Cyber Security Aspect of the 2024 NATO Summit

[Update] July 11, 2024: “Washington Summit Declaration”

The idea of building alliances was already important for increasing the security of kingdoms and lands way before the 20th century. After WWII, fostering international cooperation in various domains became crucial for ensuring global security. The general idea behind this trend during the 20th century was that if nations were bonded to each other with various treaties and international organizations, they would be more inclined to work together and less likely to be drawn into conflict.

This logic gathered followers from all around the world, but the system that was built couldn’t operate without flaws. Now, one of those organizations, one that was built exactly to protect member nations from conflict, is facing a significant threat. A threat that reminds that organization why it was built in the first place and helps the member states to collaborate. Secretary General Stoltenberg stated that this is the biggest overhaul of collective defense and deterrence since the Cold War.

On April 4, 1949, a treaty was signed in Washington, DC, in response to growing threats from the Soviet Bloc following World War II. Today marks the 75th anniversary of the resulting organization, which is once again gaining significance due to threats originating from the Russian Federation. The summit this year will take place on July 9-11 in Washington, DC, and we discussed what might be the main focus of the talks.

The Importance of NATO for the West

NATO has played a critical role in shaping the geopolitical environment and protecting the stability of its member states. The organization is providing a framework for collective defense, political unity, military interoperability, and adaptation to emerging threats.

One of the most important aspects of NATO is Article 5 of its treaty. It states that an attack on one member is considered an attack on all members. When this is evoked, all the members of the Alliance can retaliate. The amount of power the Alliance holds and the level of instability this will bring causes nations to avoid conflict with member states.

Other than Article 5, the general collective defense mechanism the Alliance developed over the years is a powerful deterrent against any potential initiative. Due to this mechanism, the member states know how to cooperate with each other. Other than the cooperation side of this mechanism, the standards set by the Alliance allow member states to invest their resources into products that can be utilized by all members. This compatibility on several levels is a multiplier effect.

Another aspect of the Alliance is related to its willingness to set the peace for its close perimeters. By not turning a blind eye to the problems surrounding its member states, NATO not only ensures security at home, but also prevents the creation of favorable environments for threats by ensuring regional security. The Alliance achieves this by either capacity building efforts or aids.

NATO recognizes that security is not a static phenomenon. For this reason, it has taken steps to protect member states against new threats that have emerged over the years by keeping pace with the changing threat landscape. The Alliance has evolved to address non-traditional threats such as terrorism, cyber-attacks, and hybrid warfare over the years.

For a long time, there were questions about what this security was being built against. The necessity of NATO was questioned when the purpose for which it was established disappeared. But today’s events show that thanks to the practices and standards that have been followed over the years, the West today is well prepared for the threats that suddenly appear in front of it. Taking all these points into account, it is safe to say that NATO is of great importance for the security of the West and that the steps taken so far have provided a useful shield for member states at a crucial time in history.

NATO’s Approach to Cybersecurity

In an effort to protest the airstrikes on Serbia, hackers conducted a DoS attack to shut down access to NATO’s websites and email servers in 1999, resulting in the alliance’s first cyberattack. Since then, cyberspace has been part of NATO’s security structure. With the rapid increase of activities in cyberspace, NATO recognized it as a domain of operations in July 2016 and and cyber defense became one of NATO’s core tasks.

At the time, it was not that easy to assess systems’ strength against those kinds of attacks. How could you know if your systems were strong enough to handle a DoS attack? Now SOCRadar provides a free service for you to assess it. You can go to SOCRadar Labs and try our free DoS Resilience tool to check your domain’s or subnet’s resilience against DoS attacks.

Currently, NATO’s understanding of cyberspace consists of two parts. The first part is to protect its own networks and operate in cyberspace for the Alliance’s operations. The other part is to enhance member states’ national resilience in various ways, such as acting as a platform for discussion among member states and developing an understanding of possible responses to cyber incidents. NATO also promotes education to increase cyber capabilities.

Allies, in addition to NATO, are crucial to the alliance’s cybersecurity strategy. By endorsing international law and voluntary standards of responsible state behavior in cyberspace, the member states work to improve stability and lower the likelihood of conflict. They advocate for a free, open, peaceful, and secure cyberspace.

What Happened at the 2023 Vilnius Summit? A Short Summary of the Official Communique from NATO

According to the communique published by NATO after the 2023 Vilnius Summit, the main focus for the member states was the threats from the Russian Federation and the People’s Republic of China. The Alliance pays attention to the activities of these nations in Africa, the Middle East, the Balkans, and Georgia as well as their use of asymmetric threats and emerging technologies for disruptive purposes.

SOCRadar has prepared an extensive report on the cyber activities of Russian and Chinese actors, where we covered the influence of the governments on cybercrime, APT groups, and the impact of world events. To read the report and have an extensive look at the threat landscape, you can check it here.

It is noted that the hybrid actions of Russia and its proxies are visible to NATO. Disinformation campaigns and cyber activities are tracked, and NATO is working to counter these threats to ensure the safety of the Alliance. The same principles also apply to Ukraine. NATO alone and also in cooperation with the European Union is carefully working against Russian disinformation campaigns and cyber threats targeting Ukrainian organizations even though Ukraine is not a member state.

On the China side, the Alliance was aware of Beijing’s goal of increasing their influence in various regions through political, economic and military tools as well as how they conduct their hybrid and cyber operations. China’s aim of controlling key technological and industrial sectors presents another challenge for the Alliance and member states in terms of creating strategic dependencies.

The Communique also mentioned how the Alliance is alerted and ready to counter any challenge presented to it from any direction. This is achieved through continuing efforts to create a coherent military structure among member states.

Considering the invasion of Russia and the importance of real-life threats, a significant portion of the Communique is dedicated to cyberspace. The Alliance is aware of the wide threat landscape and threat actors targeting various organizations. Cyber is described as a feature of modern conflict and NATO is actively working to counter cyber threats targeting the democratic systems as well as the critical infrastructure. Just like the other domains where NATO operates, the Alliance is ready to allocate resources in order to deter, defend against, and counter the full spectrum of cyber threats, including by considering collective responses. The Communique also states that in cases where the level of cyber-attacks reaches the level of an armed attack, Article 5 can be invoked.

The highlight of the possibility of joint operations against threat actors can be considered a significant step in the cyber domain. For the physical world, the possibility of invoking Article 5 because of cyber threats is also a serious statement against state-sponsored threat actors.

NATO’s commitment to protecting certain regions outside of the member states’ borders is also an important aspect of the organization. Even though this approach increases the threat landscape and the possibility of a conflict for the Alliance and, therefore, member states, the fact that NATO is interested in the protection of those lands creates an overall security blanket for a wider region.

Expectations from the 2024 Summit

As we can see from the statements from the previous years as well as the latest developments, the primary threat to the Alliance is the Russian aggression that started back in 2022 February. While the cyber aspect of this conflict is significant, the existing battlefronts can be still the top priority for the Alliance this year.

NATO member states face various challenges, including financial limitations and difficulties in recruiting new military personnel to address those top priorities. To address these issues, NATO requires increased funding, which should be strategically allocated to enhance military capabilities.

This need for funding was discussed during the Trump administration. Given that the US position and geopolitical needs remain unchanged after the elections, it is reasonable to assume that these needs have persisted. The Biden administration has not emphasized these points as explicitly as the Trump administration did. However, with Russia threatening Europe’s security landscape, both the US and Europe stand to benefit significantly from the availability of these additional funds.

To secure these additional funds, NATO must encourage member states to increase their financial contributions. This heightened funding will not only bolster the alliance’s military capabilities but also stimulate deeper collaborative efforts among member nations. However, pushing member states for additional funding carries inherent risks. It could lead to criticism of NATO’s necessity and objectives, a narrative that Russian disinformation groups might exploit or even start to undermine the alliance’s unity and effectiveness in these hard times.

Enhanced collaboration will significantly impact cybersecurity initiatives as well since it is one of the core security domains for NATO. As a result, we can expect joint operations, an increase in intelligence sharing, and the implementation of additional cooperative actions discussed last year.

While these kinds of summits always end with words related to cooperation, this time, we might see a focus on increasing military power, funding and more focused plans around collaboration between member states.

Threats Targeting the Summit

NATO, due to its nature and political stance, is being targeted by threat actors. The threat landscape has been pretty active lately due to the rapidly emerging geopolitical developments.

Due to its stance in the Russia-Ukraine war, NATO is especially being targeted by Russian government-backed actors and hacktivists. The stance of NATO members and their support for Israel has also increased threats from threat actors with Islamic motives.

Below we will talk about some of the recent claims and threats from threat actors towards NATO and the NATO Summit.

An alleged leak from a threat actor’s Telegram channel claiming to have breached a NATO portal. They also published certain images to increase their credibility and prove the alleged attack. The threat actor conducted this alleged attack due to Israel-Hamas conflict and the stance of NATO towards the conflict.

According to the threat actor’s Telegram channel, several websites belonging to NATO are being targeted with a claim that NATO is a war criminal. The Russian threat actors, with their relations to the intelligence community in the Russian Federation, often frame Western organizations with such claims. The threat actor also indicates that the alleged attack was conducted in cooperation with other actors to stop “Russophobes” and they “put things in order”.

The threat actors are also cooperating when they see a common target even if they don’t share the same motivations. Below, we will cover some of those cooperations against NATO and the NATO Summit.

The threat actor published a message on their Telegram channel, indicating a cooperation with another actor targeting specifically the NATO Summit.

When it comes to events such as summits or certain developments in the world such as conflicts, we see a cooperation trend among the threat actors. These kinds of ad-hoc cooperations are common between the threat actors and it doesn’t necesseraly means that they will be working together from now on for every occasion. The cooperation message below is one of them.

The cooperation between the threat actors above is formed under Islamic and political motivations. There are 42 threat actors under this alliance and the way this cooperation is announced shows the Islamic and political motivations of the threat actors.

Washington Summit Declaration

As a result of the 2024 Summit, NATO published a declaration stating its view on the threat landscape. In this chapter, we will review NATO’s decisions related to the protection of cyberspace.

NATO Leaders at the Washington Summit, Source: Atlantic Council

According to the Declaration, the NATO Integrated Cyber Defence Centre has been established to enhance network protection, improve situational awareness, and integrate cyberspace as an operational domain during peacetime, crisis, and conflict.

Even though all the responsibilities of this new Centre are important, the fact that turning cyberspace into an operational domain during peacetime as well is a critical enabler for member states and NATO to conduct operations on an ongoing basis. This will allow the Alliance to conduct operations against threat actors and utilize the arsenal it has, and the Alliance will be freed from regulatory restrictions.

A new policy is also being developed to strengthen the security of NATO’s networks. While the details of this new policy are not shared, we can assess that this will be mostly related to the internal systems and not exactly be utilized towards NATO’s geopolitical aims.

NATO emphasized the threats towards the Alliance, such as the hybrid threats originating from Russia and China’s ongoing malicious attempts in cyberspace as well as disinformation operations, and underlined that NATO will keep working against these threats.

NATO-EU relations are also another point mentioned in the Declaration. This cooperation can improve the quality of intelligence both sides can get due to increased intelligence sharing against common threats.

In terms of cyber defense, countries such as Australia, Japan, New Zealand, and the Republic of Korea are also mentioned in the article as partners against cyber threats. This cross-regional cooperation will be helpful to both sides to tackle cross-regional threats.

NATO Global Partners, Source: Wikipedia

Other than cooperating with other regions and countries, NATO is still dedicated to the protection of its periphery. The Western Balkans and the Black Sea regions are mentioned in the Declaration again this year, and the Alliance emphasized the importance of cyber threats. We can think that the systems related to the protection from these regions, as well as the infrastructure built in these regions, will be under the defensive blanket of NATO against threats originating from Russia.

Conclusions

During hard times, various threats emerge that can destabilize regions and endanger the security of nations. The geopolitical landscape is continuously evolving, with new challenges arising from global power shifts, economic uncertainties, and technological advancements. In such times, alliances and strategic partnerships become crucial for maintaining stability and security. Organizations like NATO play a significant role in mitigating these threats and ensuring the safety of their member states and nearby regions.

In general, the main purpose of NATO is to protect its member states and nearby regions from potential threats posed by powerful adversaries like Russia and China. These threats are primarily physical in nature, such as military aggression, territorial disputes, and strategic dominance. A collective defense mechanism employed by NATO aims to deter any attempts of aggression and provide a united front against any adversary that may seek to disrupt the peace and security of the region.

The Alliance also works diligently to create a proper cybersecurity structure for the member states. Even though cyber security plays an important role for NATO, the threats in other domains outweighs. The reason behind this is not the idea that cyberspace is not important. The biggest reason is that threats in the real world are way more destructive.

Given that NATO does not have the direct capacity or structure to protect individual member countries or their private sectors in cyberspace, it becomes imperative for member states to strategically utilize the support and resources offered by NATO. This means focusing on collaborative projects, joint exercises, and intelligence sharing to enhance their national security frameworks. By adopting this approach, member states can maximize the benefits of NATO membership and ensure a robust defense posture against any potential threats.

Other than the expectations of the summit, the mere size of the threat landscape is also significant. Threat actors from a variety of backgrounds are targeting the organization and the summit due to their common objectives and not because of threat actors’ backgrounds.