Varna, 28 May 2011 - NATO IS WELL PLACED TO TAKE THE LEAD ON CYBER SECURITY, EXPERT SAYS
The combined cyber capabilities of NATO member countries have the potential to make the alliance a global leader on cyber security, an expert told the Alliance’s Parliamentary Assembly on Saturday.
The expertise being developed by NATO could also strip hackers of their anonymity, currently one of their greatest assets, said Kenneth Geers, a US scientist with the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.
NATO’s work in the field would also put other countries under peer pressure to step up their own measures, he told members of the Committee on the Civil Dimensions of Security, convened in the Bulgarian city of Varna for the Assembly’s Spring Session.
"NATO has come a long way since 10 years ago, when networked attacks on computer systems were unheard of", he said. The issue was first raised in 2002, but it was not until the 2007 cyber attack which crippled Estonian government and banking servers that the threat was moved up the alliance’s security agenda the following year.
In response, NATO established the
But diplomatic obstacles remain, he said. “We need to find a strategy to cooperate in cyberspace, which is bigger than any country.” Currently, hackers can in practice launch an attack from one country into another jurisdiction, safe from the authorities of the target country, he explained.
He suggested setting up an international regime that would promote best practices and establish emergency response teams.
NATO’s role in cyber security was also highlighted in a draft report titled Information and National security, presented earlier by the
Presenting the draft report, Lord Jopling said that the Alliance must develop a comprehensive cyber defence policy, but should refrain from setting thresholds above which a cyber attack would be considered an act of war. Such a definition would inform adversaries what they could get away with, he warned.
The Allies are still debating whether cyber threats can be addressed under Article 5 of the North Atlantic Treaty, which provides for a common defence against any “armed attack.” The report said the “the application of Article 5 should not be ruled out, given that new developments in cyber weapons such as Stuxnet might eventually cause damage comparable to that of a conventional military attack,” in reference to the virus that was first launched against industrial and military facilities in July 2010.