Nato warns of strikes against cyber attackers

By Michael Smith and Peter Warren

NATO is considering the use of military force against enemies who launch cyber attacks on its member states.

The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China.

A team of Nato experts led by Madeleine Albright, the former US secretary of state, has warned that the next attack on a Nato country “may well come down a fibre-optic cable”.

A report by Albright’s group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation.

The Bronze soldier of Tallinn, the Russian soldier who started a cyberspace attack - pic courtesy Petri Krohn

Article 5 is the cornerstone of the 1949 Nato charter, laying down that “anarmed attack” against one or more Nato countries “shall be considered an attack against them all”.“A large-scale attack on Nato’s command and control systems or energy grids could possibly lead to collective defence measures under article 5,” the experts said.

It was the clause in the charter that was invoked following the September 11 attacks to justify the removal ofthe Taliban regime in Afghanistan.

Nato is now considering how severe the attack would have to be to justify retaliation, what military force could be used and what targets would be attacked.

The organisation’s lawyers say that because the effect of a cyber attack can be similar to an armed assault,there is no need to redraft existing treaties.

Eneken Tikk, a lawyer at Nato’s cyber defence centre in Estonia, said it would be enough to invoke the mutual defence clause “if, for example, a cyber attack on a country’s power networks or critical infrastructure resulted in casualties and destruction comparable to a military attack”.

Nato heads of government are expected to discuss the potential use of military force in response to cyber attacks at a summit in Lisbon in November that will debate the alliance’s future. General Keith Alexander, head of the newly created US cyber command,said last week there was a need for “clear rules of engagement that say what we can stop”.

The concerns follow warnings from intelligence services across Europe that computer-launched attacks from Russia and China are a mounting threat. Russian hackers have been blamed for an attack against Estonia in April and May of 2007 which crippled government, media and banking communications and internet sites.

It is thought the attacks were prompted by the moving of a statue of a Russian soldier, a monument from the Second World War, that had become the focus of dissent between the Estonian authorities and the minority Russian population.

Russian hackers were also blamed for attacking Georgian computer systems during the August 2008 invasion of the country, bringing down air defence networks and telecommunications systems belonging to the president, the government and the banks.

Alexander disclosed last week that a 2008 attack on the Pentagon’s systems, believed to have been mounted by the Chinese, successfully broke through into classified areas.

Britain’s Joint Intelligence Committee cautioned last year that Chinese-made parts in the BT phone network could be used to bring down systems running the country’s power and food supplies.

Some experts have warned that it is often hard to establish government involvement. Many Russian attacks, for example, have been blamed on the Russian mafia. The Kremlin has consistently refused to sign an international treaty banning internet crime.


This story was first published in the Sunday Times on the 6th of June, 2010