At the Warsaw Summit this weekend NATO heads of state officially recognised cyberspace as a military operational domain along alongside air, land and sea. Effectively the world's largest military alliance has confirmed the internet should now be considered a potential digital battlefield.
As countries have become reliant on the internet and other systems to operate, these networks also have become more attractive targets for military planners - especially when hacking can have real world consequence like the attack on the Ukrainian power grid which cut off electricity to hundreds of thousands of customers.
But it has taken NATO a long time to work out how it should respond to such attacks: in 2014 it decided that a major attack on a member of the alliance could invoke its collective defence clause. And now designating cyberspace as an operational domain means that the alliance will put more focus on training and military planning. It said: "It will also give NATO a better framework to manage resources, skills, capabilities and coordinate decisions."
NATO's decision is a significant, if grim, milestone: but it also poses some big questions:
1. Will NATO members really spend more on cyber defence as a result?
Alliance members will now be prodded to spend more on cyberdefence, but defence is an area which many have neglected: only five members spend the two percent of GDP on defence that NATO would like anyway.
NATO is setting targets for members' cyber defence capabilities through its defence planning process and said "In 2017, further cyber defence capability targets will be agreed." But cyber defence is expensive and complicated, and part of the problem is that the alliance is only as strong as the weakest link. On top of that, most of the networks likely to be targeted in any conflict are civilian, which means asking companies to boost their own defences.
2. What about cyber offence?
While NATO stresses that its mission is purely defensive, some members (most obviously the UK and US) have been working on offensive capabilities too. NATO still hasn't said much about how, if, and when it would be willing to strike back against attackers in the digital realm and it's own cyberwarfare think tank has warned: "Given that NATO accepts the applicability of collective defence in cyberspace, allies should develop the full range of military capabilities to defend the alliance and its interests." That means NATO's cyberdefence policy will likely evolve further.
3. How will the rest of the world react?
This is the big question. Now that NATO has put cyberwarfare on the agenda, will that make other countries feel they need to spend more on cyberdefence as well, and what is that likely to mean? What does this do to the ongoing cyber arms race that some experts have warned about? Or will NATO's move deter states from backing hackers who might want to meddle with the critical systems of other nations?
4. Does cyberwarfare even exist anymore?
Some schools of thought suggest that cyberwarfare is already old hat and being merged with the more complicated hybrid warfare; a combination of disinformation, hacking and online propoganda that's even harder to deal with, which means that NATO could be simply responding to yesterday's problem.
ZDNet's Monday Morning Opener
The Monday Morning Opener is our opening salvo for the week in tech. As a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and the US.