To NATO or Not to NATO

It’s an acronym that’s everywhere lately, on the news, on social media, and in regular conversations. What is it though, and what does joining it mean for the cyber welfare of a nation?

The treaty was born in 1949 out of a need for international security after World War Two. Europe was ravaged by Hitler and the chaos he’d wrought, but on the not-so-distant back burner were the Soviet Union and communism. Naturally, this conflicted with other countries that preferred a more democratic approach. These countries, all war-weary, decided to create an alliance that was specifically for northern Atlantic nations. They’d defeated Hitler’s armies, and by banding together they would present a formidable force designed to make the Soviet Union think twice before launching attacks.

According to the NATO website it’s 14 articles long, whose “primary aim…was to create a pact of mutual assistance to counter the risk that the Soviet Union would seek to extend its control of  Eastern Europe to other parts of the continent.” A large part of this defense is now cyber security which wasn’t an issue when the original treaty was created. Since warfare is usually waged on physical fronts the original articles were written for land, naval, and aerial war, but according to NATO has determined that “Cyber-space is now the 5th domain of warfare.” Since technology is increasingly sophisticated and NATO is a particularly desirable target for ne’er do well hackers it’s vital to have a special defense for it.

Their website states how “NATO and its Allies rely on strong and resilient cyber defenses to fulfill the Alliance’s core tasks of collective defense, crisis management, and cooperative security.” Back in 2013, it was determined that NATO would set up these cyber-defense rapid reaction teams. A successful attack would have wide-reaching implications making the need for this team even greater. An article in securityweek discussed the initiative stating, “we agreed to establish rapid reaction teams that can help protect NATO’s systems… cyber-defense capability should be fully operational by the autumn… This is the first phase. A second phase would be to look into how the alliance can respond to requests from Allies who come under cyber-attack.” The member countries of NATO have access to the protections this specialized team provides 24/7. The demand and need for significant cyber responsibility led to the realization that a partnership was necessary across multiple industries. As a result, the NATO Industry Cyber Partnership (NICP) was formed.

NATO Secretary-General Jens Stoltenberg with Sven Mikser, Minister of Defence of Estonia stated in 2014, “Cyber-attacks can be as dangerous as conventional attacks. They can shut down important infrastructure. They can have a great negative impact on our operations… We are prepared for attacks that might happen in the future. Cyber-attack is something that is happening every day. And we are responding every day to different kinds of cyber-attacks.” The 12 objectives of the NICP are as follows:

  • Improve cyber defence in NATO’s defence supply chain;
  • Facilitate participation of industry in multinational Smart Defence projects;
  • Contribute to the Alliance’s efforts in cyber defence education, training and exercises;
  • Improve sharing of best practices and expertise on preparedness and recovery (to include technology trends);
  • Build on existing NATO initiatives for industry engagement, providing specific focus and coherence on the cyber aspects;
  • Improve sharing of expertise, information and experience of operating under the constant threat of cyber attack, including information on threats and vulnerabilities, e.g. malware information sharing;
  • Help NATO and Allies to learn from industry;
  • Facilitate access by Allies to a network of trusted industry/enterprises;
  • Raise awareness and improve the understanding of cyber risks;
  • Help build access and trust between NATO and the private sector;
  • Leverage private sector developments for capability development, and;
  • Generate efficient and adequate support in case of cyber incidents.

The evolution of NATO’s cyber department prompted the creation of a new position for chief information officer. In September 2021 The Stack released an exclusive article stating, “NATO has hired its first Chief Information Officer (CIO), appointing Manfred Boudreaux-Dehmer to the newly created role — which answers directly to the alliance’s Secretary-General… As NATO’s first CIO, he faces what a senior NATO leader previously described to The Stack‘s founder Ed Targett as a “challenging environment… also picks up overall cybersecurity responsibilities as “the single point of authority for all cybersecurity issues”. This massive responsibility and the teams associated with it have their hands full trying to protect the allies’ cyber worlds. This includes all kinds of information owned by the NATO members such as libraries, museums, schools, banks, retailers, etc. Is it a wonder countries that are not members wish to join the ranks? This collective defense is detailed in NATO’s Article 5 f a NATO Ally is the victim of an armed attack, each and every other member of the Alliance will consider this act of violence as an armed attack against all members and will take the actions it deems necessary to assist the Ally attacked.” This includes cyber attacks. It is left up to the member countries to determine if and what kind of measures to take against the aggressor nation.

It’s no small wonder that NATO would be both beloved and despised depending on what your political ideologies are. Many prefer the security and collective defense provided by the organization, while others prefer sheer dominance to maintain order. If it were up to you, would you be part of NATO?

By Gretchen Hendrick Gardella, MLIS

Gretchen Hendrick Gardella is a Librarian with administrative, research, and vast technical skills. Ms. Gardella brings over 16 years of experience working in academic and public libraries to the discussion.