NATO decides cyber attacks could trigger collective defence clause

North Atlantic alliance is moving cyber into the domain of the military, alongside land, sea, and air capabilities.
Written by Chris Duckett, Contributor

Secretary General Jens Stoltenberg: NATO will recognise cyberspace as an operational domain like air, sea, land, and space.

Image: NATO

Article 5 of the North Atlantic Treaty which states an attack on one NATO member is consdiered an attack on all, is being extended into the realm of cyber warfare.

Speaking to journalists on Wednesday, NATO Secretary General Jens Stoltenberg said the collective defence articles could be invoked in the face of a cyber attack.

"We have also decided that a cyber attack can trigger Article 5 and we have also decided -- and we are in the process of establishing -- cyber as a military domain, meaning that we will have land, air, sea, and cyber as military domains," he said. "All of this highlights the advantage of being an alliance of 29 allies because we can work together, strengthen each other, and learn from each other."

In response to the Petya attacks that began in Ukraine, Stoltenberg said NATO was helping the country improve its cyber defences.

"NATO has established a trust fund for cyber defence where we finance the programs, the activities we do," he said. "I think that the cyber attacks we have seen this week very much highlight the importance of the support, the help NATO ... provides to Ukraine to strengthen its cyber defences, technical and other kinds of support.

"We will continue to do that and it's an important part of our cooperation with Ukraine."

The Secretary General said NATO was strengthening its own networks and those of its allies, and was conducting more exercises in the cyber domain.

A day after the Petya outbreak began, at least 2,000 attacks have been recorded in over 64 countries.

Microsoft confirmed yesterday via its telemetry data that a number of initial infections occurred via Ukraine-based tax accounting software MEDoc.

"Although this vector was speculated at length by news media and security researchers -- including Ukraine's own Cyber Police -- there was only circumstantial evidence for this vector. Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process," Microsoft said.

On Wednesday, production at Cadbury's famous chocolate factory in Hobart, Australia was ground to a halt after its parent company was engulfed in the malware attack.

Australia Minister Assisting the Prime Minister for Cyber Security Dan Tehan said on Thursday that no federal or state departments or agencies had been impacted.

NATO had in February warned that cyberattacks threatened democracy.

"Cyber is facilitating more advanced and more effective psychological warfare, information operations, coercion, and intimidation attacks," NATO deputy assistant secretary general for emerging security challenges Jamie Shea said at the time.

"We used to worry about [hackers targeting] banks or credit cards or inconvenience to customers, now we worry about the future of democracy, the stability and health of our institutions."

With AAP

Editorial standards