Andreas LOVERDOS (Greece) - REPORT
20 January 2023
The rise of cyber operations - both below and above the threshold of war - raises significant questions about the future of Allied security, and of warfare more broadly. As NATO’s new Strategic Concept states: “Cyberspace is contested at all times.” The cyber challenge facing Allies today, the Strategic Concept notes, is one wherein – ‘Malign actors seek to degrade our critical infrastructure, interfere with our government services, extract intelligence, steal intellectual property and impede our military activities.” Economic disruption and civil society fracturing could be added to this – as the scope of the challenge is only growing with digital network dependence, which, in the parlance of cyber experts, means Allies are faced with an increasingly vast ‘threat surface’.
As a result, defending critical infrastructure, financial markets, and even social stability from cyberattacks has not only become increasingly difficult, but also increasingly vital. In addition to government and private sector investment in knowhow and capabilities to protect their networks, militaries around the world need to revise their doctrines, as they integrate new types of operations into their capabilities and learn to digitally attack and defend ever “smarter” materiel, weapons, and command and control structures.
This report outlines current technical concepts, threat actors, and key areas of focus of the debate on cyber conflict. It seeks to guide the transatlantic parliamentary discussion around these issues at a time where NATO is increasingly focused on cyberspace challenges; in recent years, the Alliance adopted a Comprehensive Cyber Defence Policy, and reaffirmed the validity of the Atlantic Treaty’s Article 5 in cyberspace – cyber also featured prominently on the agenda at the Madrid 2022 Summit and is a strong focus of its outcomes.
This report first establishes definitional clarity for the logics underpinning cyber effects. It then explores the growing impact of cyber attacks on warfare, catalysed by emerging technologies, posing numerous challenges in the operational and legal realms. It then goes over the cyber doctrines and capabilities of NATO’s two principal cyberspace challengers, China and Russia. It subsequently provides an overview of NATO’s current and evolving policies on cyber defence. Finally, it sums up some early insights from the cyber effects seen in the ongoing Russian-Ukrainian war and the key cyber outcomes of the Madrid Summit.
Due to the nature of technological development, cyberspace is certain to become an even more contested domain. To this end, NATO Parliamentarians should collaborate to ensure continued and increased investment in the interoperability of Allied cyber forces. They should ensure that threats as broad as cyber attacks are well understood and defended against not only by militaries and governments, but also by the private sector and civil society through enhanced dialogue and cooperation. As the report concludes, building resilient transatlantic cyber defences requires finding common ground on legal frameworks regarding cyberspace; attributing and dealing with cyber incidents as an Alliance; and working with partners capable of enhancing collective cyber defences or requiring acute support - like Ukraine.