NATO has warned it is prepared to treat cyber-attacks in the same way as an armed attack against any of its allies and issue a military response against the perpetrators.
In a communique issued by governments attending the meeting of the North Atlantic Council in Brussels yesterday, the military alliance revealed it had endorsed a Comprehensive Cyber Defence Policy, in which a decision will be taken to invoke Article 5 “on a case-by-case basis” following a cyber-attack. Under Article 5 of the NATO treaty, first signed in 1949, when any NATO ally is the victim of an armed attack, it will be considered an attack on all alliance members, who will theoretically take any actions necessary to defend that ally.
The announcement has come amid rising cyber-threats to the alliance, which NATO said are “complex, destructive, coercive, and becoming ever more frequent.” It highlighted recent ransomware and other types of cyber-attacks “targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm.”
Examples of these kinds of incidents include the ransomware attack on Colonial Pipeline last month, which forced the US’ largest fuel pipeline offline, and the SolarWinds supply chain attacks at the end of 2020, both of which are purportedly conducted by Russian state-backed actors.
NATO has signalled it considers cyber as a legitimate military domain on a number of occasions in recent years, and the new policy clarifies this stance.
“Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber-threats, including those conducted as part of hybrid campaigns, in accordance with international law,” it added.
The communique also warned of the growing security challenge that China poses to the alliance through its “stated ambitions and assertive behavior,” which includes cyber-threats and disinformation campaigns.
Commenting on the communique, Erwan Keraudy, CEO of CybelAngel said, “Traditional forms of war, rules of engagement and conduct have existed in one form or another and have been with us for centuries. But there is no straightforward definition in the cyber world. The lines have been completely blurred. So, NATO re-affirming the rules and conventions governing cyberspace is a positive and proactive step forward in establishing a standard cyber framework.”