NEWYou can now listen to Fox News articles!
Since the Russian invasion of Ukraine, the Biden administration has escalated warnings of likely Russian cyberattacks on U.S. infrastructure and business. Even more worryingly, cyber-alarmists like the chairman of the Senate Intelligence Committee, Mark Warner, D-Va., Have suggested that cyberattacks by the Kremlin may be acts of war that trigger NATO’s collective defense.
This cloud-ice-falling delusion, especially from leaders with access to classified intelligence, is counterproductive at best and dangerous at worst.
Cyberattacks are rarely acts of war, and treating them as if they are undermines NATO’s ability to deal with real threats other than cyber warfare.
FBI INTERRUPTS RUSSIAN MILITARY HACKERS, PREVENTS BOTTOM IN UKRAINE WAR
NATO has only relied on Article 5 – which triggers a collective response – once, and that was after the 9/11 attacks.
Cyber attacks are unlikely to destroy buildings and kill thousands in an instant. While collective defense extends to cyberspace, few operations could realistically be a cause of war.
This will include cyber attacks that result in death or injury such as traditional military operations or coordinated attacks that bring the power grid or entire economic sectors offline. However, these scenarios are unlikely: such attacks require far too much time, funding, manpower and control. Instead, most attacks temporarily overwhelm servers with traffic, deny network access, hold computers hostage, and steal or delete data.
Building cyber resilience is an important step forward. It recognizes that in many cases the Russians will get the best out of us in cyberspace.
Even if allies wanted to trigger Article 5 on cyber operations, disagreement over the definitions of threats, the origin of attacks and pain thresholds in cyberspace could derail the process.
NATO SAYS FOR THE FIRST TIME THAT IT SHOULD INCLUDE CHINA’S EFFECTIVE INFLUENCE ‘IN ITS DEFENSE STRATEGY
Collective retaliation requires a unanimous vote across NATO; Building unity across these points is almost impossible for most cyber activities. Unlike missile attacks or tanks in the streets, there are few “red lines” to distinguish cybercrime, cyber espionage, and cyberbullying from digital acts of war.
In addition to the bureaucratic and logistical constraints of elevating cyber to a casus belli, the focus on cyber attacks as acts of war distracts from the more likely Russian digital attacks below the level of armed conflict. These include ransomware attacks and supply chain infiltrations similar to criminal activity or espionage.
The Kremlin is particularly adept at the latter. In the SolarWinds compromise, Russia hacked a company’s software product to gain access to networks of Fortune 500 companies and US government agencies.
Spillover from operations in Ukraine poses an additional risk. The Russians have already deployed several digital tools to destroy computer data, resulting in corrupt computers for Ukrainian companies with government support roles. The same malicious software has also affected several Latvian and Lithuanian companies.
The danger is another situation like NotPetya in 2017, where malware self-replicated, spread past Ukrainian targets to paralyze networks in over 150 countries, creating $ 10 billion in damage.
CLICK HERE TO RECEIVE THE OPINION NEWSLETTER
Each of these scenarios is much more likely than a “cyber-judgment day” that would justify an Article 5 response from NATO members.
To be fair, politicians’ fears of cyber warfare have led to some positive developments for the alliance. For example, over the past many years, NATO has developed its own framework for combining cyber and conventional military capabilities in warfare. But allies remain unprepared to deal with “death by 1,000 cuts” in cyberspace.
Concentrating only on acts of war is done at the expense of dealing with the cumulative cost of low-level cyber threats over time. This leads to an excessive reliance on cyber deterrence or defensive slap-a-mold strategies, none of which are sustainable.
Threats of retaliation simply do not deter most cyber attacks, and it is unrealistic for defensive measures to stop any hacker.
Politicians across NATO must recognize that security flaws are the norm in cyberspace and that the increased cost of failure over time is as dangerous as the threat of cyber warfare.
Building cyber resilience is an important step forward. It recognizes that in many cases the Russians will get the best out of us in cyberspace. The focus is on checking for errors to limit damage and quickly get networks online again.
CLICK HERE TO GET THE FOX NEWS APP
Moving from buzzword to actual strategy requires addressing several issues. Which digital assets are most significant? Where is the alliance most exposed to Russian cyber attacks? Where should NATO reduce operational risks, and in what areas can it take on more? How can allies track long-term trends and adapt to new technologies?
The Russian cyber threat has come to stay. Collective defense is – and should remain – the cornerstone of NATO. But time is running out for the alliance to protect itself from scenarios that are not complete cyber warfare.