Cyber A Rising Issue For NATO, SACEUR Says

May 21, 2010

Cyber A Rising Issue For NATO, SACEUR Says

Cyber issues are an unconventional threat area that are part of the analysis and recommendations by a group of experts as discussions open on NATO’s new Strategic Concept, the Supreme Allied Commander, Europe said.

Adm. James Stavridis, who is also the commander of U.S. European Command, recenltytold the Defense Writers Group that how NATO should respond to cyber in its various forms is one reason why it is important that the alliance work out its new strategic concept–the first since 1999.

The expert’s paper, NATO 2020: Assured Security; Dynamic Engagement, calls for more attention to cyber and how the alliance should deal with it and Stavridis agree.

The paper said there is a rising danger of cyber attack. "The next significant attack on the Alliance may well come down a fiber optic cable," it states.

NATO must accelerate efforts to respond to the danger of cyber attacks by protecting its own communications and command systems, helping Allies to improve their ability to prevent and recover from attacks, and developing an array of cyber defense capabilities aimed at effective detection and deterrence.

NATO must work out what a cyber attack is, Stavridis said. Alliance members bound by the 1950s era Washington Treaty Article 5 says an armed attack on one member is an attack on all. However, "Cyber was not mentioned. It did not exist."

The report notes cyber attacks against NATO occur frequently but most do not rise to the level of political concern.

"We’ve seen a fair amount of probing, we’ve seen some destruction, we’ve seen Web sites taken down, we’ve seen informational type of operations, but clearly we–the world community– needs to come to grips with this," he said.

The paper said the risk of large scale attack on NATO command and control systems or energy grids could warrant consultations and could "possibly" lead to collective defense measures under Article 5.

Stavridis said the alliance must decide such things as when does "cyber surveillance become cyber-probing, become cyber destruction in a minor way, become creation of bots that can multiply and destroy things in a major way, become what I would term a cyber attack, which is destroying the cyber infrastructure of a significant potion of a nation’s infrastructure."

Consider the maritime domain. Man has been going to sea for 2,000 years, he said, and "a corporate knowledge of the tradition sea" over time built rules, regulations and treaties incorporating norms and structure.

"Today we sail in a cyber sea," Stavridis said. "It’s an outlaw sea."

International norms need to be created for cyber, as it affects all, he said.

While NATO has made efforts in the cyber area, there are "serious gaps," the experts wrote.

The experts made some specific recommendations, such as making a major effort to increase the monitoring of the alliance’s critical network and to assess and furnish remedies to any identified vulnerabilities, and the alliance should expand early warning capabilities as a NATO-wide netowrk of monitoring nodes and sensors. The alliance should also be prepared to send an expert team to any member threatened by or under cyber attack and over time, the alliance should plan to mount a "fully adequate array of cyber defence capabilities, including passive and active elements."

Thus, as NATO considers its new strategic concept, "it should place a high priority on addressing those vulnerabilities, which are both unacceptable and increasingly dangerous."

NATO has posted the group of experts’ paper on its Web site: http://www.nato.int/strategic-concept/expertsreport.pdf.