WannaCry-style cyber attack could trigger full NATO response, says Secretary General

It marks the second time the military alliance has tried to incorporate cyber threats into the treaty

NATO Secretary General Jens Stoltenberg has said a cyber attack on a single member state could constitute an attack on all 29 members.

The announcement effectively incorporates cyber security into Article 5 of the NATO founding treaty, a "collective defence commitment" which compels all members to come to the defence of one or more countries threatened by external powers.

Advertisement - Article continues below

"We have designated cyberspace a domain in which NATO will operate and defend itself as effectively as it does in the air, on land, and at sea," Stoltenberg said, in an article featured in Prospect Magazine. "This means we will deter and defend against any aggression towards allies, whether it takes place in the physical world or the virtual one."

"The more information we have, the more prepared we are," he added. "By working with the European Union, strengthening the ways in which we share information, train, educate, and conduct exercises together, we will ensure that we have the most robust tools possible for responding to the growing cyberthreat."

Stoltenberg cited the WannaCry attack in 2017, which affected NHS hospitals and public sector bodies across the UK, as an example of a major cyber attack that would prompt coordinated action from NATO members.

Advertisement
Advertisement - Article continues below

This is the second time NATO has said it would incorporate cyber security into the treaty, having first announced plans back in 2014. However, little has been done to date to formalise the motion, and Article 5 was not triggered during the WannaCry incident.

Advertisement - Article continues below

The proposed change would largely formalise a response model based on existing examples of countries cooperating to fight cyber attacks. Specifically, Stoltenberg mentions recent joint efforts by the Netherlands and the UK in October 2018 to foil an attack by Russia on the Hague's chemical weapons research group.

NATO also operates its own Cyber Coalition, a programme that features some of the largest cyber defence exercises in the world.

Article 5 of the NATO treaty has not been triggered since the 9/11 terrorist attacks against US targets in 2001.

Complicated nature of cyber warfare

Although it makes sense to bring Nato's defence capabilities in line with modern threats, the murky world of cyber warfare will almost certainly create problems for the organisation.

As a military alliance, NATO exists to protect its members from the actions of aggressive states or paramilitary groups, protections that now include cyber. However, if cyber warfare in the 21st century has taught us anything, it's that it's almost impossible to attribute blame. Most attacks are coordinated by anonymous hacking groups and only rarely do we get information that could potentially tie one group to a state's government.

Advertisement - Article continues below

What's also unclear is how NATO will define a major cyber attack in the future, and how big it needs to be to merit a coordinated response. The WannaCry attack cited was perhaps one of the most disruptive cases of ransomware we have seen to date, affecting over 200,000 computer systems worldwide yet comparatively speaking we have seen few attacks of that scale since. If that is indeed the threshold, Article 5 may only be triggered in very rare circumstances.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

What is cyber warfare?
Security

What is cyber warfare?

16 Mar 2020
How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020