NATO might trigger Article 5 for certain cyberattacks [CyCon Tallinn] TALLINN, Estonia — NATO will not rule out invoking Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure. NATO officials told delegates at the International Conference on Cyber Conflict, or CyCon, in Estonia that the Western alliance would deliver a robust response in the event of a serious and prolonged attack on a member state in cyberspace. Article 5 provides for a united response by NATO states should a member nation come under attack. Estonia came under a series of coordinated denial-of-service attacks in 2007 that caused serious disruption to state IT infrastructure, including military networks. The cyberattack also targeted online platforms run by the country’s leading banks, denying customers access to their accounts and basic services. “Although many of the cyberattacks that we see fall below a level in their seriousness that could trigger NATO’s Article 5, it is plausible that a cyberspace event of great magnitude could take place that might lead to the triggering of Article 5 in special circumstances,” said Catherine Lotrionte, director of CyberProject at Georgetown University. The special circumstances that could trigger Article 5 would need to be at a substantially higher threat and risk level than propaganda of social media intrusions, Lotrionte said. “Most attacks in cyberspace use no force. We would need to have a legal threshold for such threat situations, but the triggering of Article 5 is a real possibility. There are other issues, like time factors. A grave threat would need to be current, and not an event that happened years ago,” she added. NATO would take a very different and offensive posture if a cyberattack event on the scale of that launched against Estonia in 2007 were to happen now, said Brig. Gen. Christos Athanasiadis, assistant chief of staff cyber at NATO’s Supreme Headquarters Allied Power Europe. Estonia’s national intelligence services, including the military branch, suspected that the cyberattack on critical IT infrastructure was launched from Russia and potentially had state backing. Article 5, according to Athanasiadis, exists to assure all NATO states that they can rely on support from fellow members should they become the subject of an aggressive attack that threatens to undermine their national security. Article 5 could be activated in certain situations if deliberately hostile attacks against a NATO member state happened within a cyberwar scenario, he said. “We would have rules of engagement. There would be a strong cyber or conventional response if what happened to Estonia were to take place now. We want to develop a strong early-warning capability. We must develop capacities that also serve as a deterrent to aggressors out there,” Athanasiadis said.