Security community urges caution on offensive cyber defence


Some Nato countries are reportedly considering responding to cyber attacks with offensive cyber strikes, but security industry commentators warn of dangers.

Seven of the 29 Nato countries are reportedly considering using cyber attacks designed to bring down enemy networks in response to state-sponsored cyber attacks.

The UK, the US, Germany, Norway, Spain, Denmark and the Netherlands are drawing up cyber warfare principles, according to Reuters.

The group of Nato countries aims to reach agreement by early 2019 about what justifies deploying cyber attack weapons.

News of the move comes after months of growing accusations that countries such as Russia, China and North Korea are using hacking groups to undermine Western democratic processes and steal intellectual property.

UK officials said recently that they have intelligence showing persistent Russian cyber hacks aimed at UK and other European energy and telecommunications networks, coupled with online disinformation campaigns.

“There is a change in the [Nato] mindset to accept that computers, just like aircraft and ships, have an offensive capability,” said US navy commander Michael Widmann at the Nato Cooperative Cyber Defence Centre of Excellence.

As far back as 2011, UK officials revealed that the UK was developing cyber weapons to help counter growing cyber threats to national security, while the US is also known to have cyber weapons, with US officials also declaring in 2011 they would respond to hostile cyber attacks.

Some Nato allies reportedly believe that shutting down an enemy power plant through a cyber attack could be more effective than air strikes.

Cyber threats are one of the most pressing priorities for Nato, Sorin Ducaru, the organisation’s assistant secretary general for emerging security challenges, told the CyberSec European Cybersecurity Forum in Krakow in October 2017.

Cyber threats have been on Nato’s radar since 2002, he said, but it was only in 2014 that cyber was linked to Nato’s mission of collective defence, and in the 2014 update to the cyber defence policy, Nato made an explicit link between cyber attacks at a certain threshold and the invocation of a Nato article 5 collective defence as part of the treaty.

Continue reading…