With cybersecurity becoming a high-priority topic within NATO, the members of the alliance are taking steps to improve distribution of intelligence and protect its networks, Navy Adm. James G. Stavridis said this week.
Stavridis, who serves as the alliance’s supreme allied commander for Europe, said in an interview Monday how cyber attacks are often difficult to attribute, can cause immense damage and can be launched by nations, terrorists, criminal gangs or individuals. NATO has to find the balance between “share to win” and “need to know,” he added.
“Life is not an on or off switch,” he said. “In other words, we can’t just open everything up or shut everything down –- although that is the tendency in moments of crisis.”
The WikiLeaks releases are that type of crisis, he added, and it is hard to know where to set the dial.
“As a result of WikiLeaks, we will move that dial back a bit, more to the ‘protect’ side, but I think it is very important that we don’t overreact to it and simply shut down into international enclaves and cut off sharing,” he said. “It would be massively counterproductive.”
NATO has to use all the technical means it has to protect itself from something like WikiLeaks or any other attempt to “intrude, manipulate, move data or reveal classified secrets,” Stavridis said.
“There’s a policy side to it, which is deciding where the dial goes, and there’s a technical side to it, and we’re very working very hard to put those in place,” he added.
The admiral said he believes a cyber attack could trigger a response in accordance with Article 5 of the NATO Charter, which states that an attack on any NATO member is an attack on all NATO members. He also noted how cyber attacks can vary from espionage to DoS attacks to kinetic effects.
“When you come into my networks and are manipulating my air traffic control data, and you are causing airplanes to be unable to land and they crash and people die,” he added, “that’s an attack.”
Although NATO is not yet looking to establish a counterpart to U.S. Cyber Command, that will be one of the questions officials ponder upon at the Center for Excellence for Cybersecurity in Tallinn, Estonia, as the process moves forward, Stavridis said.
“I could envision within the NATO alliance an operational command that focuses on cyber,” he said. “At the moment, that work is imbedded in several of the NATO agencies. But I think we are seeing this as an operational task, so I will be advocating putting more of this on the operational side.”