NATO Declares Joint Cyber Defense

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.databreachtoday.com/nato-declares-joint-cyber-defense-a-7284

NATO leaders have agreed that a cyber-attack on one member nation could be
treated as a cyber-attack on all members, meaning the alliance could
respond by launching military or cyber attacks against an adversary.

"Today, we declare that cyber-defense is part of NATO's core task of
collective defense," NATO Secretary-General Anders Fogh Rasmussen says.

But the term "cyber-attack" wasn't defined in the communique issued Sept. 5
at the conclusion of the NATO summit in Wales.

"We affirm ... that cyber-defense is part of NATO's core task of collective
defense," the communique states. "A decision as to when a cyber-attack
would lead to the invocation of Article 5 would be taken by the North
American Council on a case-by-case basis." The North American Council is
the principal political decision-making body within NATO.

Article 5 of the NATO charter states that an attack on one member state
will be treated as an attack on all member nations. President Obama
emphasized that point during his visit to Estonia on Sept. 4 when he
pledged that NATO and the United States would come to that nation's defense
if Russia attacked the NATO member state.

Defining what constitutes a cyber-attack will be a challenge for the North
American Council (see NATO Faces Challenges in Mounting Cyber-Defense). And
in reacting to cyber-attacks, a key challenge will be precisely determining
who waged the attack, says retired U.S. Air Force Lieutenant Gen. Raduege,
who as the former director of the Defense Information Systems Agency worked
with his counterparts in NATO.

"As cyber-attacks evolve today, they involve numerous people, organizations
or activities that quite often are spread out across in a globally,
syndicated activity against a target organization or activity or nation,"
Raduege says.

NATO leaders agree that cyber-attacks could reach a level that threatens
the prosperity, security and stability of its member nations and the
Euro-Atlantic area. "They could harm our modern societies as much as a
conventional attack," Rasmussen says.

The communique, known as the Wales Summit Declaration, acknowledges that
cyber-attacks will become more common, sophisticated and potentially
damaging. The NATO leaders endorsed an Enhanced Cyber Defense Policy.
According to the policy, each member nation is primarily responsible to
defend its own networks, with the assistance of NATO and other member
states.

"Strong partnerships play a key role in addressing cyber threats and
risks," the communique says. "We will, therefore, continue to engage
actively on cyber issues with relevant partner nations on a case-by-case
basis and with other international organizations, including the EU, as
agreed, and will intensify our cooperation with industry through a NATO
Industry Cyber Partnership. Technological innovations and expertise from
the private sector are crucial to enable NATO and allies to achieve the
Enhanced Cyber Defense Policy's objectives."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!