NATO Expands Cybersecurity Activities
From partnerships with industry to dual-use AI cyber capabilities, the alliance is playing the field.
NATO is doubling down on cyberspace defense with increased partnerships and new technology thrusts. Information exchanges on threats and solutions, coupled with research into exotic capabilities such as artificial intelligence, are part of alliance efforts to secure its own networks and aid allies in the cybersecurity fight.
The threats the alliance networks face constitute relatively the same ones confronting other organizations. NATO faces the double challenge of securing its own networks and information assets, as well as helping its member nations improve their own national cyber resilience.
In the past, NATO viewed cybersecurity as somewhat of a technical challenge. But that perspective evolved over time as the cyberscape underwent changes. This came less from choice and more of necessity as a result of the amount and content of malicious cyber activity, explains Christian Lifländer, head of section, Cyber Defense, Emerging Security Challenges Division, NATO.
NATO does not have any tanks, ships or aircraft, with a few exceptions such as the AWACS aircraft operated from Geilenkirchen Air Base in Germany. However, when it comes to cyber defense, NATO has its own capability that defends its networks and maintains their operation in the face of adversarial actions.
Unlike combat forces, cyber defenders are all NATO staff members. This force is not dependent on individuals loaned from member nations. Instead, it staffs its own personnel to form a core of cybersecurity expertise.
One constant over the next few years will be the need to remain resilient, Lifländer states. NATO networks must be built and operated in ways that deny benefits to cyber attackers. This includes NATO being able to run networks in a degraded environment. Yet this is easier said than done, he offers.
While NATO will continuously work to improve its cyber defense, its adversaries also will become more sophisticated and capable. “The changing threat landscape will continue to challenge us,” Lifländer says.
“I don’t really think there will be an endpoint where we can declare mission accomplished,” he states. “It is a continuous task, a continuous mission, making sure that networks are well-defended.”
The alliance is looking to manage risk differently, he offers. “It’s not only a technical risk that we’re looking at; it’s a risk to a mission.” The alliance must be certain that an operational commander is able to operate in cyberspace with the same freedom of maneuver available on land, at sea and in the air.
National cybersecurity resilience also presents the dichotomy of continuity and change. Member nations often face threats to their critical infrastructure or other soft elements in addition to hardened government networks. Attackers can be nation-states, organized criminals, individual hacktivists or even those working as proxies, although the vast majority of attacks are nonstate activities such as ransomware. “NATO’s role in helping allies improve national resilience will become even more critical,” Lifländer offers.
And NATO is no different in terms of potential threats to its networks. The alliance is looking at issues such as military supply chains, training and education, situational awareness and resourcing cyber defense. But Lifländer emphasizes that NATO does not want to fall into the trap of viewing cybersecurity as simply a technology issue. This brings into play training and cyber hygiene, he notes.
Neither the alliance nor its member nations have unlimited resources for cyber defense, so they must ensure that their resources are applied effectively, Lifländer notes. NATO will serve as an important facilitator for allies as they develop their national cyber capabilities.
“It starts with resources. If you’re not spending resources, you’re not going to improve,” he declares.
Lifländer offers that NATO is one of the most sophisticated cyber actors among international organizations, and that comes from both its mandate and its partnered approach. “We have quite understood that no one, however powerful, can go it alone,” he declares. “You need to cooperate. That’s a prerequisite in order to do your job well.”
NATO’s network has a global footprint, and the alliance is responsible for its cyber defense. The member nations are responsible for their own national networks. But, Lifländer points out, dedicated cyber attackers do not necessarily differentiate between the two types. Depending on vulnerabilities, they can be exploited in both sets of networks, he says.
Cybersecurity among NATO and its members is almost symbiotic, he continues. Malicious activity that takes place in NATO’s network almost certainly can be found in individual nations’ networks, which increases the importance of information sharing among the allies. Such malicious cyber activity can target military aspects as well as have effects on the civilian critical infrastructure. Because of these linkages between military and civilian spheres, NATO is working on critical infrastructure protection, including telecommunications.
“Not making sure that your national networks are well-defended can create and introduce a vulnerability that can also be exploited for political purposes,” Lifländer offers. “It can undermine unity or allied cohesion for some other purposes.”
The alliance’s partnership with industry also gives it insight into the threat picture. Lifländer notes that recent cyber attacks on businesses have placed industry in the role of first responder, and NATO will continue to build that cyber relationship with industry—especially with the private sector being the operator of so many networks. “Making sure we are able to create these win-win situations with NATO and industry is important as we move forward,” he warrants.
NATO has emplaced a means of information sharing by which the alliance can build an “ecosystem” that shares cyber incident information on a technical level. Lifländer emphasizes that NATO is providing the platform that boosts sharing among participants. This will benefit both NATO and its member nations, he adds.
Another key cybersecurity thrust, Lifländer continues, is to understand new and emerging technologies better. The alliance wants to harness the capabilities of artificial intelligence (AI) for network defense, for example. This effort aims at helping both NATO and allies’ networks. Several proofs of concept already have been conducted to improve and expand AI capabilities and algorithms.
NATO already is using AI for routine work in what Lifländer describes as “a man-machine interface” to defend its networks. These involve operations that are too complex to be covered completely by humans, and they focus on informing human decision making.
The future of AI in NATO will depend on data sets and algorithms, he observes. “How to grow that AI and how to make sure it actually understands and performs the way we want it to perform is going to be a bit of a challenge,” he predicts.
Lifländer cautions that, while many talk about AI as if it were a panacea, realizing its potential will take some time before it can be applied meaningfully. “I would give it some time and not get carried away, but certainly I think this is the way of the future,” he posits. The proofs of concept and prototypes already in existence indicate that AI potentially can be a game changer in the future.
And, as with any technology, AI could be used for offensive purposes. “There’s no reason for an AI not only to learn how to defend your enterprise, but also be able to learn from somebody else’s network defenses and be able to penetrate them,” Lifländer says. “It is a tool that I think will have a dual-use purpose in this regard. Many organizations are looking at AI to understand how to defend themselves—NATO included.”
A sense of urgency is needed for future cybersecurity development, Lifländer says. “We cannot afford to stand still,” he declares, analogizing that even standing still would require hard running. Moving ahead requires a better understanding of how technology operates, improving the alliance’s government structures, looking at how cyber defense is resourced and technology is acquired, along with the way talent is recruited and developed. Cyber goes beyond being a tactical challenge, he emphasizes. “It is an operational challenge, a strategic challenge.”
He continues that NATO must establish and emplace strategies that go beyond basic security measures. Lifländer advocates strategies that signal to cyber marauders that there are thresholds they should not attempt to cross and systems they should not attempt to breach and that impose costs on them should they act in a way that is deemed unacceptable. These measures will be necessary to maintain a degree of stability in cyberspace.