Nato set to clarify stance on cyber attack

Leaders will discuss changing the mission of collective defence with respect to cyber attack at this week’s Nato summit

Nato leaders are expected to discuss changing the mission of collective defence at this week’s Nato summit in Wales with respect to cyber attacks.

The organisation is expected to announce that a cyber attack on any of the 28 member countries will be considered an attack on all.

Rob Cotton, chief executive at global information assurance firm NCC Group, says it should come as no surprise that Nato is maturing its position on cyber attacks.

“As a company we have seen first-hand that many nations and industries have been built on fragile computing infrastructures,” he said.  

"Nato’s assertion that a significant cyber attack could be as devastating as a physical one is not alarmist.”

Cotton said this view is shared by the Bank of England, which earlier this year launched the CBEST scheme to more closely mirror how attackers compromise organisations in the real world.

“The US agrees too – its Director of National Intelligence claimed that cyber attacks are the biggest threat that the country faces,” said Cotton.

Read more about Nato and cyber attacks

"From logistics to power distribution, and the financial markets to transport signalling, all of these systems are increasingly interconnected and therefore vulnerable.”

According to NCC Group, too many organisations have relied on a risk-based approach, with key security decisions made by people with a lack of understanding or appreciation of how real-world attacks occur.

Cotton said businesses should take note of the strengthening of Nato’s stance, and realise the threat posed could make a substantial impact on everyone.

“However, this should not be seen as a panacea. In the cyber world, attribution of attacks can be far more difficult to achieve than in the physical world,” he said.

Similarly, containment is far more difficult, if not impossible in the cyber world, said Cotton – especially when considering the asymmetry between the digital infrastructures of Nato countries versus likely aggressor states and other criminal groups.

“And if it is a group, rather than a nation state, can Nato retaliate? It is a very complex issue,” he said.

Read more on Privacy and data protection