NATO, with Russian hackers in mind, takes hard look at cyber strategy

The core concept behind NATO is a simple one: attack one member of the bloc, and all will respond. But while that logic worked during the Cold War, does it make sense to rely exclusively on it in cyberspace?

Western strategists are increasingly saying no. Last year, the alliance quietly announced that a series of lower-level cyberattacks could, cumulatively, be a tripwire for the pact’s mutual self-defense. The move marked a sea change in NATO cyber strategy, and sparked questions about how best to bolster NATO cyber defenses – and if offense, of a sort, might be part of the solution, too.

In crafting NATO’s new cyber strategy, senior security and intelligence officials for the alliance say they were informed by a series of “increasingly destructive” cyberattacks by Russian and Chinese actors over the last few years.

What the incursions had in common was that, though damaging, they fell below the threshold of armed attack. It was increasingly evident, too, that the alliance needed to be more “proactive” in cyberspace, said NATO Assistant Secretary-General David van Weel.

That could mean using “hunt forward” teams of hackers like those the United States has, who defang threats before they have a chance to cause damage.

Brussels

Article 5 is the linchpin of the NATO pact, putting adversaries on notice that an attack against one is an attack against all. Founded on the Cold War logic of deterrence, the idea is that no aggressor will strike for fear of certain retaliation from combined NATO forces.

But with modern warfare expanding to virtual battlefields, NATO strategists are overhauling their cyber tactics. That means rethinking the concept of deterrence, as well as what constitutes a cyberattack that triggers Article 5: a crucial issue amid tensions between Russia and NATO-supported (though nonmember) Ukraine.

Since 2019 it has been clear that a large-scale cyberattack on a member could trigger Article 5. But…