NATO officials at a conference in Estonia are discussing the risks of cyberattacks, and talking up the possibility of invoking Article 5, an alliance-wide obligation for member nations to come to the military defense of the attacked nation, in the event of “certain” cyberattacks.
CyberProject Director Catherine Lotrionte said there would need to be a “legal threshold” for the triggering of Article 5, and that such an action would need to only be considered in the case of a “grave threat” which is also “current,” and not in retaliation for something that happened years ago.
Gen. Christos Athanasiadis said there were be a much different reaction today than there was back in 2007 when a coordinated denial of service attack caused major interruptions across Estonia, including on its military and infrastructure networks. It’s not clear if that exactly means such a DOS attack, if carried out today, would lead to a NATO-wide declaration of war, however, or if the alliance would just feel obliged to do “something.”
Estonia suspected that the 2007 incident was Russia, and indeed, hardly a hack goes by that someone doesn’t try to pin on Russian hackers, this could make the possibility of invoking Article 5 a ticket to World War 3 the next time a big hacking attack hits a NATO member nation and someone gets the urge to throw blame their way.
Athanasiadis said there would be a “strong conventional response” if something happened to Estonia’s Internet now. Lotrionte made clear, however, that the threshold for such a declaration needs to be much higher than just accusations of propaganda being spread on social media, which is the most common allegation thrown at Russia, and can be depended upon to come up every time a NATO nation has a close election.