NATO have given Cyber Warriors their own operational domain – maybe a case of better late than never?
It’s taken a while, but NATO Secretary General Jens Stoltenberg announced that cyber warriors now have their seat at the table! The 28-member alliance has agreed to declare cyber an operational domain, much as the sea, air and land are.
The really important result of this is that, for the first time, a cyber attack could trigger Article 5, the core NATO language that mandates an attack on one country is an attack on all. This clarifies some strategic ambiguity and assuages a major concern of allies like Estonia, victim of Russian cyberattacks in 2007, who feared Russia could bring them to their knees electronically while the rest of NATO stood by. “We have decided that a cyber attack can trigger Article 5,” Stoltenberg told reporters in an end-of-day press conference.
Handing the cyber warriors their own domain will mean NATO “will coordinate and organize our efforts to protect against cyber attacks in more efficient and effective way. It also will help defend individual nations defend their networks.” The secretary general also said the alliance will work closely with the European Union on cyber defense and related issues. Given how intertwined domestic and military networks can be, that certainly makes sense.
On the defensive side…
Former National Security Council cyber security director Richard Clarke says the military hasn’t done enough to secure today’s networked weapons systems against hacking
“The nightmare scenario that I hear a lot of flag officers worrying about is, they get involved in a combat situation against a sophisticated enemy and that sophisticated enemy activates trap doors and shuts off systems and you’ve got beautiful aircraft and beautiful naval vessels or missiles that just sit there,” Clarke said yesterday at an American Institute of Aeronautics and Astronautics conference in Washington, where he spoke on cyber security.
Clarke’s AIAA remarks focused on the evolution of the cyber threat from its beginnings a decade and a half ago in the form of government on government hacking for espionage to government hacking for industrial espionage to criminal hacking for profit to today’s increasing threats of hacking to disrupt everything from power grids to movie studios or to make corporations pay to be freed from ransomware.
Clarke’s remarks are somewhat concerning if not downright scary!
Clarke, is chairman and chief executive officer of Good Harbor Security Risk Management spends most of his time consulting on cyber security and, in 2012, published Cyber War, one of his many books. “The problem is that there’s millions of code applications running in weapons systems. Some of them have been verified by running repeated different ways of checking the code,” Clarke said.
“But there’s so much code there, and the way you develop code today in major corporations is, you take the code that’s out there in open source material and bring it in. Frequently, people don’t even know that they have open source code buried in the code that they’re just bought from somebody. That makes it very hard to tell whether the code that is running in weapons systems is secure. And the only time I think we’re going to find out is when somebody actually proves that they’ve put a trap door in, put a vulnerability in, by shutting off a weapons system. And they’re not going to do that until we’re engaged in combat.”