NATO is not “tied to any cybersecurity actions” but is willing to bypass laws to protect its member states in the event of attacks, according to a company IT security officer speaking at Hannover’s CeBIT 2015 trade show.
Cyber Defence Officer Christian Liflander said that protecting the 500 million citizens who fall under NATO’s (North Atlantic Treaty Organisation) influence would always be its top priority.
He believes that although a large amount of uncertainty continues to surround the threats that cyber attacks pose to the world, nation states are becoming wiser as to how to deal with menace.
“I think things have the potential to stabilise because we are no longer in the Wild West when it comes to cyberspace,” he said. “The threat is broad, with patriotic and profit-motivated hackers as well as hacktivists, as well as nation states – who pose perhaps the most potent threat.”
He was keen to emphasise how NATO is collaborating with key organisations in deterring threats. “NATO is trying to strengthen the weakest links, to make sure national allies up their game by increasing their network strength,” he said. “It’s a cooperation effort with the likes of the UN and the EU, but we see our role as one that is complementary, rather than trying to be all things to different people.”
When asked about the potential use of Article 5 – a NATO treaty that condones appropriate action if a member state is attacked – in the event of a cyber-attack, Liflander said boundaries were unclear. “First and foremost any aggression would have to be recognised as an attack,” he said. “There are currently no thresholds so it’s more a question of a political judgment call. It’s a question of ‘did they steal our toaster?’ The response doesn’t have to be symmetrical to the initial aggression; we haven’t tied ourselves to a specific response.”
Nonetheless, Liflander feels the discussion around cybersecurity is at the tip of the iceberg. “The conversation has barely started,” he said. “Cyber capabilities in the future will change. Much will depend on consequences, as not all consequences are equal, and neither are attacks.”
Touching on the issues of entering an ambiguous post-Snowden era, whereby security and privacy are in conflict, Liflander said NATO is remaining on standby. “I don’t think we’ve entered a grey area in this respect,” he said. “We have not discussed the issue. We rely on our allies, and if we come across information that’s of interest to our allies then we share it with them. You cannot compromise privacy at the expense of security and vice versa. The answer will emerge over time, but imbalance either way will cause problems.”
When asked if cyber warfare had become a more serious threat than military action, Liflander suggested that statistics could be misleading. “If you believe in numbers that determine that sort of thing then you’re hallucinating,” he said. “It’s hard to know, as attackers who are up to bad deeds could be on your network right now without you knowing.”
Liflander was keen to stress the importance of healthy cybersecurity investments. “It doesn’t have to break the bank,” he said. “It’s not resource intensive but is challenging from a political point of view. Nonetheless, even during austerity it is a wise investment.”