The Importance of a Transnational Cyber-Defense Policy for NATO
Most NATO Allies have been experiencing a gap between the identification of the existence of cyber-threats, and the implementation of cyber-defense policies. What is lacking in today's cyber-security landscape is a clear, transnational policy for all members of the Alliance. Yet, through NDPP, NATO can encourage policy harmonization by setting standard requirements, and encouraging inter-state cooperation with those at the forefront of cyber-security, such as Israel.
Although NATO has been implementing a cyber-defense policy since 2008, the current security landscape calls for an urgent transnational policy that will focus on inter-state cooperation within NATO, in order to counter the growing threat of cyber-attacks against governments and institutions.
As today's society becomes increasingly dependent on new, advanced technologies, the same technologies can be used to attack our democratic structures. Our governments rely on communication and information systems (CIS) to store and transfer confidential information. Although RSA claims that the economic damage caused by cyber-attacks in 2015 amounted up to $575B per year, this data does not take into consideration the considerable security threat that hackers pose.
NATO was one of the first defense institutions in the world to place cyber-security in its political agenda in 2002. However, it was only in 2008 – after a series of cyber-attacks against Estonia – that the Alliance approved its first policy on cyber-defense. Today NATO is very active in the fight against cyber-threats: along with protecting its own CIS services it runs several education and training facilities in Estonia, Italy, and Germany. Cyber-defense was integrated into NATO's Defense Planning Process (NDPP) in 2012.
However, NATO's focus on this issue is currently not mirrored by most of its members. There has been a significant delay between identification of the existence of cyber-threats, and states' reactions in adopting a national cyber-defense policy.
It is well-known that most Allies are not spending the expected 2% of their GDP on their national defense systems. Recent data published by NATO have revealed that only five Allies (the United States, Greece, Poland, Estonia, and the United Kingdom) reach the 2% target. The other 23 members fall behind. If this data concerns defense in general, one can easily imagine that most European governments are investing a minimal amount of money in cyber-defense.
Next, I will briefly analyze examples of strategies adopted by European NATO Allies.
Italy, a founding NATO member, has begun discussing the need for a new cyber-security policy only this year, as demonstrated by the allocation of €150M for cyber-security in this year's Stability Law. Prime Minister Matteo Renzi is also rumored to be about to appoint entrepreneur and cyber-expert Marco Carrai as cyber-security counselor, hoping to give a twist to the national defense policy.
Although France is investing a significant amount of money in the field, it is also isolating itself. It has refrained from seeking international cooperation, as it has done already in most other defense policies it has adopted in the past, instead favoring autonomy and flexibility. In terms of budget, the French government has set a three-year plan of €1B.
In its cyber-security strategy, the United Kingdom hopes to become one of the most secure places in the world to do business online and to tackle cyber-crime. Its capabilities are aimed not only at defending its CIS against threats, but also at attacking foreign threats. The country has allocated £860M in cyber-defense, and is working closely with the United States, Israel, and Qatar on the issue; Israel nor Qatar are members of the Treaty.
On the contrary, Germany has been developing cyber-defense capabilities able to detect imminent attacks, with a preventive approach that is opposite to the UK's offensive strategy. Germany is also collaborating with the United Nations and the European Union. According to Marco Mayer, adjunct professor of cyberspace international politics at Scuola Superiore Sant'Anna in Pisa, Italy, "NATO is in the position to harmonize EU member states with different cyber-defense policies."
The policy I propose is the result of an existing threat that has been underestimated for too long by most NATO Allies, who are currently adopting opposing policies. Through its NDPP, NATO may be the only institution in today's Western political landscape able to harmonize different policies and implement solid inter-state cooperation. There is an urgent need for a transnational, joint effort from the Allies to face cyber-threats. NATO should determine standard requirements, as well as a minimum spending for cyber-defense for all Allies, as it does with the general defense capabilities and budget. Finally, I believe that NATO should seek cooperation with Israel, a long-time NATO partner, as well as one of the world's leading powers in cyber-security.
The Israeli government was one of the first in the world to implement cyber-security policy in the early 2000's. An explanation for Israel's success in the field, said Lior Tabansky, co-author of Cybersecurity in Israel, is the mobility of human capital. In an interview Tabansky said that what Israel can teach to other cyber-ecosystems is the continuous circulation of human capital between different sectors such as the government, the army, the academia, as well as private businesses. I believe that this could be a great strategy for NATO Allies, too.
Born and raised in Italy, Simone Somekh is completing his B.A. at Bar-Ilan University in Israel, and is enrolled in New York University's GloJo graduate program, beginning in Fall 2016.
This article has been submitted for category C "Getting Defense Planning on Track" of the competition "Shaping Our NATO: Young Voices on the NATO Summit". Comments are most appreciated. You can also read the other articles in this category. Learn more about this competition and how you can submit your own text or video for category D.
- Atlantic-Community.org in Transition
- Towards a More Inclusive Transatlantic Partnership: Update on the 2nd Atlantic Expedition
- Topic of the Month: The Future of Health Care
- Do We Need Data Donations?
- eHealth - Tele-Monitoring and Tele-Medicine - Digital Innovation in the Life Science Sector in Germany