NATO has confirmed it now considers cyberspace to be a potential front line in conflict, with members of the military alliance pledging to boost IT security spending and information sharing.
The announcement was widely expected but is the second update to NATO's cyber defence strategy in two years, as the alliance has gradually worked out how to deal with a new threat landscape, which now includes state-backed hackers and attacks on the systems controlling critical infrastructure alongside tanks and rockets.
NATO Secretary General Jens Stoltenberg said that defining cyberspace as an "operational domain" alongside land, air, and sea would mean better protection of its networks, missions, and operations.
"NATO's cyber posture remains defensive," he said. "But this is a clear sign that we are strengthening our collective defence in all areas. Allies have also pledged to strengthen their own cyber defences, and share more information and best practices."
He added: "NATO's security depends on all our nations being prepared. So today, allies committed to boosting their resilience, to improve civil preparedness, and ensure we have the right mix of capabilities to meet new challenges, including hybrid warfare."
NATO's "cyber defence pledge" sees members of the alliance promising "in recognition of the new realities of security threats to NATO" to be capable of defending themselves in cyberspace as in the air, on land, and at sea.
Members said they will bolster the cyber defences of national infrastructures and networks: "Our interconnectedness means that we are only as strong as our weakest link. We will work together to better protect our networks and thereby contribute to the success of allied operations."
The document pledges members of the alliance to strengthen the security of national networks and infrastructures "as a matter of priority". This would include:
- Addressing cyber defence at the highest strategic level within defence organisations, integrating cyber defence into operations;
- Allocating "adequate" resources nationally to strengthen our cyber defence capabilities;
- Improving communication between national cyber defence agencies;
- Improving understanding of cyber threats, including the sharing of information and assessments;
- Enhance skills and awareness of "fundamental cyber hygiene" through to the most sophisticated and robust cyber defences;
- Improve cybersecurity education, training and exercises;
- Speeding up implementation of cyber defence commitments including for those national systems upon which NATO depends.
NATO said in order to track progress on the delivery of this, an annual assessment "based on agreed metrics" will take place, and progress will be reviewed at the next NATO summit.
It's not clear what impact this pledge will have, as questions remain about the level of spending that some members will allocate to cyber defence, and NATO is vague about whether members would use digital weapons to strike back against aggressors. It also remains to be seen how other nations around the world are likely to respond to the alliance's new posture.
Read more on cyberwarfare
- The government's encryption plans remain impossible to decipher
- The new art of war: How trolls, hackers and spies are rewriting the rules of conflict
- Inside the secret digital arms race: Facing the threat of a global cyberwar
- Surveillance laws need rethink, but bulk collection of web data will continue
- The undercover war on your internet secrets: How online surveillance cracked our trust in the web
- The impossible task of counting up the world's cyber armies
- Encryption: More and more companies use it, despite nasty tech headaches