NATO defense ministers hold their first review of cyber defense next week in a sign the issue is making its way to the top of the alliance’s agenda as fears grow that Western infrastructure and military secrets are vulnerable to hackers.
Daily reports about government and private firms’ computer systems coming under attack have highlighted the importance of defending NATO computer networks, particularly systems which are used to coordinate military actions among the 28 allies.
The Pentagon accused China this month of using cyber espionage to modernize its military, which Beijing denied. The Washington Post said this week that Chinese hackers have gained access to designs of more than two dozen major U.S. weapons systems.
Electronic attacks could be used to knock out military communications and disable key infrastructure to soften a country up for a conventional military strike.
NATO systems face “regular” computer attacks, according to Secretary-General Anders Fogh Rasmussen.
“So far we have successfully protected our systems. And we will continue to develop and to strengthen our cyber-security,” Rasmussen said in March.
NATO defense ministers, including U.S. Secretary Chuck Hagel, meet on the issue in Brussels on Tuesday and Wednesday.
“The challenge evolves all the time – probably more exponentially than any other type of threat that we face at the moment – and therefore we have to make certain that NATO keeps pace with that evolving threat,” said a senior NATO official, speaking on condition of anonymity.
NATO was alerted to the threat of cyber attacks in 2007, when NATO member Estonia’s Internet network was paralyzed by an electronic attack that Estonia blamed on Russia.
The incident prompted NATO to review its readiness to defend against cyber warfare. NATO’s cyber defense centre of excellence, which offers expertise on cyber defense to allies, is based in Tallinn, the Estonian capital.
The alliance approved a revised cyber defense policy and an action plan to strengthen defenses in 2011. It is also working to bring cyber defense into NATO’s normal planning process in the same way as aircraft or other military capabilities.
From this year, all NATO allies are committed to introducing a national policy on cyber defense, a national cyber defense authority and an instant response capability to cyber threats.
The main focus of the alliance itself is on protecting its own information systems. It says it is not developing offensive capabilities.
A debate is under way about how much help NATO should give to individual allies.
“While bigger allies may have a sufficient capacity to protect their own systems against cyber-attacks … small allies maybe don’t,” Rasmussen said in March. “In that case, I think we should have a capacity to help allies that request our assistance,” he said.
But one NATO diplomat said large allies, such as the United States, Britain, France and Germany, disagree.
NATO has also been looking at whether it needs to expand its role in protecting vital infrastructure such as ports, electricity grids or pipelines, fearing they are vulnerable to attacks from terrorists or hackers.