NATO Works to Set Right Cyber Balance

WASHINGTON, Dec. 1, 2010 — NATO is work­ing to have the right bal­ance between ensur­ing intel­li­gence gets to those who need it most and the need to pro­tect that infor­ma­tion, the alliance’s supreme allied com­man­der for Europe said this week.
In a Nov. 29 inter­view, Navy Adm. James G. Stavridis said cyber­se­cu­ri­ty is a pri­or­i­ty with­in the alliance, and mem­ber nations are tak­ing steps to both improve dis­tri­b­u­tion of intel­li­gence and pro­tect its net­works.

Cyber attacks have occurred, and the threat is grow­ing. The attacks are often tough to attribute, can cause immense dam­age and can be launched by nations, ter­ror­ists, crim­i­nal gangs or indi­vid­u­als. NATO has to find the bal­ance between “share to win” and “need to know,” Stavridis said. 

“Life is not an on or off switch,” he said. “In oth­er words, we can’t just open every­thing up or shut every­thing down –- although that is the ten­den­cy in moments of cri­sis.” The Wik­iLeaks releas­es are that type of cri­sis, he added, and it is tough to know where to set the dial. 

“As a result of Wik­iLeaks, we will move that dial back a bit, more to the ‘pro­tect’ side, but I think it is very impor­tant that we don’t over­re­act to it and sim­ply shut down into inter­na­tion­al enclaves and cut off shar­ing,” he said. “It would be mas­sive­ly counterproductive.” 

NATO needs to put in place tech­ni­cal means to pro­tect infor­ma­tion and net­works, the admi­ral said. 

“We’ve got to use all the tech­ni­cal means at our dis­pos­al to pro­tect our­selves from some­thing like Wik­iLeaks or any oth­er attempt to intrude, manip­u­late, move data or reveal clas­si­fied secrets,” Stavridis said. “There’s a pol­i­cy side to it, which is decid­ing where the dial goes, and there’s a tech­ni­cal side to it, and we’re very work­ing very hard to put those in place.” 

The admi­ral said he believes a cyber attack could trig­ger a response in accor­dance with Arti­cle 5 of the NATO Char­ter, which states that an attack on any alliance mem­ber is an attack on all alliance members. 

Cyber attacks can run the gamut from low-lev­el obser­va­tion to denial-of-ser­vice attacks, and from espi­onage and intru­sion to actu­al kinet­ic effects, Stavridis said. 

“When you come into my net­works and are manip­u­lat­ing my air traf­fic con­trol data, and you are caus­ing air­planes to be unable to land and they crash and peo­ple die,” he added, “that’s an attack.” 

But for the most part, the admi­ral said, cyber attacks on alliance nations would be han­dled as some­thing less — prob­a­bly under Arti­cle 4, which states that alliance nations will con­sult togeth­er when­ev­er any of them believes its ter­ri­to­r­i­al integri­ty, polit­i­cal inde­pen­dence or secu­ri­ty is threatened. 

These are ques­tions NATO is focus­ing on at the Cen­ter for Excel­lence for Cyber­se­cu­ri­ty in Tallinn, Esto­nia, an apt loca­tion, because Esto­nia was the vic­tim of a cyber attack in 2006. 

“The alliance has to define this [threat of cyber attack] and under­stand the pol­i­cy ques­tions raised by this,” Stavridis said. 

When diplo­mats nego­ti­at­ed the NATO pact in the late 1940s, they nev­er envi­sioned a cyber world, the admi­ral not­ed. “That’s what we will do now that we have the focus that’s afford­ed by the strate­gic con­cept,” he said. 

Although NATO is not yet look­ing to estab­lish a coun­ter­part to U.S. Cyber Com­mand, that will be one of the ques­tions offi­cials ask as the process moves for­ward, Stavridis said. 

“I could envi­sion with­in the NATO alliance an oper­a­tional com­mand that focus­es on cyber,” he said. “At the moment, that work is imbed­ded in sev­er­al of the NATO agen­cies. But I think we are see­ing this as an oper­a­tional task, so I will be advo­cat­ing putting more of this on the oper­a­tional side.” 

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Face­book and/or on Twit­ter

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefence.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →