NATO Countries Must Work Together to Counter the Russian Cyber-Threat

Written by

Against a backdrop of turmoil in Russia, delegates will arrive at the NATO Security Summit ready to discuss new defense plans for a possible attack on the alliance. However, for all intents and purposes, NATO is already under attack. 

Globally we are in an undeclared cyberwar, with the Russia-Ukraine conflict seeing cyberspace firmly cement itself as the fifth domain of conflict alongside land, air, sea and space. Russia’s hybrid war with Ukraine incorporates espionage, cyber-attacks and internet-based disinformation. But while the military offensive is limited to Ukrainian soil, the cybersphere has no borders and nation-state cyber-attacks are extending far beyond Ukraine, with the UK and the US the most prominent targets. According to Ex-NATO General Ben Hodges, cybersecurity has become as important as missile defenses

Optimists will suggest that the Wagner group’s march on Moscow may have distracted Russia from its onslaught on Ukraine. However, an animal is most dangerous when wounded, and there will be just as much concern that this latest development could mean that Russia becomes more unpredictable and likely to lash out. One way that Russia hurts NATO countries in moments of self-doubt is through damaging cyber-attacks on critical national infrastructure. Attacks like the one that struck Colonial Pipeline in 2021 sow panic and chaos while avoiding an outright act of war and triggering NATO’s Article 5.

Russia set a tone of recklessness in the cybersphere when they disrupted the Viasat satellite on the day war broke out, attempting to hinder Ukrainian communications and disrupting connectivity in several European countries. Since then, Russian-based phishing attacks against email addresses of European and US-based businesses have increased eightfold. Even the largest and most well-resourced critical national infrastructure organizations suffer from a digital hygiene problem whereby their people, processes and technology are not equipped to thwart a determined and destructive adversary. 

Adding further motivation to Russian hackers, this year’s NATO Summit will see members deciding whether to admit prospective new members to the alliance. Bosnia, Sweden, Georgia and Ukraine have all expressed interest, with Ukraine and Sweden making official applications. Whether or not these countries are admitted, it is well-documented that countries seeking to join the EU or NATO, especially those within a rocket’s flight of Russia’s border, face a retaliatory barrage of cyber-attacks on their critical national infrastructure

Consequently, NATO countries need to work together to counter the Russian threat. One of the main points of discussion in Vilnius will be around the overhaul of NATO’s defenses, with General Chris Cavoli drawing up 4000 pages of plans for a regionalized military strategy, with sub-plans for space and cyber operations. They need to work just as hard to protect their networks as their airspace or shores. 

To communicate their readiness for any conflict that could arise in the future, the United States, Germany and Britain have been rehearsing how to scale up battalion-sized deployments in Eastern Europe. In addition, last month saw some 10,000 NATO personnel conduct the largest air force drill in the alliance’s history. Cyber agencies should be taking the same approach. 

US Cyber Command takes air force drills like those conducted by NATO as a template for its own exercises. Cyber Flag runs thousands of cyber operatives through train-as-you-fight exercises in a simulated environment or ‘cyber range’ to rehearse conflict with a real-world adversary, be they from Russia, China, Iran or elsewhere.  

Traditionally, the IT community has not been accustomed to operating in the grey zone between peace and war. However, we are beginning to see a shift. More and more intelligence agencies and critical national infrastructure organizations are mission-rehearsing for cyber conflict in cyber ranges; the UK Army recently conducted the largest simulated attack exercise in Western Europe. As NATO cyber forces look to coordinate their efforts to thwart Russian attacks, separate agencies and nations should be war-gaming what a full-on Russian cyberwar would look like. 

NATO’s cyber planning should extend into the private sphere, helping companies take a military mindset to cybersecurity. With no tanks rolling down the streets of London or New York, many are lulled into a false sense of security. However, the cybersecurity teams tasked with protecting government and business networks must realize that they are operating in an invisible warzone. The damage a Russian or Chinese cyber-attack could cause to critical functions like telecommunications, energy or finance is very real and therefore, cyber operatives need to rehearse and train as you fight, as is best practice in the military. 

Already, allied forces have had some joy in taking the cyber fight to the adversary, as demonstrated by the US’s Hunt Forward missions. Hunt Forward involves cyber operatives from the US and other NATO countries foraying into the network of a country under attack, often in Eastern Europe. Ben Hodges talks about cybersecurity being as important as missile defences; Hunt Forward is the cyber equivalent of going into enemy territory and hijacking a nuclear warhead before it is launched. 

However, with splintered cyber resources, countries need to rehearse working together as they are doing on land and in the air. Cyber cannot be the blind spot that sees NATO approach a conflict under-prepared. Leaders should be using Vilnius as an opportunity to coordinate their preparations now before it is too late.

Image credit: Alexandros Michailidis /

What’s hot on Infosecurity Magazine?