The Madrid Summit is an opportunity for NATO to strengthen its cyber resilience
Author: Christina Hill, M.A. candidate in Stanford’s Center for Russian, Eastern European, and Eurasian Studies
In December 2015, Ukraine’s power grid fell victim to a cyberattack that resulted in power outages for around 230,000 citizens. The attack, which was attributed to the “Sandworm Team” — a cyber-military unit of Russia’s foreign military intelligence agency — was highly sophisticated. It comprised of a multi-stage process, which included using phishing emails to spread malicious software (also known as malware) among the energy company’s networks, remotely switching off energy stations, destroying files on servers, and conducting a distributed denial-of-service (DDOS) attack to deny consumers information on the blackout.[1]
Seven years later, the invasion of Ukraine has put Russian influence operations and technological warfare back on the map. In the current Russo-Ukrainian War, Russia has been conducting strategic DDOS attacks on elements of Ukraine’s cyber infrastructure and widespread online propaganda campaigns.[2] However, Ukraine has not been the only testing ground for Russia’s cyberwarfare capabilities. Russia has also conducted a series of large-scale cyberattacks against other neighboring countries over the past decades, including Estonia and Georgia. In the face of Russia’s increasingly mature cyberwarfare capabilities, the NATO Alliance must build up its cyber resilience and overcome political and technological challenges to solidify its place as a major geostrategic player in the 21st century.
Russia’s cyberwarfare capabilities are growing more sophisticated
In the past two decades, Russia has conducted concerted cyberattacks in Estonia, Georgia, and Ukraine. The cyber threats against Russia’s neighboring countries highlight the sophistication and capabilities of Russian cyberwarfare. These include both conventional hacking and widespread information operations.
In 2007, Estonia was one of the first countries to come under a Russian cyberattack. Estonia fell victim to far-reaching and unattributed cyberattacks after a skirmish between Russian-speakers and the Estonian government.[3] The attacks lasted weeks and targeted Estonian banks’ online services, media outlets, and government servers, causing major disruptions. Estonia was able to determine that the attacks originated from a Russian IP address but Estonian appeals to Russia for help were ignored. Although there is no concrete evidence that the attacks were sanctioned by the Kremlin, an anonymous Estonian government official told the BBC in 2007 that “[evidence suggested the attack] was orchestrated by the Kremlin, and malicious gangs then seized the opportunity to join in.”[4]
The Russo-Georgian war of 2008 also featured a series of cyberattacks that swamped and disabled websites across Georgia. The war was the first example of a coordinated attack in cyberspace that occurred while other traditional combat domains were also engaged. The cyberattack was also unique because it was a method of intelligence gathering for other military operations.[5] The attacks included various DDOS attacks that denied and disrupted communications and concurrently enabled information extraction for intelligence purposes.[6]
Following the attack on its power grid, Ukraine faced another series of cyberattacks in 2017. Also attributed to “Sandworm,” these attacks deployed a malware called Petya, which targets Microsoft-Windows based systems and demands the user make a payment in bitcoin to regain access to their system. An even more potent malware dubbed “NotPetya” infected systems at an incredibly fast speed without requiring a phishing attack to infiltrate computers. According to experts, the targeted attack “disabled 10 percent of computers in Ukraine and inflicted financial costs amounting to 0.5 percent of Ukraine’s GDP,” while causing extensive damage to the country’s digital and critical infrastructure.
The incidents demonstrated to the world the possible impact of cyberattacks. The events also signaled that Russian cyberwarfare is maturing and becoming increasingly prevalent. Through hacking groups and its intelligence services, Russia has perfected its cyberwarfare dominance. As highlighted in the cases of Estonia, Georgia, and Ukraine, hacking can begin as a phishing attack that loads malware onto a person’s computer, or it can be a complete attack on servers leading to DDOS. Innovative hacking methods now include malware downloads without the need for phishing. Meanwhile, disinformation has made waves in the past six years as a more covert and psychological cyber offensive maneuver, whereby threat actors systematically publish and spread factually incorrect information or propaganda to manipulate and mislead an enemy.
These cyberwarfare methods have become powerful tools for the Russian government in their mission to target Western unity and degrade faith in Western governance institutions. Consequently, Russia has become — and will likely remain — one of NATO’s biggest cyber threats.
NATO must overcome political challenges to build cyber resilience
NATO’s response to these cyberattacks were generally swift and complex. Following the Estonian attacks, NATO conducted an internal analysis into the country’s cybersecurity and infrastructure defenses that became the building block for a unified cyber defense policy and the creation of the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) in 2008.
In 2013, an international group of legal scholars and cyber experts invited by the CCDCOE crafted a non-binding manual titled “Tallinn Manual on the International Law Applicable to Cyber Warfare,” which details how international law applies to cyberconflicts and cyberwarfare.
Although Georgia and Ukraine are not members of the NATO Alliance, they still prompted a NATO response. Following the 2015 power grid attack, for example, the Alliance established a NATO-Ukraine Platform on Countering Hybrid Warfare. The platform works to establish cooperation in identifying and responding to hybrid threats.[7] NATO also set up a Cyber Defence Fund to help Ukraine develop technical capabilities to counter cyber threats and to monitor cybersecurity events. The Fund also enabled Ukraine to adopt its technology and policy advice.[8]
However, as cyber threats against NATO escalate, the alliance must do even more to build cyber resilience. While the Alliance is actively strengthening its offensive and defensive strategies, such efforts are still in their infancy.[9]
Building resilience against digital actors will require NATO to overcome political challenges. NATO will have to prove itself as a major geostrategic player in cyberspace in order to protect members of the Alliance and their partners in the coming years. The NATO alliance has already bolstered its own and its partners’ cyber defense systems, but more work is needed. It is inevitable that future global conflicts will feature hybrid warfare: cyberattacks launched in conjunction with conventional warfare. Alternatively, future conflicts could be fought solely via cyberattacks. Russia’s encroachment into Ukraine and the Baltic nations will continue to feature elements of hybrid warfare that will necessitate NATO’s defensive support.
NATO has confirmed that cyber defense is part of its core task of collective defense and has confirmed that international law applies in cyberspace. The Alliance has strengthened its capabilities for training, and has set up a Cyber Rapid Reaction team to assist Allies 24 hours a day. In 2019, NATO set up a Cyberspace Operations Centre as a part of its Command Structure and is now intensifying cooperation with private industry. Most recently, in 2021, NATO endorsed a Cyber Defence Policy which supports overall deterrence and defense posture as it relates to cyber resilience.[10] However, NATO must do more to adopt offensive capabilities and policies.
In 2022, NATO will adopt a new strategic concept which will define “the security challenges facing the Alliance and outline the political and military tasks NATO will carry out o address them.”[11] This must be a time to re-visit its cyber strategy and how it will be developed through cooperation between NATO members and partnerships. NATO should provide more funding to assist cyber capabilities of each country and explore ways to educate and train each country on how to spot and halt hacks and disinformation. This will deepen the Alliance’s collective defense capabilities, while ensuring there are no “weak links” and preparing all members for the future of hybrid warfare.
Further, NATO must cooperate with European countries and other nations through “cyber diplomacy” in order to assist partner nations that are Russia’s neighbors, like Ukraine and Georgia. Cyber diplomacy between these countries and NATO will ensure that future cyberattacks do not immobilize internet infrastructures and that their militaries are prepared for hybrid warfare. Finally, cyber partnerships must be strengthened with private industry, ranging from social media sites to technology innovators, so that NATO can be prepared for Russia’s increasingly complex cyber strategy.
Upgrading technological capabilities will prepare NATO for the future of cyberwarfare
Additionally, in order to prepare itself for the future of cyberwarfare, NATO will have to adopt innovative Artificial Intelligence (AI) technologies, while each member state can decide how to implement the mechanisms as they see fit. These partnerships in cyber defense will work to establish more advanced and innovative cybersecurity techniques and solidify NATO’s place as a major geostrategic player in the 21st century.
AI technologies must form a major component of NATO’s Strategic Components, namely collective defense, crisis management, and cooperative security. As potential adversaries begin to use AI for military purposes, it is imperative that NATO keep pace and remain unified in their development of and standards for AI technology. AI will be of great assistance in finding cyber offensive tactics and then learning from those to prevent future attacks as well as spotting and halting disinformation from becoming viral.
Naturally, there may be political pushback and technological challenges in the face of adopting new solutions to combat cyberwarfare. However, the NATO alliance must focus on their collective goal of resiliency and put cyber capabilities at the top of their agenda. The current Russia-Ukraine crisis has demonstrated the efficacy of this method as the Ukrainian government has implemented more complex defenses in their network systems. Furthermore, hybrid warfare will include AI in the future, so NATO must prepare itself for that inevitability by bolstering its own cyber capabilities.[12] Future conflicts will not merely be fought conventionally but in both the physical and cyber domain.
NATO will meet in Madrid in June to outline its new cyber strategy. Key recommendations for 2022 must include bolstering all member nations’ and allies’ government systems to fend off cyberattacks. The strategy must also include concrete goals for adopting AI technologies.
NATO member states and partners have faced major cyberattacks from Russia since the beginning of the 21st century. This new domain of warfare has since evolved, causing NATO to change its military posturing and cyber strategy. In order to defend against Russian hacking and disinformation, NATO must continue to establish partnerships and make strides in technological innovation.
Christina Hill is a M.A. candidate in Stanford’s Center for Russian, Eastern European, and Eurasian Studies. Her research focuses on international security as it relates to cyber, space, and nuclear policy.
___________________________________________________________________
[1] “̳ , ̳.” Ukrainian Energy Ministry, 12 Feb. 2016, http://mpe.kmu.gov.ua/minugol/control/uk/publish/article?art_id=245086886&cat_id=35109.
[2] Volz, Dustin, and Robert McMillan. “In Ukraine, a ‘Full-Scale Cyberwar’ Emerges.” The Wall Street Journal, Dow Jones & Company, 13 Apr. 2022, https://www.wsj.com/articles/in-ukraine-a-full-scale-cyberwar-emerges-11649780203.
[3] McGuinness, Damien. “How a Cyber Attack Transformed Estonia.” BBC News, BBC, 27 Apr.
2017, https://www.bbc.com/news/39655415.
[4] Ibid.
[5] Hollis, David. “Cyberwar Case Study: Georgia 2008 — Small Wars Journal.” Small Wars
Journal, https://smallwarsjournal.com/blog/journal/docs-temp/639-hollis.pdf.
[6] Ibid.
[7] Nato. “NATO and Ukraine Hold Workshop on Use of Hybrid Tactics in Multilateral Diplomacy.” NATO, 15 Oct. 2021, https://www.nato.int/cps/en/natohq/news_187559.htm?selectedLocale=en.
[8] “NATO’s Support to Ukraine Fact Sheet.” NATO, July 2016.
[9] Tucker, Patrick. “NATO Getting More Aggressive on Offensive Cyber.” Defense One. Defense One, April 13, 2021. https://www.defenseone.com/technology/2019/05/nato-getting-more-aggressive-offensive-cyber/157270/.
[10] Nato. “Cyber Defence.” NATO, 30 Nov. 2021, https://www.nato.int/cps/en/natohq/topics_78170.htm.
[11] Nato. “Strategic.” NATO 2022 Strategic Concept, https://www.nato.int/strategic-concept/Index.html#:~:text=NATO%20will%20adopt%20its%20new,carry%20out%20to%20address%20them.
[12] Christie, Edward Hunter, and Zoe Stanley-Lockheed. “An Artificial Intelligence Strategy for NATO.” NATO Review, Nato Review, 25 Oct. 2021, https://www.nato.int/docu/review/articles/2021/10/25/an-artificial-intelligence-strategy-for-nato/index.html.
