NATO and the Cyberspace Challenge | ISPI
Salta al contenuto principale

Form di ricerca

  • ISTITUTO
  • PALAZZO CLERICI
  • CONTATTI
  • MED2019MED2019

  • login
  • EN
  • IT
Home
  • ISTITUTO
  • PALAZZO CLERICI
  • CONTATTI
  • MED2019MED2019
  • Home
  • RICERCA
    • OSSERVATORI
    • Asia
    • Cybersecurity
    • Europa e Governance Globale
    • Geoeconomia
    • Medio Oriente e Nord Africa
    • Radicalizzazione e Terrorismo Internazionale
    • Russia, Caucaso e Asia Centrale
    • Infrastrutture
    • PROGRAMMI
    • Africa
    • Sicurezza energetica
    • America Latina
    • Migrazioni
    • Relazioni transatlantiche
    • Religioni e relazioni internazionali
  • ISPI SCHOOL
  • PUBBLICAZIONI
  • EVENTI
  • PER IMPRESE
  • ANALISTI

  • Home
  • RICERCA
    • OSSERVATORI
    • Asia
    • Cybersecurity
    • Europa e Governance Globale
    • Geoeconomia
    • Medio Oriente e Nord Africa
    • Radicalizzazione e Terrorismo Internazionale
    • Russia, Caucaso e Asia Centrale
    • Infrastrutture
    • PROGRAMMI
    • Africa
    • Sicurezza energetica
    • America Latina
    • Migrazioni
    • Relazioni transatlantiche
    • Religioni e relazioni internazionali
  • ISPI SCHOOL
  • PUBBLICAZIONI
  • EVENTI
  • PER IMPRESE
  • ANALISTI
Commentary
NATO and the Cyberspace Challenge
Alessandro Politi
|
Giuseppe Cusimano
| 02 maggio 2018

The authors will respectively treat the wider political-strategic aspects of NATO in this domain and the doctrinal technical side of the Alliance’s cyberpolicy. Leaving aside the platitudes on cyberspace, NATO is in the typical position of a thalassocracy, namely a great power extending its power to the sea, that has an inherent interest in keeping a common good open to access and free for all. If one thinks that during the XVI-XVII century explorers navigated the sea and today one navigates the cyberspace, the comparison makes perfectly sense. NATO not by chance takes its name from an ocean and its tenets apply rather neatly to the needs of this relatively new dimension. Cyber-defence is part of the core task of collective defence. 

Its fundamental interest, in the words of Deputy Secretary General Rose Gottemoeller: "NATO’s approach to cyber space embraces our overall mandate and principles and supports our broader deterrence and defence mission.  Moreover, NATO promotes a stable and peaceful cyberspace and I do want to underscore that also for this audience: our goal is to nurture, develop and strengthen a stable and peaceful cyberspace."

NATO contributes to this goal in three ways: by reaffirming the rule of law and exercising restraint; supporting national resilience and fostering deeper cooperation. Rule of law is essential for keeping free and accessible a common for all users, including political adversaries or counterparts. It is not something naïve, it is exactly what Saint Thomas More in the drama "A man for all seasons" was asserting: give the Devil the benefit of law, because if the last law would be down, where one could shelter from the Devil turning round? Laws are for the safety of all, starting from law abiding partners.

In fact in 2014 NATO agreed that international law, including international humanitarian law and the UN charter, will apply in cyberspace. This principle (reaffirmed in 2016, Warsaw summit) entails the principle of restraint. NATO is a strictly defensive alliance and it wants to avoid unintended consequences, avoiding as much as possible the possibility for miscalculation given cyberspace’s intrinsically anonymous and asymmetrical nature.

This means that deterrence is this dimension is not the same as for classical nuclear deterrence. In the latter case, massive devastation is an intended consequence because the objective is to avoid the use of these weapons by the certainty of a mutual assured destruction. Antimissile systems and miniaturised warheads complicate the calculus, hoping that the end result will be the same: avoiding a nuclear exchange. Treating hostilities in cyberspace is more akin to COIN (Counterinsugency) where legitimacy, boots on the ground, beat cop, flexibility and other components have historically helped in quelling the problem and the “crush them” approach has proven deeply counterproductive. Supporting national resilience is part of this necessary persisting multi-level effort. The Cyber Defence Centre of Excellence in Tallinn is one of the tools, born out of the spectacular strategic failure of a massive cyber-attack by allegedly Russia-friendly actors against Estonia. Estonia was tactically blocked for three long days, but its political resolve was strengthened and NATO was spurred into action. Another tool is the Cyber Defence Pledge (2016), helping member states to allocate efficiently resources, and that will be reviewed in the next Brussels summit.

Finally cooperation is one of the strongest assets of the Alliance, not only among the 29 allies (including special points of contact and the NATO Computer Incident Response Capability - NCIRC), but also with more than forty partnerships with non-member countries and with international organisations such as the European Union (Technical Agreement, February 2016), in addition to industry (NATO Industry Cyber Partnership) and academia.

Taking now a more technical and doctrinal angle, one should remember that NATO’s development was not so sudden as it might appear. Ever since the appearance of the first MORRIS Worm in 1988 to the accident in Estonia in April 2007, computer security was relegated to a secondary position with respect to physical security. Only in October 2010 with the discovery of STUXNET malware, which affected the development of the Iranian nuclear programme, decision makers began to realise that the cyberspace has become a dangerous offensive ground that could be exploited at government level.

The Atlantic Alliance has undertaken several successive steps to counter this threat, trying to create a shared defence policy. NATO adopted and approved an action plan during the summit in Wales in September 2014 and subsequently updated it in 2017. The policy beyond stating the mentioned tenets of collective defence and international law, indicates as main priority the protection of the communication systems owned or managed by the Alliance, at the same time it also establishes the procedures of assistance to the allied countries and the integration of cyber defence in the operational planning. These policies are complemented by an action plan that aims at concrete objectives on topics such as education, training, exercises and partnerships.

At the 2016 Warsaw summit, the Allies therefore committed themselves to strengthening collective and national structures and recognised that cyberspace is a domain of operations in which NATO must defend itself, just as in land, sea, air domains, and by integrating cyber defence into intelligence. 

In the context of Smart Defense programs in the IT defence, the Malware Information Sharing Platform (MISP) and the Multinational Cyber Defense Education and Training (MN CD E & T) project were integrated. To achieve this goal, NATO organizes annual exercises such as the Cyber Coalition Exercise and the Crisis Management Exercise (CMX) and raising its education and training capabilities through the structure provided by Estonia with the Cyber Range. Recently, representatives of the European Community and NATO (February 2018) reached a collaboration agreement to strengthen and share IT defences.

As a personal opinion, given the recent political and technical innovation, the inequality of training and resources, the structural differences of the communication systems both of NATO allies and of the European Community nations, it will be difficult to achieve full operation and integration before some years. Currently the only staple of NATO’s cybernetic operations is the Center of Excellence (Ccdcoe) in Estonia which, with the publication of the "Tallinn Handbook on International Law applicable to the cyber war" and its 95 rules laid the foundations for the future policies of the Alliance.

Contenuti correlati: 
Armed Conflicts in the Cyber Age

Ti potrebbero interessare anche:

The Global Race for Technological Superiority: Discover the Security Implications
Fabio Rugge
Head, ISPI Centre on Cybersecurity
Cybersecurity: l’architettura della difesa italiana
Samuele Dominioni
Research Fellow, ISPI Centre on Cybersecurity
Making the Digital Revolution Work: Data, Privacy, Business
Samuele Dominioni
ISPI Research Fellow
,
Fabio Rugge
Head - ISPI Centre on Cybersecurity
Digital Economic Powers and Digital Political Rulers
Samuele Dominioni
ISPI Research Fellow
Taxing the Digital Economy: Time for Pragmatism
Nadina Iacob
CEPS
,
Felice Simonelli
CEPS
The Algorithm Society: Governance Without Government
Gabriele Della Morte
Catholic University of Milan

Tags

cybersecurity
Download PDF

Authors

Alessandro Politi
NATO Defense College Foundation
Giuseppe Cusimano
Security and Communication Specialist

Chi siamo - Lavora con noi - Analisti - Contatti - Ufficio stampa - Privacy

ISPI (Istituto per gli Studi di Politica Internazionale) - Palazzo Clerici (Via Clerici 5 - 20121 Milano) - P.IVA IT02141980157