NATO: Military cyber defenders need to be present on networks during peacetime

TALLINN, ESTONIA — NATO member states will next month endorse a greater role for military cyber defenders during peacetime, alongside the permanent integration of private sector capabilities within the alliance's efforts to battle malicious state-sponsored hacking, a senior official said.

David van Weel, NATO’s assistant secretary general for emerging security challenges, told the 15th annual International Conference on Cyber Conflict (CyCon) in Tallinn last week that NATO members will begin recognizing cyberspace as “a permanently contested environment.”

The endorsement, expected at the 2023 Vilnius summit in Lithuania in July, follows last year's adoption in Madrid of a new strategic concept — effectively a new blueprint outlining the challenges the alliance faces and how it intends to respond to them following the Russian invasion of Ukraine and the broader implications it posed for security in Europe.

“Russia's war of aggression in Ukraine has confirmed many theories of what role cyber plays in conflict,” said van Weel. “Russia has made ample use of cyber capabilities before invading Ukraine, during hostilities, and it will likely continue using them after the kinetic phase of this conflict.”

So far the war has shown that cyberattacks are not an alternative to kinetic actions, but a powerful “part of multi-domain operations that deliver cumulative effects,” he said.

Speaking ahead of the expected Ukrainian counteroffensive following the supply of Western military support, he warned: “As the war continues, Russia and its proxies will develop a higher risk appetite as their fortunes on the battlefield change.”

While addressing the threat resulting from Russia's military failures in Ukraine, NATO members must be mindful of China's attempts to create a new global approach to state behavior in cyberspace “which favors restrictions over fundamental freedoms,” he said.

To address this, NATO allies will adjust their cyber defense posture, becoming more proactive and assertive in response to state-sponsored attacks, said van Weel: “We need to move beyond naming and shaming bad actors in response to isolated cyber incidents, and be clear what norms are being broken.”

“We need to strengthen the role of our military cyber defenders during peacetime. And this is important because in most national contexts, the military only gets involved during crisis and conflict,” he added.

But, cautioned van Weel, “cyberspace is never fully at peace, there is a constant friction, and we have to prevent scenarios where we expect our militaries to perform some kind of magic handover to take over without having been in the room for the lead-up [to the crisis].”

The key was enabling “civil-military cooperation throughout peacetime, crisis and conflict, and in between all those stages,” he added, although the exact nature of this integration is not yet clear.

When he spoke to The Record at the Munich Security Conference earlier this year, the assistant secretary general praised the "unique" work that companies like Microsoft and Google had been doing in Ukraine, and said the alliance needed to consider a more structural cooperation with the private sector.

The concept to be endorsed in Vilnius will also involve integrating “industry expertise and capabilities on a permanent basis to better protect our networks, operate in cyberspace, and shape it in line with our values.”

Beside the concept, NATO will also announce a new mechanism to "facilitate assistance between allies if national response capabilities are overstretched during a crisis," which comes in the wake of the Albanian government considering triggering NATO’s Article 5 collective defense obligation following a cyberattack by the Iranian state.

“Allies will also raise the bar for national cyber resilience. They will agree to new and more ambitious national cyber defense goals and minimum requirements as part of what we call a revamped cyber defense pledge,” said van Weel.