The formation of global cybercoalitions was on the table at the NATO Lisbon Summit. The issue had little coverage, however, as it was overshadowed by the announcement of a 2014 troop pullout date for Afghanistan.
NATO Secretary-General Anders Fogh Rasmussen called the summit “one of the most important summits in NATO’s history.” A new strategic concept was coined by NATO following the summit that will “guide the alliance for the next decade,” Rasmussen said in a Nov. 15 press release.
“The new strategic concept urges allies to invest in key capabilities to meet emerging threats and agree to develop within NATO the capabilities necessary to defend against ballistic missile attacks and cyberattacks,” Rasmussen said in a Nov. 19 press release.
The Strategic Concept states, “Cyberattacks are becoming more frequent, more organized, and more costly in the damage that they inflict. … They can reach a threshold that threatens national and Euro-Atlantic prosperity, security, and stability.”
Initiatives will include “using the NATO planning process” in strengthening and coordinating cyberdefense capabilities, and “bringing all NATO bodies under centralized cyberprotection, and better integrating NATO cyberawareness, warning, and response with member nations.”
NATO will work on ways to protect critical infrastructure from cyberattacks, including its energy infrastructure and transit systems. They will also “ensure that the alliance is at the front edge in assessing the security impact of emerging technologies, and that military planning takes the potential threats into account.”
Cyberwarfare
During a cyberattack, computer networks can easily be shut down to disable vital services or government systems. The group that launched the vengeance attacks for WikiLeaks, Operation Anonymous, showed this when they attacked the websites of Visa and MasterCard using a simple piece of software known as LOIC (Low Orbit Ion Cannon).
The most devastating—and most likely—form of a cyberwar would combine a cyberattack with a physical attack, according to Matthew Jonkman, founder and CEO of cybersecurity company Emerging Threats, and president of the Open Information Security Foundation.
“If we were really to have an outright cyberconflict, you would see a mix of conventional conflict, and [cyberattacks could] be used to blind and confuse the adversary,” Jonkman said.
“If there is going to be a cyberwar, which there probably will not be, we’re already in the stages of—like the Cold War—setting the battlefield of, you choose your battlefield, then you declare your battlefield, then you wait until the conflict happens,” he said.
Protecting Civilians
Cyberwarfare is a new ground of combat that governments are just beginning to take seriously. The U.S. Pentagon and Department of Homeland Security are currently developing a new cyberstrategy that it will eventually share with its global allies.
The game-changing point in the new cyberstrategy is that the United States will officially recognize cyberspace as a “domain of warfare.” The announcement was made by Deputy Secretary of Defense William Lynn during an Oct. 1 Council on Foreign Relations event.
“Like land, sea, air, and space, we need to treat cyberspace as a domain we will operate in, that we will defend in, and that we will treat in a military doctrinal manner,” Lynn said.
Given the potential impact of a cyberattack, Jonkman believes that there needs to be a treaty to protect civilians, similar to the Geneva Convention.
“If there was to be a major conflict between two developed countries, the collateral damage … affects not only the people involved, but everyone around them, it affects everyone on the Internet, it affects business over the Internet,” Jonkman said.
“It would take a significant event to disrupt the Internet to a significant degree, but locally and regionally there would be major destruction,” he added.
Forming a system of standards for cyberwarfare was outlined by World Affairs in its November–December 2010 edition, in a piece by Tom Gjelten.
“Thanks to treaties, the U.N. charter, the Hague and Geneva Conventions, and various ‘customary’ understandings, we can legally distinguish aggressors from victims, and we have principles that, when honored, protect civilians from undue suffering,” Gjelten wrote.
