NATO defense ministers agreed this week that they must “do more to deal with cyber threats,” U.S. Defense Secretary Chuck Hagel said on Wednesday, as the alliance prepared to launch a new cyber-defense center next week.
Cybersecurity was one of the main topics defense leaders from the 28-nation NATO discussed on Tuesday and Wednesday during a two-day ministerial in Brussels. Hagel on Wednesday told reporters that the alliance’s new cyber-defense system — the Computer Incident Response Center — “is on track to achieve full operational capabilities next week.”
“The U.S. supports a proposal for the center to have teams of NATO cyber experts that can be quickly deployed to assist allied nations if they request help in dealing with cyber intrusions or attacks,” Hagel added. “It was agreed that the alliance must do more to deal with cyber threats, and this will remain a top priority going forward.”
Alliance members in June identified protecting NATO computer systems from cyber intrusions as a priority at a ministerial meeting. NATO Secretary General Anders Fogh Rasmussen said during a Tuesday press conference that defense ministers that day “concluded that we are on track in upgrading our ability to protect NATO’s networks against this fast-evolving threat.”
Rasmussen added that while cyber defense is a “national responsibility” for member nations, the military leaders at the ministerial agreed that NATO should “play a useful role to facilitate the development of strong national cyber defense capabilities.” He gave examples of NATO’s role in this realm — including setting out the defensive capabilities nations should have; conducting joint cyber education and training exercises; helping nations to develop cyber-defense capabilities in joint projects; and “sharing information, intelligence and best practices amongst allies.”
At least one analyst maintains NATO should do more to help protect member nations’ networks from hackers.
Daniel Pitcairn, a research fellow with Government Business Council, wrote in Defense One that he has concerns with NATO’s decision to not be responsible for the national network security of member states. That creates a problem for the United States, he said, because its sensitive data regarding military asset and strategies could be compromised because of other NATO countries’ more-vulnerable networks.
“Of greatest concern is the information allies are permitted to receive regarding U.S. nuclear weapons,” Pitcairn said. “The ATOMAL Agreement of 1965 allows NATO allies to receive confidential information on U.S. nuclear weapons capabilities and strategy in order to ensure the alliance’s effective collective military capacity. New and aspiring members of NATO may not be prepared to defend their networks from the growth in cyber attacks they will face when they become privy to critical U.S. national security information.”
Pitcairn further asserted “the outstanding question” for NATO’s cyber strategy is whether its Article 5 statute — which says “an armed attack against one or more… shall be considered an attack against them all” — should apply to cyber attacks.
“Just as the U.S. has asserted that it ‘will respond to hostile acts in cyberspace just as [it] would to any other threat,’ so should NATO be prepared to use its full capabilities to counter cyber attacks,” he wrote.