As cyber security is slowly making it onto the international security agenda, NATO's Allies aim at setting the rules of behavior in cyberspace to ensure that the malicious use of information and communication technologies (ICTs) is not left unpunished. In particular, ahead of the 2018 NATO Summit, which will be held in Brussels on July 11-12, the Alliance is expected to address three crucial dilemmas. Firstly, NATO's Allies will have the opportunity to redefine existing global norms – namely, the right to self-defense - in order to ensure their "unambiguous interpretation and strict implementation" in the cyber-sphere, as recently affirmed by Professor Michael Schmitt.  Secondly, clarifying how legitimate force can be used in cyberspace means defining which countermeasures could be taken in the case of a cyber-attack that may cause substantial human and material destruction. Finally, the Alliance might agree on common measures to be enacted as a response to offensive operations in cyberspace that do not amount to high magnitude attacks, but that, nevertheless, undermine the stability of democracies.
The first priority for NATO's member states consists on reaffirming that existing norms of international law are applicable to cyberspace. Article 51 of the United Nations' Charter  on the legitimate use of force is exemplary in this regard. In traditional warfare domains, an "armed attack" can trigger states' right of self-defense, but the same principle is not, yet, officially applicable in cyberspace. The international community is internally divided on when a response to an attack may include the use of force in the cyber context. In fact, China and Russia stand against the militarization of cyberspace, whereas Western powers advocate for states' right to defend themselves in case of armed cyber-attacks resulting in the disruption of critical infrastructure and/or in human losses.  The lack of consensus at the 2016-2017 UN Group of Governmental Experts (UN-GGE) froze the debate, which had started-off with a shared understanding on the need to fully apply international law in cyberspace. While consensus was lost at the international level, NATO's member states took action to strengthen cooperation within the Alliance. Cyber defense became, therefore, part of NATO's core tasks of collective defense, in 2016, when NATO's Allies recognized cyberspace as the fifth domain of military operation. This recognition mirrored NATO's Allies' shared understanding of existing international principles regulating the use of force, which should be applied in cyberspace the way they are applied to air, land and sea. Ahead of the 2018 NATO Summit, the Allies seem to be willing to address this legislative gap to make sure that state-actors operating in cyberspace are aware of NATO's commitment to enforcing international norms in this domain. This approach would go hand in hand with the Command Vision for US Cyber Command stating that in order to influence antagonist behavior "in a domain already militarized by our adversaries" persistent engagement with them is needed.
Countermeasures to be taken in case of large-scale cyber-attacks are also to be discussed by NATO's member states. On this issue, some NATO member states are already defining such countermeasures at the domestic level. For example, the U.K. classified cyber-attacks as a Tier 1 threat to the country, while also investing £178bn in full-spectrum capability to signal that cyber strikes could be followed by a response coming from any domain: air, land, sea or cyberspace. With regard to the United States, a preliminary version of the 2019 National Defense Authorization Act states that the U.S. "should employ all instruments of national power, including the use of offensive cyber capabilities, to deter, if possible, and respond when necessary, to cyber-attacks that target U.S. interests". In other words, the Allies' stance in cyberspace has so far consisted of extending the provisions of the U.N. Charter's Article 51 on self-defense to the cyber domain. Hence, in case of a cyber-attack triggering Article V of the Washington Treaty  on collective defense, countermeasures ranging from diplomatic and economic foreign policy instruments (such as sanctions and travel bans) to the use of force as extrema ratio, might be enacted.
Additionally, NATO might also take the lead in setting commonly accepted standards on states’ accountability for cyber-operations that do not trigger the provisions on the legitimate use of force. While the number of cyber-attacks doubled in 2017, none of them reached the threshold for legitimate use of force. The offensive cyber-operations occurred as of today fall short the definition of cyber-attacks provided by the Tallin Manual 2.0  which equals them with "armed attacks" in traditional warfare. Therefore, the Allies will need to agree on specific measures to attribute responsibility for offensive operations that do not meet the criteria triggering the right to self-defense. Among these types of cyber-attacks, Russia's electoral interference in the 2016 U.S. election caught NATO's Allies off-guard, showing that democracies need new measures to ensure their stability. To counter rising global cyber-threats, countries could increase the costs of carrying on cyber-attacks by warning about the severe consequences resulting from them. One way to do this could be to include foreign electoral interference in cyber security strategies with the aim of increasing civil society's resilience and people's awareness on the use of social media.
The occurrence of major cyber-attacks is a matter of "when, not if", as stated by the head of the UK's National Cyber Security Centre. While state practice and customary law will dictate responses to high magnitude attacks, states could aim at minimizing the likelihood of inter-state confrontation by improving the predictability of their behaviors in the cyberspace. Ahead of the 2018 NATO Summit, leaders are expected to clarify where the threshold for a serious act of aggression lies as well as defining state practice in case of cyber-attacks that fall under provisions on use of force. Promoting an agreement, at least among like-minded states, could start-off a process of recognition where shared norms of behavior are agreed by a growing number of actors inhabiting the cyberspace.
 Professor of International Law at the University of Exeter.
 Art. 51: "Nothing in the present Charter shall impair the inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations (…)."
Starting-off with the problem of attribution has allowed China and Russia to oppose the applicability of the right to self-defense in cyberspace. Ultimately, according to these two actors, attribution would result in a political judgement whereas countermeasure could be used by an attacked state without evidence strong enough to justify it.
 Art. V: "Collective defence means that an attack against one Ally is considered as an attack against all Allies."
 The Tallin Manual 2.0 on the International Law Applicable to Cyber Operations (the most comprehensive analysis of how existing international law applies to cyber operations) defines cyber-attack as "a cyber-operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects."