It’s clear that security professionals have waged war with hackers since the Internet’s inception, but NATO has reaffirmed that cybersecurity is not just a localized problem; it’s a nation-state-wide issue, and one that needs to be addressed. Just like land, air, and sea, cyberspace is now an operational domain, a place that can be considered a battlefield.
NATO has declared that cyberspace qualifies as an area where conflict can occur, (it surprisingly took this long). While many cyber attacks tend to be limited to only data infrastructures, there are plenty of instances where attacks have moved from the cyber realm to the physical world. Some examples include a Ukrainian electrical grid hack from just last year, as well as a supposed Iranian hack of a United States dam control system. In other words, technology systems have the capabilities to cause quite a bit of damage, like blackouts or shutting down critical systems.
NATO Secretary General Jens Stoltenberg made a valid observation concerning the decision to add cyberspace to the list of operational domains: “Cyber defence is part of collective defence. Most crises and conflicts today have a cyber dimension. So treating cyber as an operational domain would enable us to better protect our missions and operations.”
Technology has become such a commodity in today’s world that even warfare is assisted by it, through providing access to important data and applications. Networks that are used to deploy this data could be hacked, causing important information to be either lost or stolen; thus, putting real-world lives at risk. Plus, if a hacking attack rendered citizens without heat, electricity, and other necessities, it could redefine what the world thinks of as a war of attrition.
NATO plans on securing networks and focusing on helping other countries secure their own. Additionally, NATO wants to help others identify where attacks come from, and what can be done about them. In 2014, NATO changed its policies to allow them to respond to any attacks against nations involved with the organization, so this shows that cyber warfare could potentially become a major factor in ongoing conflicts in the future.
Granted, measures that could be put into place are easier to talk about than to actually implement. Cyber security is generally handled on a state level, and while the US and UK have invested heavily in cyber security, other countries tend to think of it as a low priority, or don’t foresee it affecting them in the near future.
This decision by NATO should drive the importance of cybersecurity in the workplace, and reaffirm that your organization needs to take a cautious and proactive stance. Additionally, you’ll need to use best practices in order to minimize the risks of working online, as you’ll probably realize far too late that you’ve been infiltrated by hackers. It’s in your best interest to take a preventative stance on network security, regardless of how much risk you feel your business is at.