Tuesday, July 07, 2020

NATO must address the looming threat of cyberattacks

By Julia Berghofer

Today, the risks associated with severe cyberattacks on critical infrastructure and military systems in general are drawing increased attention. Not only are cyberattacks becoming more frequent and more professional, their destructive capabilities are also more widely available than ever for state and non-state actors alike. The risk of cyber interference in critical civil and government systems poses a threat with incalculable consequences for the Euro-Atlantic community.

Because of their complacency, most states in the Euro-Atlantic region now struggle to keep pace with the breathtaking development of new technologies. Thanks also to their failure to grasp the complexity of the situation, these states have no holistic or viable counter-strategy to address the perils of cyberattacks. Any form of misuse such as compromised data, false alarms or inadvertent launches can thus have catastrophic consequences.

The lack of transparency and dialog between the military, tech experts, decision makers, security organizations, scholars and private companies is a huge obstacle to developing a holistic counter-strategy. Indeed, even the authorities tasked with addressing such issues tend to evade taking action, suggesting instead that responsibility for the cybersecurity of nuclear weapons in Europe lies solely with the US.

While it is true that all B61 bombs in Europe held at six air bases across the continent are US property, these weapons do not exist in a vacuum. There are entire physical, technical and institutional systems built around them involving personnel, delivery systems, early warning protocols and supply chains. Accordingly, a critical share of funding and responsibility for the cybersecurity of nuclear weapons systems in Europe rests on the shoulders of the respective member states, while maintenance and upgrades remain in Washington’s hands.

Germany is an interesting example. The Federal Republic has not only failed to develop cybersecurity institutions and effective measures, it has also launched a number of newly established and still-in-development  cyber organizations with poorly defined tasks. To make matters worse, these organizations must compete with a strong private sector in recruiting experts in the field.

Whether modernization helps keep weapons systems safe or puts them at risk as a result of their growing complexity is a matter of debate among experts. However, military leaders argue that modernization is essential in a world of increasingly net-centric warfare that requires a rapid response to events as they unfold on the ground.

If this is the case, cybersecurity measures must become more advanced in lockstep. There is consensus among NATO members that the cybersecurity of nuclear weapons systems must be accorded the highest priority, but the Alliance has nevertheless failed to deal with the issue in a timely manner. This has created two problems, in particular: the first relates to the insufficient budget funds allocated to cybersecurity measures at nuclear air bases in Europe, and the second revolves around the lack of a coherent understanding of the threat.

As a nuclear alliance, NATO is confronted with an incalculable problem that could evolve rapidly in the face of escalating hostilities. There is no time for patience. All Alliance members able to take action must make haste to assess the looming threats and implications of emerging technologies. Simply hoping that US measures will meet the task is not enough. In countries like Germany, there is an urgent need for meaningful strategic discussions and sustained dialog with the community of technological experts.

JULIA BERGHOFER
is a European Leadership Network (ELN) policy fellow and a Younger Generation Leaders Network (YGLN) project manager.