The leaders of the 30 NATO nations agreed “that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack,” an evaluation that would result in the invocation of the group’s mutual self-defense clause, Article 5.
The nations “(reaffirmed) that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis,” in keeping with a joint assertion launched throughout the NATO leaders’ summit on Monday.
“We will make greater use of NATO as a platform for political consultation among Allies, sharing concerns about malicious cyber activities, and exchanging national approaches and responses, as well as considering possible collective responses. If necessary, we will impose costs on those who harm us,” the joint communique mentioned.
Speaking to the press on Sunday, US National Security Adviser Jake Sullivan mentioned that “the notion is that if someone gets hit by a massive cyberattack, and they need technical or intelligence support from another Ally to be able to deal with it, they could invoke Article 5 to be able to get that,” however underscored it could be “on a case-by-case basis.”
The NATO joint communique famous that “Cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent.”
“This has been recently illustrated by ransomware incidents and other malicious cyber activity targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm,” it mentioned.
Some extra background: The United States has been hit with a spate of cyberattacks in recent weeks, a few of that are believed to have been brought on by malign actors in Russia. The joint communique denounced Moscow’s “malicious cyber activities; and turning a blind eye to cyber criminals operating from its territory, including those who target and disrupt critical infrastructure in NATO countries.”
The allies mentioned that with a view to face the “evolving” problem of cyber assaults, they on Monday “endorsed NATO’s Comprehensive Cyber Defence Policy, which will support NATO’s three core tasks and overall deterrence and defence posture, and further enhance our resilience.”
“Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law,” the joint communique mentioned.
It additionally famous that NATO as a corporation will “continue to adapt and improve its cyber defences” and that they are going to “further develop NATO’s capacity to support national authorities in protecting critical infrastructure, including against malicious hybrid and cyber activity. We will ensure reliable energy supplies to our military forces.”