Skip to main content

"There is no military operation, no military conflict without a cyber dimension today"

In the 2018 Brussels Summit Declaration NATO reaffirms its determination "to employ the full range of capabilities, including cyber, to deter the full spectrum of cyber threats." Just for understanding: How does deterrence look like in cyberspace? 

In a broader sense, NATO defines deterrence as "convincing a potential aggressor that the consequences of coercion or armed conflict would outweigh the potential gains. This requires the maintenance of a credible military capability and strategy with the clear political will to act."

Cyber threats to the security of the Alliance are becoming more frequent, complex and disruptive. A cyber attack on one Ally can affect all of us.

Allies have made clear that many state and non-state actors are advancing their cyber capabilities, which are low cost and growing in potency. 

As the world becomes increasingly interconnected, we expect potential adversaries will rely more on cyber when seeking to gain political, military or economic advantages.

NATO Allies bear the primary responsibility for their national cyber defences. At the 2016 Warsaw Summit, Allied leaders pledged to strengthen their cyber defences as a matter of priority. NATO is supporting its Allies in this effort.

NATO protects its own IT networks 24 hours a day from cyber-attacks. We have a NATO Computer Incident Response Capability, including rapid reaction cyber defence teams on 24/7 standby that can help Allies under attack. 

Such teams could be deployed, if requested by an Ally, to support national efforts in a variety of areas. 

In a conventional manner, deterrence works through the communication of capability and willingness. Is this concept still applicable to the cyber realm? How can cyber-capabilities be communicated without being visibly executed against the one to be deterred?

NATO has been transparent about the actions it has taken with regard to cyber defence and has clearly communicated its intent to protect its population and territory against any threat, this includes cyber threats. 

Through our public announcements the Alliance has made clear it has the capabilities and willingness to deter any potential aggressor and potential attacks, including those from the cyber realm.

Through cyber defence, Allies have been able to disrupt the cyber networks of Daesh to reduce their ability to recruit, to fund, to communicate. 

In July 2016, Allies reaffirmed NATO's defensive mandate and recognised cyberspace as a domain of operations.

An updated action plan on cyber defence was endorsed by Allies in February 2017. 

The policy establishes that cyber defence is part of the Alliance's core task of collective defence, confirms that international law applies in cyberspace and intensifies NATO's cooperation with industry. The top priority is the protection of the communications systems owned and operated by the Alliance.

Following the 2018 Brussels Summit, Allies also agreed to set up a new Cyberspace Operations Centre as part of NATO's strengthened Command Structure and that NATO can draw on national cyber capabilities for its missions and operations.

NATO's Computer Incident Response Capability (NCIRC) based at SHAPE, Mons, Belgium, also protects NATO's own networks by providing centralised and round-the-clock cyber defence support to the various NATO sites.

Official announcements underline the necessity of NATO's partnership with industry and academia concerning cyber-security issues. As cyber operations need security gaps in hard- and software and the best cyber defence is to close relevant security gaps, what exactly is the industry's role in cooperation with NATO and its member states?

Our enhanced cyber policy defines ways to take forward awareness, education, training and exercise activities, and encourages further progress in various cooperation initiatives, including those with partner countries and international organisations.

We are further developing our partnership with industry and academia from all Allies to keep pace with technological advances through innovation.

The expertise of the private sector is crucial which is why NATO is strengthening its relationship with industry through the NATO Industry Cyber Partnership by information sharing, training and exercises. 

This partnership relies on existing structures and includes NATO entities, national Computer Emergency Response Teams (CERTs) and NATO member countries' industry representatives.

To remain current and abreast of best cyber defence practice, NATO also conducts regular exercises; some of them open to industry partners. Cyber Coalition is NATO's flagship annual cyber defence exercise and one of the largest in the world. The exercise tests and trains cyber defenders from across the Alliance in their ability to defend NATO and national networks. 

From defending against malware, through hybrid challenges involving social media, to attacks on mobile devices, the exercise has a challenging, realistic scenario that helps prepare our cyber defenders for real-life cyber challenges. Industry and academia also participate in Cyber Coalition. 

Another example of exercises linked to NATO and open to Industry is one that has already taken place this year, Exercise Locked Shields 2019. It is an annual exercise organised by the NATO Cooperative Cyber Defence Centre of Excellence and was held from 8-12 April this year.

This exercise enables cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under ­real-time attacks. The focus is on realistic scenarios, cutting-edge technologies and simulating the entire complexity of a massive cyber incident, including strategic decision-making, legal and communication aspects.

This year's exercise was organised in cooperation with the Estonian Defence Forces, the Finnish Defence Forces, the United States European Command, National Security Research Institute of the Republic of Korea, Tallinn University of Technology, and substantial participation from industry representatives. 

NATO sees - as you have just mentioned - cyber defence as its core task of collective defence and affirms that the invocation of Article 5 can happen in a case-by-case decision. Some people say that there is an on-going cyber war between member states and hostile powers, including state and non-state actors. So how far are we away from an Article 5 scenario?

NATO's main focus in cyber defence is to protect its own networks (including operations and missions) and enhance resilience across the Alliance.

We are of course aware that cyber is a challenge, in many ways. There is no military operation, no military conflict without a cyber dimension today.  

We are also aware that cyber has been used to try to meddle in political democratic processes across the Alliance - that's one of the reasons why we have significantly increased our cyber defences, the resilience of our cyber networks, increased awareness among Allies, why we are exercising, and why Allies have decided that cyber-attacks can trigger Article 5.

As for how far away are we from an Article 5 scenario, it would not be appropriate for me to speculate on what type of cyber-attack would trigger Article 5. 

Any decision to invoke Article 5 and the Alliance's potential response would be context dependent and based on a political decision.

The Alliance's response could include diplomatic and economic sanctions, cyber-responses, or even conventional forces, depending on the nature and consequences of the attack. 

Whatever the response, NATO will continue to follow the principle of restraint. And act in accordance with international law.

Turning to another dimension of security: Dialogue is, together with deterrence, often perceived as one of the two sides of the same medal. What opportunities to foster new dialogue does the cyberspace offer?

Dialogue is important no matter the domain. Transparency is a priority for our Alliance and our citizens deserve to know what we are ­doing. 

Cyberspace offers many opportunities for dialogue. Through the online world, Allies can communicate with each other instantaneously, reach out to the general public, and media organisations.

NATO also supports efforts, such as at the UN and OSCE, to maintain peace and security in cyberspace and to promote stability and reduce the risk of conflict.

Dear Major General, thank you very much for the interview!

Major General José Luis Triguero de la Torre

Major General José Luis Triguero de la Torre joined the Spanish Air Force Academy in 1975. During his more than 35 years’ experience in major CIS and C2 systems, he participated in the specification, develop­ment, acquisition, implementation and management of systems at different levels of responsibility. He has extensive experience related to Cyber Defence. In March 2016, MGen Triguero took up the post of Director, NATO Headquarters Consultation, Command and Control Staff (NHQC3S) at NATO Headquarters. He is married and has three grown-up sons and one granddaughter.


Download PDF here

All articles in this issue

More Respon­sibility for ­Cyberspace – But How?
Götz Neuneck
"Cyberwar": Past and Present of a Contested Term
Philipp von Wussow
Prospects for Peace in the Cyber Domain
George R. Lucas, Jr.
Of Cyber, War, and Cyberwar
Eneken Tikk, Mika Kerttunen
Risky War Games: Why We Can Only Lose in the Cyberwar
Anke Domscheit-Berg
Cyber Security and Cyber Defense – Greater Protection Through Interministerial Collaboration
Andreas Könen

Specials

Ludwig Leinhos
José Luis Triguero de la Torre
Matthias Friese