Last summer, Nato members met in Vilnius for one of their regular summits. On the surface, the event went fairly smoothly. The alliance’s leaders smiled for the cameras, while President Orban of Hungary promised his country would no longer block Sweden’s entry. Yet between the usual commitments to support their beleaguered ally in Kyiv – the summit’s official communiqué stated that Eastern Europe needed a “comprehensive, just, and lasting peace” – behind the scenes things were rather less placid. Quite aside from tensions with Turkey, or else grumbles from some attendees about the cost of supplying Ukraine, that was most clear on the cyber front. As Politico reported a month after the summit ended, Russian hackers apparently tried to foment suspicion between member states, posting fake Nato press releases promising to double the bloc’s defence budget, while also claiming that Ukrainian troops would be redeployed to quell protests in France.
Nor, of course, was this the first time that groups with names like ‘Doppelganger’ and ‘Secondary Infektion’ have used cyberspace to fight the Western alliance. In December 2023, officials announced one group of Russian hackers had targeted a Turkish unit inside Nato, even as they tested the vulnerabilities of nearly a dozen other members too. Nor is Russia alone here. According to a recent study by Check Point Research, 2022 saw a 38% rise in cyber attacks compared to the year before, with Iran, China and North Korea just three of the states lately accused of exploiting the digital dark arts. It goes without saying, moreover, that the consequences of a successful attack can be dire, both for frontline troops and the infrastructure that supports them.
No wonder, then, that Western countries are taking the cyber front increasingly seriously, investing significant time and resources to first understand digital dangers – then design systems to keep their own silos secure. Given the bewildering spread of the internet’s tentacles these days, that requires robust relationships far beyond Nato headquarters, with civilian administrators and the private sector deeply involved in keeping military platforms safe. Not that cyber professionals should rest easy, even then. With threat profiles constantly shifting, cyber defenders need flexibility and adaptability to keep their systems secure – let alone when sallying forth and scaling the enemy’s cyber defences themselves.
Hacking it
Few insiders have as much experience with military cybersecurity as Luc Dandurand. A cyber veteran for 25 years, he began his career in the Canadian Armed Forces, before working for a range of cybersecurity outfits from Estonia to Switzerland. Since September 2023, meanwhile, Dandurand has returned to his military roots, working as chief of the Nato Cyber Security Centre, itself a part of the Nato Communications and Information Agency (NCI Agency). Based in Brussels, Dandurand now leads a cohort of some 250 cyber professionals, proactively securing systems and plugging breaches when they do occur.
To put it differently, what Dandurand says deserves to be taken seriously – and, as he stresses, digital dangers are an increasing priority right across Western militaries. “Cyber threats to the security of the alliance are increasing and becoming more sophisticated – and are therefore more important to Nato’s overall defensive strategy than ever,” the Canadian explains. “While the alliance has always paid attention to the protection of its communications and information systems, in 2016, the allies recognised cyber as a distinct domain of operation. This has caused a significant shift in how Nato plans to address cyber threats.” Such an energetic approach seems wise. With 400 million cyber daily events processed by Nato security sensors as far back as 2016, ones and zeroes are a wildly popular attack vector for malicious actors everywhere.
That’s unsurprising when the consequences of a successful breach can be so severe. Propaganda of the sort tried at the Vilnius summit is one thing. Quite another is the kind of assault carried out by Russian hackers right at the start of Putin’s invasion of Ukraine, disabling Kyiv’s satellites and forcing beleaguered defenders to communicate by mobile phone, itself vulnerable to interception. Intelligence breaches can be just as damaging, even when they’re perpetrated by common thieves. In 2022, for instance, criminals stole 80GB worth of documents containing details on Nato missile systems, before hawking them to the highest bidder online. And with every corner of military life now shaped by digitalisation – and a recent report by BAE Systems finding that 93% of sector insiders feel defence will require increased integration in future – it makes sense that Dandurand’s schedule is so hectic.
80GB
The amount of Nato data that hackers stole in 2022, detailing the blueprints of various classified weapon systems.
BBC
Teamwork makes the dream work
Ironically – given what’s happening in cyberspace – last year’s Vilnius summit equally hinted at how the Nato Cyber Security Centre is dealing with these varied challenges. A case in point is the Virtual Cyber Incident Support Capability (VCISC). Unveiled in the Lithuanian capital, it brings together a number of countries, using their own resources and expertise, to quickly nip cyber breaches in the virtual bud. This emphasis on collaboration is no accident. “As in any other operational domain,” stresses Dandurand, “cooperation and coordination in cyberspace is essential. No single country can achieve a high level of cybersecurity in isolation. We need to work together with our allies and partners to share best practices, expertise, intelligence, capabilities and threat information.”
250
The number of cybersecurity experts at the Nato Cyber Security Centre.
Nato
This is reflected out in the cyber battlefield too. Apart from schemes like VCISC, Dandurand explains that his team at the Nato Cyber Security Centre acquires the best cyber protection tools from the private sector – notably partnering with IBM to bolster security visibility. You can hear similar noises from the very top of Nato, too. In November last year, at the bloc’s first annual Cyber Defence Conference, Secretary General Jens Stoltenberg argued that firms like Microsoft and Starlink were vital to the continuation of Ukraine’s war effort. It’s hard to disagree: Microsoft donated $400m to transfer whole governments departments to the cloud, while Elon Musk’s operation has proved vital to Kyiv’s military communications.
93%
The percentage of military insiders who believe defence will require increased integration across domains.
BAE Systems
This practical work is echoed by rhetorical action. A traditional problem with cyberwarfare – partly due to its newness, partly due to its intrinsic intangibility – is gauging how it can safely be used. Think of it like this: if Russia invaded Poland tomorrow, President Putin would obviously expect a response. But what if he disabled the Warsaw Metro, or shut down the city’s power system, all through hackers and code? The potential for unintended escalation here, it goes without saying, is high. It therefore makes sense that, over recent years, Nato has sought to clarify how it would respond to a major digital attack. “A serious cyber attack could trigger our collective defence commitment under Article 5 of our founding treaty,” Dandurand emphasises. “The decision to invoke Article 5 would depend on its severity and nature, and is to be determined by the allies on a case-by-case basis. Cyber attacks that do not cross this threshold would nevertheless trigger a proportional response.”
Future threats
In their public-facing roles, organisations like the Nato Cyber Security Centre are predictably focused on cyber defence, protecting their own systems from unscrupulous intruders. Yet as even Dandurand concedes, every nation now recognises cyberspace as “a proper domain of warfare” – and Western countries aren’t so naive as to ignore it. In 2019, for instance, the US used cyber weapons against a number of Iranian platforms, after the Tehran regime shot down an American drone in the Strait of Hormuz. More recently, the Pentagon confirmed that it had deployed hackers in support of its Ukrainian ally. With these examples in mind, it’s unsurprising that Dandurand believes that armies will continue striving to “coordinate and conduct cyber operations that enable military actions in the physical world, and vice versa.”
And if Grand View Research predicts that the global cyber warfare market will enjoy CAGR of 14.9% through 2030, reaching $177bn by the end of the decade, Dandurand and his colleagues will surely remain busy too. With black hats constantly searching for new ways to overcome online defences, he says NCIA will have to continue developing “novel approaches” to cyber resilience, along the way ensuring that the agency’s cyber defence capabilities are “fully and seamlessly integrated into Nato’s existing military capabilities.” Given the events of recent years, Russia is understandably a focus here. But with tensions in the Pacific continuing to rise, and China adamant that it’ll take possession of Taiwan one way or another, Dandurand is presumably looking eastwards too.