NATO Secretary-General Jens Stoltenberg has told a press conference ahead of a ministerial meeting tomorrow Brussels time that “cyber” is a “military domain” – and that a cyber-attack on one member can trigger NATO's Article 5.
Article 5 of the Washington Treaty that establishes NATO embodies the principle of collective defence – in other words, an attack on one is an attack on all, and that includes cyber-attacks.
Speaking in response to a question from Euronews, Stoltenberg said NATO is “in the process of establishing cyber as a military domain meaning that we will have land, air, sea and cyber as military domains”. This is a process that's been rumbling on since July last year, mind you.
He also explained that the organisation is working more closely among itself and with allies to improve their defences and share information about attacks.
Regarding the current “NotPetya” ransomware/wipeware (depending on which school of infosec theory you prefer), he said NATO is helping the Ukraine (first and worst hit) “improve its cyber defences”.
The attacks, he said, “highlight the importance of the support, the help NATO provides … gives … or provides to Ukraine to strengthen its cyber defences, technical and other kinds of support”.
Given NotPetya's unconfirmed attribution to Russia, the language is hardly likely to soothe tensions between Russia and NATO. Earlier this month, the Ukraine parliament said NATO membership is a “strategic target” for the country (for example, as reported by Defense News), something likely to escalate rather than reduce tensions in the region. ®