NATO announced yesterday that it is now officially recognising cyberspace as a frontier for war, in addition to the traditional sites of battle including land and sea. The declaration was made following a meeting for NATO's defence ministers on Tuesday, with Secretary-General Jens Stoltenberg stating that it has become clear that dangerous attacks can be launched on the internet and among computer networks just as easily as they can on the battlefield.
David Gibson, VP Strategy & Market Development, Varonis reacts: “This is a welcome, if long overdue, recognition that cyber warfare is in fact an important and lethal domain. We would urge NATO and participating governments, as well as their technology providers, to take a modern approach that prioritises securing the data itself from unauthorised access. The threat of intruders taking over control of sensitive systems and commands by gaining access through legitimate accounts is a massive concern. Protecting the physical perimeter of any network has proven to be insufficient.”
Simon Crosby, CTO and co-founder, Bromium, comments: "NATO has a fundamental challenge in the cyber domain: The idea of NATO is a collective capability for defense, which when any one member is attacked can trigger the appropriate defensive military action. In cyber, NATO has none. Instead, individual member countries, to varying degrees co-operative or suspicious, more or less collaborates to share information on threats, so that each member can defend itself. This has nothing at all to do with the goal of NATO. The organisation was founded to protect the members by, in extremis, deploying conventional non-cyber assets to effectively combat a threat on any member of the coalition. But NATO has no assets to deploy in the cyber domain. Each member has carefully managed its own cyber attack techniques, tools and strategies. They each know the vulnerabilities and weak spots of their foes, and all of their peers in NATO. NATO cannot deploy assets to mitigate a cyber attack – the organisation is an anachronism from the era of the cold war, and has zero capacity to act in the cyber domain"