrine will increase the credibility of Alliance deterrence as cyber operations are increasingly folded into military operations. This recommendation comes after the success that Russia has had in integrating offensive cyber capabilities, include denial-of-service operations and malware software into its wider foreign and security policies.
There are two main thoughts that support NATO’s pursuit of offensive cyber capabilities. Firstly, cyber is compatible with combat operations which NATO may conduct in the future. For instance, air operations require cyber support and utilize electronic warfare capabilities and are thus dependent upon robust security and advancements in technology that are used in missions. Offensive capabilities will certainly shape the battlefields of the future.
Secondly, the Alliance’s adversaries are increasingly employing offensive cyberattacks as part of hybrid warfare campaigns. Threat scan come from non-state actors, such as the Syrian Electronic Army or PLA Unit 61398 from China. NATO must continue to adapt its strategy to address cyber threats arising from individuals, as well as states.
The Warsaw Summit emphasised the significance of cyber security to the Alliance and renewed its commitment to maintain freedom of action and decisions in the cyber domain in all circumstances. Though this was an important step, NATO must decide how it will adapt to address challenges in this newly recognized domain. The Alliance should make the establishment of a Cyber Command with offensive cyber capabilities a priority as it develops the policies, procedures, and legal framework to adapt to the new realities of security threats to NATO.
1 NATO Cyber Defence Pledge Official text http://www.nato.int/cps/en/natohq/official_texts_133177.htm?selectedLocale=en
Mateusz Krupczyński is a Specialist in the Analysis Division at the National Center for Strategic Studies in Warsaw/ He is also an Atlantic Council Future NATO Fellow. Photo credit: US Department of Defense.