NATO is not in a position to defend against persistent cyber-attacks backed by Russia and China because member states have been hesitant in leading a cyber defence policy to block or to respond to hackers, says Ambassador Sorin Ducaru.
NATO’s reluctance in building an Internet wall has enabled state-sponsored hackers to conduct successful cyber-attacks and has also made it difficult for NATO countries to track them.
Ambassador Sorin Ducaru, a Senior Fellow at the Hudson Institute who was the former NATO Assistant Secretary General for Emerging Security Challenges, said in an address at the House of Commons that NATO has not been able to fight effectively against cyber attacks emanating from Russia and China partly because member nations are in denial about the cyber warfare waged by the two countries and because NATO commanders have to indulge in ‘political balancing acts’ to keep member states happy.
To begin with, NATO formerly recognised cyber warfare as a traditional area of battle, aside from land, sea and air, as late as in 2013. Even though four years have passed since that recognition, NATO members have been unable to militarise their internet and create walls that could deter professional hackers sponsored by enemy states.
On the other hand, firewalls and controls set up by Russian and Chinese governments enable their hackers to hide behind such boundaries to escape detection after committing cyber attacks on European infrastructure and political institutions.
‘Cyber favours offence because the defender needs to close every gate while an attack only needs to find one gate.
‘A sense of not jumping or not sending signals of an intention to militarise cyberspace, when the evidence was there that everything that was coming from the opponent’s side was militarised,’ said Ducaru.
His views come at a time when the U.S. government is mulling the use of nuclear weapons to respond to significant cyber threats like cyber attacks on military command posts and communication lines, power grids, telecommunications, and other critical infrastructure organisations that service millions of citizens.
Back in May last year, Hans-Georg Maassen, president of the BfV agency which is entrusted with keeping the Constitution secure, called for a new law to enable Germany to attack and damage offshore servers used by state-sponsored hackers to prevent them from conducting further cyber-attacks.
“We believe it is necessary that we are in a position to be able to wipe out these servers if the providers and the owners of the servers are not ready to ensure that they are not used to carry out attacks,” Maassen said.
While naming APT28, ATP10 and ATP29 as prominent Russian hacker groups, Maasen cited a spate of cyber-attacks perpetrated by them, including one conducted on the Bundestag in May 2015 which resulted in the loss of large amounts of data. Angela Merkel’s Christian Democratic Union (CDU) was also at the receiving end of most of these cyber-attacks.
However, no such law has been introduced so far by Germany or by any other NATO country, thereby signifying that they will continue to face sustained cyber-attacks in the coming years because of a lack of direct response to such threats.