"land, sea, air and now cyber." What about space? Can I take down US satellites and not provoke the Europeans ?
NATO Secretary-General Jens Stoltenberg has told a press conference ahead of a ministerial meeting tomorrow Brussels time that “cyber” is a “military domain” – and that a cyber-attack on one member can trigger NATO's Article 5. Article 5 of the Washington Treaty that establishes NATO embodies the principle of collective …
Thursday 29th June 2017 07:05 GMT redpawn
Thursday 29th June 2017 08:18 GMT Anonymous Coward
Looking at my webserver logs, does that mean I'm officially at war with everybody? Don't think there's many countries I haven't been attacked by. And what about attacks from inside the country; not to mention other NATO members?
Oh well. I'm up for it if everybody else is. Just send your declaration of war by email, and I'll add your country to the list.
Thursday 29th June 2017 09:25 GMT Anonymous Coward
Thursday 29th June 2017 11:12 GMT Pete 2
Filling the void
> NATO is “in the process of establishing cyber as a military domain
While this is clearly totally incorrect (since most cyber attacks are against economic or personal targets - and if the military is stupid enough to place unprotected "assets" in the public space, they should expect to have them busted). But it does indicate that the military is recognising it's own lack of relevance in the direction the world is moving and this power grab is their way of trying to reassert their usefulness.
The worry is that the military approach is singularly inappropriate to deal with commercial threats. You can't put a gun to every workers' head and demand they change their password every month. And you can't threaten to invade (say) the NHS if it doesn't upgrade the patches on its servers every tuesday.
What we will find is that this approach will change the military. No longer will they be a "force", but more a source of resources. If that means the defence budget gets diverted from buying ineffective weapons that will never be used, and instead put into protecting (another form of defence) important and ubiquitous parts of our infrastructure, that really should be nowhere near any form of public access or shared communications, then let's do that. But we shouldn't call it "miilitary".
Thursday 29th June 2017 11:14 GMT SkippyBing
Re: Filling the void
'You can't put a gun to every workers' head and demand they change their password every month.'
I'm fairly sure you don't have to, there seems to be some sort of admin setting that makes it happen anyway. Does at my work, and we have guns so it's not as if that option wasn't available.
Thursday 29th June 2017 11:39 GMT M7S
Thursday 29th June 2017 12:49 GMT Nolveys
“cyber” is a “military domain”
$ dig cyber
; <<>> DiG 9.7.3 <<>> cyber
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37827
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;cyber. IN A
;; AUTHORITY SECTION:
. 10013 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017062900 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 29 06:56:00 2017
;; MSG SIZE rcvd: 98
Thursday 29th June 2017 13:14 GMT Destroy All Monsters
Kowtowcrat fronting bloated imperial occupation forces demands bloater imperial occupation forces.
Earlier this month, the Ukraine parliament said NATO membership is a “strategic target” for the country
The Ukraine parliament says a lot of things that are entirely ridiculous.
Also, Article 5 (and 6):
The Parties agree that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all and consequently they agree that, if such an armed attack occurs, each of them, in exercise of the right of individual or collective self-defence recognised by Article 51 of the Charter of the United Nations, will assist the Party or Parties so attacked by taking forthwith, individually and in concert with the other Parties, such
action as it deems necessary, including the use of armed force, to restore and maintain the security of the North Atlantic area.
Any such armed attack and all measures taken as a result thereof shall immediately be reported to the Security Council. Such measures shall be terminated when the Security Council has taken the measures necessary to restore and maintain international peace and security .
For the purpose of Article 5, an armed attack on one or more of the Parties is deemed to include an armed attack:
- on the territory of any of the Parties in Europe or North America, on the Algerian Departments of France,
- on the territory of or on the Islands under the jurisdiction of any of the Parties in the North Atlantic area north of the Tropic of Cancer;
- on the forces, vessels, or aircraft of any of the Parties, when in or over these territories or any other area in Europe in which occupation forces of any of the Parties were stationed on the date when the Treaty entered into force or the Mediterranean Sea or the North Atlantic area north of the Tropic of Cancer.
Well, these days treaties are just pieces of paper and can be interpreted any which way that suits US. Which is why US is sitting in Syria and attacks Syrian forces in Syria w/o a declaration of war while doing SFA against ISIS, and it's fully OK.
Thursday 29th June 2017 13:21 GMT Marketing Hack
I'm fine with NATO working on cyber-defense
-I'm fine with them considering it roughly equal to air, land and sea
-I'm fine with them trying to promote best practices across their government, militaries and economies.
-I'm fine with providing technical assistance to affected non-NATO nations (It wouldn't do Western cybersecurity any good if half the servers in Ukraine becomes some festering reservoir of malware)
I'm not so fine with:
-We need a NATO surveillance operation aimed at its own people
-NATO joining the dimwittery over backdoors in encryption being a good thing
-Expanding NATO to include the Ukraine
Thursday 29th June 2017 15:36 GMT Robert Helpmann??
Re: I'm fine with NATO working on cyber-defense
I'm not so fine with... [e]xpanding NATO to include the Ukraine
Not sure how this fits in with your other points, MH. They seem to be related a little more closely than this one. I'm not attacking your opinion on this, even if I do not necessarily agree, it's that it doesn't track from the rest of what you've stated. Care to tie it together?
Thursday 29th June 2017 20:52 GMT Ken Hagan
Re: I'm fine with NATO working on cyber-defense
"-Expanding NATO to include the Ukraine"
Expanding NATO to include Russia would actually be a smart move. That is, if you can get relations with Russia and mutual respect for each other's rights of self-determination to the point where it isn't just laughed out of court, you'd have done a fantastic job of guaranteeing the security of the West and East and you could start to think seriously about sorting out some of the humanitarian disaster areas elsewhere.
But I get the feeling that NATO is about job security for generals rather than actual security for countries...
Thursday 29th June 2017 16:38 GMT EricM
"'Cyber' as military domain" - sounds cool ...
...if you have no idea what you are talking about.
As a reimnder: "NATO" are these guys that take 20 years upward to get new hardware in the air or out to sea. At hugely inflated prices. And that deploy brand new hardware with Win XP onboard in 2017...
Sorry guys, Infosec does not mix at all with military thinking and structures.
You'd need to employ a small number of highly paid and well-trained specialists that have the freedom and are willing to learn new techniques and tactics every day - and that accept strict miltary style command-and-control procedures to govern their daily lives.
I simply can't see that happening, which is completely consistent with the development of NATO's cyber strike capabiliteis in the last 20 years.
Thursday 29th June 2017 20:54 GMT Ken Hagan
Re: "'Cyber' as military domain" - sounds cool ...
"I simply can't see that happening, which is completely consistent with the development of NATO's cyber strike capabilities in the last 20 years."
One hundred years from now we'll probably be able to say for sure what those capabilities are. My guess is that we'll discover that the most powerful weaponry and most robust defences were actually in the hands of a handful of private individuals on both sides. I'll also guess that hindsight will refute the idea that cyberspace had well-defined borders, so even if NATO generals talk about defending NATO countries, the border is so flaky that for all intent and purposes the Russians are already here and we are already there. How can you talk of strike capabilities when you are already in the midst of a million-person melee?