NATO announced plans Wednesday for a commitment to create a rapid response cyber force and to bolster military partnerships with civil society and industry to respond to cyber threats.
Coming on the heels of a meeting that included leaders from all 30 allied countries, the Madrid summit declaration also said NATO will do more to support Ukraine’s cyber resilience and defense against Russia while also focusing on China as a long-term and mounting cyberthreat.
“We are confronted by cyber, space, and hybrid and other asymmetric threats, and by the malicious use of emerging and disruptive technologies,” the declaration said. “We face systemic competition from those, including the People’s Republic of China, who challenge our interests, security, and values and seek to undermine the rules-based international order.”
The declaration’s mention of more military collaboration with industry is critical, said Jim Lewis, who directs the Strategic Technologies Program at the Center for Strategic and International Studies.
“Paragraph 10 is the key, since it announces more civil-military cooperation and a rapid reaction force – these were the crucial elements of Ukraine’s successful cyber defense,” said Lewis, who was previously rapporteur and senior adviser for four U.N. Groups of Governmental Experts on Information Security.
Cooperation is a regular theme of the document.
“We will significantly strengthen our cyber defenses through enhanced civil-military cooperation,” the declaration says. “We will also expand partnership with industry. Allies have decided, on a voluntary basis and using national assets, to build and exercise a virtual rapid response cyber capability to respond to significant malicious cyber activities.”
The declaration is a departure from past iterations which have tended to rely on “routine ‘we are concerned about cyber’ add on statements” instead of the substantive focus in the declaration released Wednesday, said Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies and the former executive director of the Cyberspace Solarium Commission.
Montgomery said the declaration’s increased commitment of cyberdefense support to maintain the resilience of Ukrainian critical infrastructure is significant “since the Russian cyberattacks on Ukraine are persistent and could more effectively impact Ukraine without western support.”
He also said he is heartened to see the alliance confirm the “importance of standing up to China in the gray zone as a unified group, confronting Chinese competition in cyber, information operations and other emerging technologies.” Montgomery noted that several Eastern European countries have contended with “the wrath” of the Chinese in the cyber domain.
The declaration couches its cybersecurity recommendations in what it calls a “radically changed security environment.” A “new baseline” for the alliance’s defense will rely on what the declaration refers to as a 360-degree approach, “across the land, air, maritime, cyber, and space domains, and against all threats and challenges.”
The tone of the declaration is significant for its enhanced focus on cybersecurity, said Chris Painter, the former top cyber official in the President Barack Obama’s State Department.
“Cyber is now part and parcel of both the threat and the response that NATO is looking at — it’s no longer some foreign object,” Painter said. “It is something that they have been building steadily since [the] Lisbon [NATO summit] many years ago, and it’s become more and more prominent as time goes on. And that’s appropriate.”