WannaCry-style cyber attack could trigger full NATO response, says Secretary General

It marks the second time the military alliance has tried to incorporate cyber threats into the treaty

NATO Secretary General Jens Stoltenberg has said a cyber attack on a single member state could constitute an attack on all 29 members.

The announcement effectively incorporates cyber security into Article 5 of the NATO founding treaty, a "collective defence commitment" which compels all members to come to the defence of one or more countries threatened by external powers.

"We have designated cyberspace a domain in which NATO will operate and defend itself as effectively as it does in the air, on land, and at sea," Stoltenberg said, in an article featured in Prospect Magazine. "This means we will deter and defend against any aggression towards allies, whether it takes place in the physical world or the virtual one."

"The more information we have, the more prepared we are," he added. "By working with the European Union, strengthening the ways in which we share information, train, educate, and conduct exercises together, we will ensure that we have the most robust tools possible for responding to the growing cyberthreat."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Stoltenberg cited the WannaCry attack in 2017, which affected NHS hospitals and public sector bodies across the UK, as an example of a major cyber attack that would prompt coordinated action from NATO members.

This is the second time NATO has said it would incorporate cyber security into the treaty, having first announced plans back in 2014. However, little has been done to date to formalise the motion, and Article 5 was not triggered during the WannaCry incident.

The proposed change would largely formalise a response model based on existing examples of countries cooperating to fight cyber attacks. Specifically, Stoltenberg mentions recent joint efforts by the Netherlands and the UK in October 2018 to foil an attack by Russia on the Hague's chemical weapons research group.

NATO also operates its own Cyber Coalition, a programme that features some of the largest cyber defence exercises in the world.

Article 5 of the NATO treaty has not been triggered since the 9/11 terrorist attacks against US targets in 2001.

Complicated nature of cyber warfare

Although it makes sense to bring Nato's defence capabilities in line with modern threats, the murky world of cyber warfare will almost certainly create problems for the organisation.

Advertisement - Article continues below

As a military alliance, NATO exists to protect its members from the actions of aggressive states or paramilitary groups, protections that now include cyber. However, if cyber warfare in the 21st century has taught us anything, it's that it's almost impossible to attribute blame. Most attacks are coordinated by anonymous hacking groups and only rarely do we get information that could potentially tie one group to a state's government.

What's also unclear is how NATO will define a major cyber attack in the future, and how big it needs to be to merit a coordinated response. The WannaCry attack cited was perhaps one of the most disruptive cases of ransomware we have seen to date, affecting over 200,000 computer systems worldwide yet comparatively speaking we have seen few attacks of that scale since. If that is indeed the threshold, Article 5 may only be triggered in very rare circumstances.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/security/28170/what-is-cyber-warfare
Security

What is cyber warfare?

20 Sep 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020