In Munich, Germany, NATO’s deputy secretary general stated that the alliance must be prepared to retaliate and increase the cost of cyber and hybrid attacks for Russia and China. This comes as Western nations confront escalating threats to their power grids, government services, and private networks.
During the Munich Cyber Security Conference, Radmila Shekerinska highlighted that the security landscape has grown “more complex” and “more contested.” Adversaries are now active simultaneously in both physical and digital domains.
Shekerinska noted a global trend, particularly within the region, where both Russia and China pose challenges. These challenges manifest concurrently in both the physical and digital realms.
Moscow and Beijing are reportedly strengthening their defense industries, sharing dual-use technologies, and increasing investments in advanced and disruptive capabilities, such as offensive cyber tools. These operations are frequently structured to obscure accountability and enable plausible deniability.
This situation significantly complicates the overall security landscape.
Adversaries of NATO are not solely targeting military systems; they are also attempting to degrade critical infrastructure, disrupt government and private services, and conduct espionage against Western societies.
An example cited was a series of incidents in Poland during December, involving coordinated cyberattacks aimed at disrupting critical energy infrastructure. While the attack was thwarted, its potential impact on energy supplies for vital sectors of Polish society would have been substantial.
Such incidents highlight the inherent dangers in the current global environment.
NATO’s response involves reinforcing defense, enhancing innovation and production, and emphasizing resilience. A significant outcome from the alliance’s recent summit in The Hague was the commitment to “prioritize defense,” with cyber defense being a central focus.
Increased investment in critical cyber communities is necessary, along with imposing costs on those who seek to cause harm. Furthermore, NATO aims to improve integration among governments, militaries, and industry.
New spending commitments from the summit were mentioned, where allies agreed to raise total spending to 5% of GDP over the next decade. Of this, 3.5% is for core defense, and an additional 1.5% is designated for indirect defense and resilience, encompassing cybersecurity capabilities.
Concerns exist that the indirect spending component might allow member states to reclassify existing activities instead of developing new capabilities, a point raised by British parliamentarians in a warning.
Although NATO has established accounting rules for core defense spending, a standardized definition for civilian investments under resilience spending is absent. This category could include safeguarding energy systems, logistics hubs, supply chains, and critical national infrastructure. Critics caution that this lack of clarity might lead to creative accounting practices among allies.
Regarding the indirect defense expenditure commitment, it was explained that military capabilities must now incorporate cyber threat considerations during design and exercises, with cyber elements increasingly integrated into NATO drills.
Certain allies have shown increased willingness to publicly attribute hostile cyber activities. The United Kingdom’s decision to blame Russia for malicious cyber operations and to expose China-based companies for “reckless and irresponsible” attacks was highlighted as an example.
Germany’s efforts to bolster its national countermeasures were also mentioned, despite ongoing internal debates regarding the appropriate legal framework for its intelligence and security services to counter adversaries effectively.
While these individual elements are crucial, the overarching objective involves taking decisive action and possessing the capability to retaliate.
Faster and more coordinated responses are essential to alter the “risk calculus” of NATO’s adversaries. This approach aims to increase the cost and risk associated with their actions.
As an alliance of 32 nations, NATO is well-suited for information sharing, fostering innovation, and coordinating collective cyber defense. However, securing cyberspace requires a collaborative “team effort” involving the military, civilian authorities, and industry.
Attention was drawn to NATO’s integrated cyber defense center, initially reported by Recorded Future News. This center unites military and civilian personnel with industry experts to evaluate vulnerabilities, analyze threats, and advise commanders on risks to both military and civilian networks.
The interdependence was described as a “two-way street,” where military operations depend on civilian networks, and civilian networks benefit from military support and protection.
Aligning with the call for partnerships from U.S. National Cyber Director Sean Cairncross, NATO’s stance is that “no one stands alone,” particularly in cyberspace, where geographical boundaries are less significant and attacks can propagate rapidly.
Through increased investment in capabilities, readiness to impose costs, and close collaboration with partners, the alliance seeks to enhance deterrence and improve the protection of its members in the digital era.
