Joëlle GARRIAUD-MAYLAM (France) - PRELIMINARY DRAFT REPORT
29 April 2022
Today, the critical infrastructures of the NATO Member States and its partners face a rising and unprecedented wave of cyberattacks with destabilising and devastating consequences. Public and private entities indispensable to the functioning, well-being, and cohesion of Allied societies such as energy providers, telecommunications operators, banks, hospitals, transportation companies, and democratic institutions are all being targeted.
The following preliminary draft report highlights that, in spite of an international consensus on the enforceability of international law in cyberspace, the establishment and implementation of standards of conduct in cyberspace remains inadequate. The report also highlights the difficulty in providing cyber protection for crucial allied services in the face of the many different nefarious actors, their objectives, and the tools and techniques they use. Three case studies illustrate the impact of cyber-attacks on allied and partner societies and analyse some of the policies and measures adopted to address such attacks.
The scale and magnitude of cyber threats to their critical infrastructures calls for Allies to intensify their national and collective responses. This preliminary draft general report aims to contribute to these efforts. It urges Member States and NATO to ensure that the protection of critical infrastructures against cyber-attacks is at the very core of their approaches to security and resilience, not least within the scope of the forthcoming review of the Strategic Concept. Moreover, the report recommends practical actions to be taken at national, collective, and international levels to strengthen the cyber resilience of key allied services.