Ukraine isn't the only place where Russia and the West are facing off. Cyberspace is also a battleground. And at this week’s summit in Wales, NATO leaders seem ready to pledge to a joint defense against cyberattacks — partly in response to Russia’s suspected involvement in cyberwarfare.
“Because cyber security is inherently an international problem, it requires an international response,” says Kenneth Geers, the ambassador for NATO's Cooperative Cyber Defense Center. “Cyberspace is bigger than any one country.”
The measure would extend NATO's collective pledge of self-defense into the online world — a computer-based attack on any one of the NATO countries would be considered an attack on all 28 members.
“This is a serious challenge, and we are taking it seriously,” said NATO Secretary General Anders Fogh Rasmussen during a July press conference, “because cyberattacks are getting more common, more complex and more dangerous. They come without warning from anywhere in the world and they can have devastating consequences.”
In 2007, Estonia fell victim to a network hack that affected nearly every major website in the country — Russia is widely believed to be the culprit. That's a particular concern in Estonia, which is highly dependent on Internet services. It's government has been paperless for 10 years, it enjoys the world's highest online voting rate and 98 percent of the country’s banking is done online.
Geers of NATO's Cyber Defense Center calls that attack "pedestrian" — but it still knocked Estonia's banks offline for two hours. If the hackers were equipped with more time and money, Geers says, it could have been longer and more serious. Increasing worldwide dependence on the Internet creates plenty of targets.
“Whether you’re a student, soldier [or] spy, we’re all using computer networks,” Geers says, “Just as, in academia, you can sort through hundreds of academic papers at once, so can spies reach around the world and steal information.”
Attacking banks or stealing information are the biggest concerns, but when it comes to Internet security, the most serious threat to NATO would be attacks against military assets themselves.
“In theory, military operations can be conducted right across borders and even through walls,” Geers says. “If a hacker takes control of a system, then they become its owner. When the system is managing critical infrastructures — and, in a military case, even the firing and logistics associated with weapons systems and military deployments — you realize that everything, including national security, now is connected to the Internet.”
Geers says that, unlike [with] other modes of military defense, not every country is well-equipped with the technology to combat cyberattacks. That’s why he thinks NATO and the European Union are the best players positioned to take on anonymous hackers.
The challenge is with cooperation. Cyberwarfare capabilities and cyberweapons aren't talked about much. The US neither confirms nor denies the existence of such weapons, even though it's widely assumed the US has attacked Iranian nuclear facilities with a malware program called "Stuxnet."
Geers admits that nations rarely disclose such information, even to allies, right now. But he says that will have to change. The nature of the web and how attacks are carried out will require nations to cooperate in the future. And the ratification of a NATO pledge on cyberattacks is a first step in the right direction.
“In this day and age, it is necessary for militaries to have this capability if they want to fight 21st century wars," Geers says.