The security environment defined by NATO in the "Strategic Concept" document of 2010, already underlined that the level of the threat in the cyber sector was high both for the aspects of civilian life and towards military and security operations. In the same document it is reported that NATO must "increase efforts to respond to the danger of cyber attacks ...".
Now, looking at the last 10 years, it is clear that the situation is worse than imagined in 2010. This is why, among the requests made by policy planning unit from the secretary general of NATO to the scholars gathered for the "West Point Strategic Concept Seminar" - organized by the Social Sciences Research Lab - you will find:
"NATO has added two new domains of operations (cyber, space) over the last decade. What strategic choices does the integration of these new domains pose? How should NATO's strategic posture change in response to current and foreseeable technological evolutions?".
In the study we presented, we started with a simple question: "what can we do for the next Strategic Concept for Cyber and Space?" and we tried to analyze the needs of the NATO alliance for the next 10 years.
The study was developed around some questions that we believe are fundamental:
- What do the new Cyber and Space domains have in common? And what, on the contrary, differentiates them?
- What can happen if a critical infrastructure of a NATO member were to be compromised?
- What can happen if a critical NATO infrastructure is compromised? And, in this case, is it clear how to act to ensure Command and Control over the Alliance's processes?
Our idea is that including a strong vision of the Space and Cyber domains in NATO's new Strategic Concept will help members of the Atlantic Alliance develop and implement coordinated resilience studies and develop partnerships within private companies and research centers.
Another interesting question we asked ourselves concerns the possible use of "Cyber Power" as a deterrent measure.
La Cyber deterrence in the "by denial" form, in our opinion it seems difficult to reach, unless technological revolutions are hypothesized that allow one of the actors to make a substantial qualitative leap.
Also the Cyber deterrence in the "by punishment" form it seems impractical. Ultimately this means that the Cyber deterrence has any chance of functioning only if supported by a great intelligence capacity (employed in order to identify the culprit of a Cyber attack with almost absolute certainty) and if incorporated into an overall "deterrence strategy".
Another interesting question we have tried to answer is the following: "Does NATO need a Cyber Command?".
If we look at the NATO organization, as described in the factsheet on the cyber defense of the Alliance, we can see that the defense organization is mostly focused onInformation Technology (IT) and in particular on "Communication and Information Systems" (CIS). If this kind of approach could have been valid twenty years ago, it is clear that today it is not enough. IT and CIS represent only a part of the Cyber domain that nowadays involves systems and platforms of all kinds, not only military but also civil and industrial.
If we look at the actual NATO missions and operations we can realize that a Force deployed in the theater of operations is usually a mixed force in which each nation participates with its own military systems and platforms in order to create the necessary level of Force. This means that high interoperability is required. But high interoperability is more or less synonymous with high cyber risk due to the low level of barriers between different forces, systems and platforms.
As an example, consider a NATO land operation, led by a leading nation that provides a tank division and the main CIS and C2 (Command and Control) system. Two other allied nations provide two tank battalions and national anti-tank systems. Now suppose that the operation is conducted in a very high-risk environment from a cyber point of view. We can assume that at the level of Land Component Command (LCC - Command responsible for the predominantly land-based operation) a cyber defense cell or something similar is activated, with personnel provided at least by the leading nation.
The question is: Does the commander of the Ground Component have the right tools to protect the Force and to conduct operations in this context?
From our analysis the answer is NO. This is because the commander lacks information on the vulnerabilities of battalion systems and platforms from allied forces.
From our analysis, it will be difficult for us to have information on the vulnerabilities of military tools and platforms of all components of the Force in a context similar to that hypothesized.
What is missing today is, in our opinion, the right level of "Trust" among the members of the Alliance.
It would be interesting to study the level reached so far among NATO members on this front: to what extent and to what extent can the military components be transparent to each other when operating in a NATO environment, in sectors that are strategic at the national level?
If we add the spatial dimension to the example above, transforming the terrestrial operation into something more complex, taking into account the use of communication or intelligence satellites, we can understand how complex the operational environment is and how much the same considerations are also valid for the spatial domain.
A nation's strategic, military, scientific and development policy does not always coincide with NATO's vision and careful consideration and compromise is essential before starting any operation involving the cyber and space domains.
In this context, NATO must be a primary actor in supporting and managing this evolution among its members, in particular by making sure that "trust" grows among the members themselves.
In our vision a Cyber Command NATO would allow the Alliance to better track the evolution of warfare in the Cyber and Space domains and to develop links with sectors such as Electronic Warfare, Targeting, Info Ops and STRATCOM but, if properly developed, it could be above all a tool to improve mutual trust between Allies.
To return to the conference, it was an opportunity to meet scholars of the Cyber and Space domain who, also according to their different backgrounds and origins, explained their vision of the domains as a function of the future Atlantic Alliance. It was an opportunity to discuss our ideas on these topics with Ms Rose Gottemoeller, former NATO Deputy Secretary General between 2016 and 2019, and with scholars such as Dr Paul Poast (University of Chicago), Major Kathryn Hedgecock ( United States Military Academy in West Point), Major Justin Magula (US Army War College), Sergent Major Denver Dill (West Point Band and United States Military Academy), Dr. Erica Borghard Lonergan (Army Cyber Institute), Dr. Katarzyna Kubiak (European Leadership Network), Dr Margaret Kosal (Georgia Tech), Dr Simon Smith (Staffordshire University), Dr Sylvia Mishra (European Leadership Network).
In the discussion of the panel, the deterrent power that the two domains can have in the face of a technological supremacy associated with them emerged.
The parallelism between deterrence in the nuclear field and the need for a real greater involvement between the Member States for a common vision is interesting, where we are all convinced of the increasing strategic importance of the Cyber and Space domains.
Finally, the need to work for one should be emphasized common strategic culture, to be placed at the basis of increasing trust between Allies.
