Ten years after the war in Georgia, which marks the first use of cyber attacks in support of kinetic operations, no one doubts that future armed conflicts will be waged also in cyberspace. In 2016 NATO has declared cyberspace as a “domain of operations”, and it has recently agreed to establish a Cyber Operations Center at SHAPE.
The authors will respectively treat the wider political-strategic aspects of NATO in this domain and the doctrinal technical side of the Alliance’s cyberpolicy. Leaving aside the platitudes on cyberspace, NATO is in the typical position of a thalassocracy, namely a great power extending its power to the sea, that has an inherent interest in keeping a common good open to access and free for all. If one thinks that during the XVI-XVII century explorers navigated the sea and today one navigates the cyberspace, the comparison makes perfectly sense.
Cyber activities are acquiring a growing military dimension and, it is widely recognized that after land, sea, air and outer space, cyber has become the fifth potential theater for international conflicts. In some instances, the use of cyber for military purposes could be considered as an armed attack as defined by the United Nations Charter. Studies have been published highlighting the interdependence between cyber activities and a possible weaponization of outer space.
In a 1983 movie, "War Games" a US teenager, while trying to hack into a computer-game company in order to play videogames for free, unknowingly logs into the Pentagon’s networks and starts a game of "Global Thermonuclear War" playing the role of the Soviet Union.
The transition to the "Digital Age", characterized by a strong reliance on information systems, exposes current society to threats unthinkable until a few decades ago. This type of threat assumes increasing importance as it is directly proportional to the "computer addiction" of the most technologically advanced countries, and it represents one of the most effective methods of "asymmetric warfare”.
Recent developments have put cyber-related issues at the top of the international security agenda. Late last year, the US National Security Agency explicitly attributed the ransomware known as WannaCry, which had caused worldwide havoc, to North Korea (the country already identified as the source of the 2014 cyberattack against Sony Pictures).
Today, it is an incontrovertible fact that the battlefield has become virtual, just like the ability of cyber weapons to bring about real damage . The very actors in the field, even though their roles are well defined, are not the classic protagonists of international relations. The clearly defined cyber arena encompasses a number of stakeholders that are no longer just states, but also non-state actors, multinational companies, terrorists, individuals. All these stakeholders are confronting each other in the cyber arena without a regulatory framework.
On 12 February 2018, the General Secretary for Defense and National Security Louis Gautier presented the French Strategic Review of Cyber Defense. The French approach to cyber defense in 2017 and 2018 has been pivotal.