ESTONIA—This week, NATO kicked off Cyber Coalition 2013, a three-day event organized to test Allies’ response to coordinated network attacks.
28 Ally nations participated in this exercise, with over 300 cyber defense experts working at centers in their host countries, as well as an additional 80 participating at the National Defense College in Tartu, Estonia—the host site of the event. Members from five non-NATO countries—Sweden, Switzerland, Austria, Ireland, and Finland—also took part in the exercise.
The fact that Estonia hosted this event is not random. In 2007, after the nation removed a World War II-era statue of a Soviet soldier, Estonia became the target of a month-long cyber campaign directed against its banks and national newspapers. Initial assessments pointed to persons of Russian descent, perhaps even officials working in the administration of Russian President Vladmir Putin, as the likely culprits. Russia has continually denied these allegations.
Since then, Estonia has led a number of global efforts to help states learn about cyberwar in a digital age. This includes having hosted a group of experts in international law, cyber policy, and national security earlier this year, which led to the publication of The Tallinn Manual on the International Law Applicable to Cyber Warfare.
This week’s cyber defense exercise was structured around a simulated cyber crisis that required the participating response teams to coordinate their actions in order to avoid a barrage of imaginary cyber attacks.
Events like Cyber Coalition 2013 raise interesting questions about the future of cyber security, particularly in regards to the creation of an international cyber policy regime.
Today, Article 5 of the North Atlantic Treaty, the founding document of NATO, upholds the principle of collective self-defense: an attack against one Ally constitutes an attack against all. But this does not currently apply to cyber attacks, which reflects some Allies’ concerns that this would infringe on their national sovereignty.
If NATO ultimately broadens Article 5 to include cyber attacks, this could revolutionize cyber security. Among other things, it could compel the NATO Allies to articulate a single common conceptualization of cyberspace and adopt common protective measures to be used against cyber attacks.
For the time being, some NATO Allies will continue to block the application of Article 5 to cyberspace. But this will last only as long as these states have not felt the effects of serious cyber attacks. And with deepening technological integration, more people using the Internet, and the increasing sophistication of cyber attacks, this might just be a matter of time.
For in time, other states will more than likely come to appreciate Estonia’s experience firsthand. It is in this context of shared victimhood that cyber security could ultimately surpass national boundaries and become a transnational objective.
David Bisson | @DMBisson
Area of Expertise:
David specializes in cyber security as it relates to U.S. national security and to American military and strategic culture.
Professional Biography:
David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation. He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern. Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.