Cyberattack on NATO could trigger collective defence clause

Cyberattack on NATO members could trigger a collective defense clause, amid fears over Russian conflict spreading.


Reuters March 01, 2022
Filippo Grandi, UN High Commissioner for Refugees, Alessandra Vellucci, Director of the United Nations Information Service (UNIS) and Martin Griffiths, UN Under-Secretary-General for Humanitarian Affairs and Emergency Relief Coordinator attend the launch of 2022 humanitarian response plans for Afghanistan and the region in Geneva, Switzerland January 10, 2022. PHOTO: REUTERS

LONDON/WASHINGTON:

 A cyberattack on a NATO member state could trigger Article 5, its collective defence clause, a NATO official said on Monday, amid concerns that chaos in cyberspace around Russia's invasion of Ukraine could spill over into other territories.

The military alliance has for years made clear that a serious cyberattack could trigger the clause, but such a scenario has so far been largely hypothetical.

"Allies also recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as an armed attack," the official told Reuters.

"We will not speculate on how serious a cyberattack would have to be in order to trigger a collective response. Any response could include diplomatic and economic sanctions, cyber measures, or even conventional forces, depending on the nature of the attack," the official said.

Whether or not a cyberattack met the threshold of an attack large enough to trigger Article 5 was a "political decision for NATO Allies to make," they added.

Britain and the United States have warned of potential cyberattacks on Ukraine which could have international consequences should, for example, malicious software designed to target networks in Ukraine start to spread elsewhere. 

There has also been concern among cybersecurity experts that Russia could team up with some of the gangs and people who release malicious software, such as malware used to hold Colonial Pipeline to ransom in the United States last year.

US Senate Intelligence Committee Chairman Mark Warner said there were no clear guidelines on how NATO (North Atlantic Treaty Organization) should respond, should such an attack take place.

"These are things that have been in hypothetical discussion for a decade, but because we've not come to any universal conclusion on what those standards should be, what level of attribution is needed, we're kind of in a very grey area," he told Reuters.

He posed the hypothetical case of a Russian cyberattack on Ukraine that impacts NATO member Poland, triggering power outages that result in hospital patients dying or knocking out traffic lights, causing fatal road accidents involving US troops deployed there.

"The West may have wanted strategic ambiguity in this area, and that may still be the right choice," he added.

"But have we sufficiently made clear to the Russians the red lines on cyber or frankly to the NATO public, the American public, on red lines on cyber? I don't think we've done that."

Warner said he was "pleasantly surprised" a massive Russian cyberattack had not occurred. But he added that such an attack "becomes even more dangerous with Putin elevating the readiness of his nuclear weapons."

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ