WannaCry-style cyber attack could trigger full NATO response, says Secretary General

It marks the second time the military alliance has tried to incorporate cyber threats into the treaty

NATO Secretary General Jens Stoltenberg has said a cyber attack on a single member state could constitute an attack on all 29 members.

The announcement effectively incorporates cyber security into Article 5 of the NATO founding treaty, a "collective defence commitment" which compels all members to come to the defence of one or more countries threatened by external powers.

Advertisement - Article continues below

"We have designated cyberspace a domain in which NATO will operate and defend itself as effectively as it does in the air, on land, and at sea," Stoltenberg said, in an article featured in Prospect Magazine. "This means we will deter and defend against any aggression towards allies, whether it takes place in the physical world or the virtual one."

"The more information we have, the more prepared we are," he added. "By working with the European Union, strengthening the ways in which we share information, train, educate, and conduct exercises together, we will ensure that we have the most robust tools possible for responding to the growing cyberthreat."

Stoltenberg cited the WannaCry attack in 2017, which affected NHS hospitals and public sector bodies across the UK, as an example of a major cyber attack that would prompt coordinated action from NATO members.

Advertisement
Advertisement - Article continues below

This is the second time NATO has said it would incorporate cyber security into the treaty, having first announced plans back in 2014. However, little has been done to date to formalise the motion, and Article 5 was not triggered during the WannaCry incident.

Advertisement - Article continues below

The proposed change would largely formalise a response model based on existing examples of countries cooperating to fight cyber attacks. Specifically, Stoltenberg mentions recent joint efforts by the Netherlands and the UK in October 2018 to foil an attack by Russia on the Hague's chemical weapons research group.

NATO also operates its own Cyber Coalition, a programme that features some of the largest cyber defence exercises in the world.

Article 5 of the NATO treaty has not been triggered since the 9/11 terrorist attacks against US targets in 2001.

Complicated nature of cyber warfare

Although it makes sense to bring Nato's defence capabilities in line with modern threats, the murky world of cyber warfare will almost certainly create problems for the organisation.

As a military alliance, NATO exists to protect its members from the actions of aggressive states or paramilitary groups, protections that now include cyber. However, if cyber warfare in the 21st century has taught us anything, it's that it's almost impossible to attribute blame. Most attacks are coordinated by anonymous hacking groups and only rarely do we get information that could potentially tie one group to a state's government.

Advertisement - Article continues below

What's also unclear is how NATO will define a major cyber attack in the future, and how big it needs to be to merit a coordinated response. The WannaCry attack cited was perhaps one of the most disruptive cases of ransomware we have seen to date, affecting over 200,000 computer systems worldwide yet comparatively speaking we have seen few attacks of that scale since. If that is indeed the threshold, Article 5 may only be triggered in very rare circumstances.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/28170/what-is-cyber-warfare
Security

What is cyber warfare?

16 Mar 2020
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/mobile/mobile-security/355889/parachute-introduces-superlock-feature
mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020