At a meeting to discuss cyber-defense, NATO defense ministers yesterday agreed to set up “quick-reaction defense teams” for when the alliance’s computer systems come under attack. “We are all closely connected so an attack on one ally, if not dealt with quickly and effectively, can affect us all,” Anders Fogh Rasmussen, the head of NATO, told the press in Brussels.
These are admirable words. But the focus of the new “teams”, whatever that means, will be only on computer networks owned and operated by NATO, not those of the member countries, rendering Rasmussen’s claim of Three-Musketeerish solidarity ineffective. As Reuters reports, larger member states seem unwilling to help out small countries (that is, ones that have less money to spend) when their domestic networks come under attack. One NATO diplomat told Reuters that it’s up to members to look after their own interests. Discussions about how the alliance can “support and assist allies” has been pushed to October.
This seems silly. With the exception of large denial-of-service attacks, which are aimed at specific servers, and bespoke attacks like the Israeli-American Stuxnet, most garden variety cyber-attacks direct the same methods on victims around the world. It would therefore be in the interests, for example, of NATO-member France to assist NATO-member Latvia. It’s not unlikely that the same attackers will target both nations’ embassies, companies or employees.
Moreover, it’s not just the same attackers hitting different countries. Kaspersky Lab, an online security firm, yesterday released a report (pdf) on a campaign of attacks on 350 victims in 40 countries—including the US, Canada, Britain, Germany, the Baltic states and most of Asia—originating from a group of 50 Chinese-language natives who also speak English. Among its discussions on techniques and tactics is a little column pointing out that several infected entities have also been victims of Red October, a cyber-espionage campaign that may have originated in Russia. These include embassies (of which countries, Kaspersky did not specify) in Iran, Belgium and Tajikistan, as well as a military contractor in Russia. Many of these attacks use the same vulnerabilities. Procedures to guard against them in one country can easily be shared amongst allies.
Unlike “cyberwar“, the existence of espionage through online attacks is not up for dispute. NATO is wise to prepare to defend its systems against such infiltration. But to focus on its own infrastructure while humming and hawing about that of its smaller, more vulnerable member states shows that its efforts are half-hearted at best. The whole point of an alliance, like a network, is that it is connected.