The Russian cyber threat is here to stay and NATO needs to understand it

0 83

Since the Russian invasion of Ukraine, the Biden administration has escalated warnings about likely Russian cyber-attacks on American infrastructure and business. More worrying still, cyber alarmists like Senate Intelligence Committee Chairman Mark Warner, D-Va., have suggested that cyber-attacks from the Kremlin could be acts of war that trigger NATO’s collective defense. 

This sky-is-falling delusion, particularly from leaders with access to classified intelligence, is at best counterproductive and at worst dangerous. 

Cyber-attacks are rarely acts of war, and treating them as if they are undermines NATO’s ability to deal with real threats short of cyber war.


NATO has only invoked Article 5 – which triggers a collective response – once and that was after the 9/11 attacks. 

Cyber-attacks are unlikely to destroy buildings and kill thousands in an instant. While collective defense extends to cyberspace, few operations could realistically be a cause for war. 

The Russian cyber threat is here to stay and NATO needs to understand it

This would include cyber-attacks resulting in death or damage like traditional military operations or coordinated assaults that take the power grid or entire economic sectors offline. These scenarios are unlikely though: such attacks require far too much time, funding, manpower, and control. Instead, most attacks temporarily overwhelm servers with traffic, deny network access, hold computers hostage, and steal or delete data. 

Building cyber resilience is an important step forward. It acknowledges that, in many cases, the Russians will get the best of us in cyberspace. 

Even if allies wanted to trigger Article 5 over cyber operations, disagreements about the definitions of threats, origins of attacks, and pain thresholds in cyberspace can derail the process. 


Collective retaliation requires a unanimous vote across NATO; building unity across these points is nearly impossible for most cyber activity. Unlike missile attacks or tanks in the streets, few “red lines” exist to distinguish cybercrime, cyber espionage, and cyber disruption from digital acts of war.

Beyond the bureaucratic and logistical limitations of elevating cyber to a casus belli, focusing on cyber-attacks as acts of war distracts from the more likely Russian digital assaults below the level of armed conflict. These include ransomware attacks and supply chain infiltrations that look like criminal activity or espionage. 

The Russian cyber threat is here to stay and NATO needs to understand it

The Kremlin is particularly adept at the latter. In the SolarWinds compromise, Russia hacked one company’s software product to access networks of Fortune 500 companies and U.S. government agencies. 

Spillover from operations in Ukraine poses an additional risk. The Russians have already deployed several digital tools to destroy computer data, resulting in corrupted computers for Ukrainian companies with government support roles. The same malicious software has also affected several Latvian and Lithuanian businesses. 

The Russian cyber threat is here to stay and NATO needs to understand it

FILE – NATO Secretary General Jens Stoltenberg speaks to the press ahead of a meeting of NATO Foreign Affairs Ministers to be held on Nov. 30-Dec.1, at the NATO headquarters, in Brussels, Belgium, Friday, Nov. 26, 2021.
(AP Photo/Olivier Matthys)

The danger is another situation like NotPetya in 2017, where malware self-replicated, spread past Ukrainian targets to cripple networks in over 150 countries, and created $10 billion in damages. 


Each of these scenarios are much more likely than a “cyber doomsday” that would justify an Article 5 response from NATO members.

To be fair, policymakers’ fears of cyber war have led to some positive developments for the alliance. For instance, over the last several years, NATO has developed its own framework for combining cyber and conventional military capabilities in warfighting. But allies remain unprepared to deal with “death by 1000 cuts” in cyberspace. 

Concentrating only on acts of war comes at the expense of addressing the cumulative costs of low-level cyber threats over time. It leads to an overreliance on cyber deterrence or defensive whack-a-mole strategies, neither of which are sustainable. 

Threats of retaliation simply don’t deter most cyber-attacks, and it is unrealistic for defensive measures to stop every hacker. 

Policymakers across NATO must acknowledge that security failures are the norm in cyberspace, and that the compounding costs of failure over time are every bit as dangerous as the threat of cyber war.

Building cyber resilience is an important step forward. It acknowledges that, in many cases, the Russians will get the best of us in cyberspace. The focus is on controlling failures to limit damage and quickly get networks back online. 


Moving from buzzword to actual strategy requires addressing several questions. Which digital assets are most significant? Where is the alliance most exposed to Russian cyber-attacks? Where should NATO reduce operating risks, and in what areas can it assume more? How can allies track long-term trends and adapt to new technologies? 

The Russian cyber threat is here to stay. Collective defense is – and should remain – the cornerstone of NATO. But time is running out for the alliance to protect itself from scenarios that aren’t all-out cyber war.


Leave A Reply

Your email address will not be published.