Author: dr Andrzej Kozłowski

The NATO Madrid summit, which took place on 29^th-30^th June was dominated by the hard military security driven by the war in Ukraine. However, the issue of cybersecurity and disinformation was not omitted and the important steps were included both in the final declaration and the new Strategic Concept.

In the final declaration of Madrid summit, NATO members concluded that they are “confronted by cyber, space and hybrid and other asymmetric threats, any by the malicious use of emerging and disruptive technologies.” In the context of this threat not only Russia was mentioned but also China, which is a positive signal considering the robust Chinese espionage aimed at many members of the Alliance.

NATO also announced a new defence and deterrence posture across cyber domain to fight against all threats and challenges. NATO also stressed the necessity to increase a resilience both on national level and as a collective commitment in cyberspace and to work on expanding civil-military cooperation. This announcement is particularly important as it is one of the key areas in enhancing cybersecurity. The war in Ukraine showed that building an effective cyber defence could not happen without the engagement of private sector.

Allies also decided on voluntary basis to use national assets to build and exercise a virtual rapid response cyber capability in order to respond to significant malicious cyber activities. The United States will offer robust national capabilities to support this programme. However, it is particularly interesting how this response cyber capability will be integrated with NATO Cyber Rapid Reaction teams, which are on standby 24 hours a day to assist the Allies.

A very important decision was to establish a Defence Innovation Accelerator and launch a multinational Innovation Fund to bring together governments, the private sector, and academia to bolster NATO technological edge April. It should include over 1 billion and allows research into emerging technologies such as artificial intelligence and quantum computing. Currently, NATO in technologic dimension is challenged by potential opponents with technological prowess and this advantage need to be maintained especially regarding that China is reforming its own military capabilities very quickly. Such initiatives as Defence Innovation Accelerator and Innovation Fund may be helpful.

However, the communique was short, very broad and has not brought any new ideas in a case of cybersecurity and disinformation. What is more, in comparison to the declaration from 2021, the case of information operations or disinformation has not been single mentioned in Madrid summit declaration. The summit was breakthrough in many ways but not in the case of cyber and disinformation.

The Strategic Concept – the guideline to future of NATO in cyberspace

More information about future of NATO in cyberspace was given in the new Strategic Concept, where more cyber and information operations related issues have appeared.  The NATO’s new Strategic Concept is the blueprint for the Alliance in a more dangerous and competitive world as the secretary general Jens Stoltenberg claimed. There both the malicious activities in cyberspace and disinformation campaigns appeared as a threat posed by authoritarian governments especially the Russia Federation, which was named as the most significant and direct threat to NATO.  China is the second country mentioned in the Strategic Conception, which also employs cyber and disinformation operations to advance its own interest. But authors of the document also stressed that the PRC seeks to control key technological and industrial sector, critical infrastructure and strategic materials and supply chains. Here is the case of building 5G networks without the participation of Chinese vendors and making the supply chain of  modern technologies less dependent on China.

The concept also stressed that cyberspace is a domain contested all times and is used to disable critical government services, steal intellectual property and impede military activities. NATO also notices the role of emerging and disruptive technologies, which can bring both opportunities and risks as they are altering the character of conflict and may also impair military and civilian capabilities.

NATO also plans to expedite digital transformation, adapt the NATO Command Structure for the information age and enhance cyber defenses, networks and infrastructure. The cooperation with a private sector is stressed as well as the interoperability and military edge. The conception points out also that the use of unfettered access to space and cyberspace is a key to effective deterrence and defence. NATO also clearly stressed that a single or cumulative set of malicious cyber activities and hybrid operations may reach the level of armed attack and lead to invocation of Article 5 of Washington Treaty. However, NATO maintains its policy of not giving any details of how such operations would be analysed under the consideration of article V.  The cases will be rather considered individually.

Conclusions

Neither the summit in Madrid, nor the strategic concept cause watershed changes in NATO policy on cybersecurity and disinformation comparable to the NATO summit in 2014 (cyberattack could invoke article V) and the Warsaw summit (cyberspace as the next operational domain). It rather confirmed some ongoing trends such as cooperation with a private sector and industry and announced interesting projects such as adaption of NATO Command Structure or setting up a new Defence Innovation Accelerator. Depending on the next steps, these ideas may be successful or not but it is too early to assess them. Both of them seem an important and adequate response to the challenges in cyberspace, which were properly identified by NATO.

Author: dr Andrzej Kozłowski, Head of Research of the Casimir Pulaski Foundation