Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official.
The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers on Wednesday and Thursday.
Katie Wheelbarger, the principal deputy assistant defense secretary for international security affairs, said the U.S. is committing to use offensive and defensive cyber operations for NATO allies, but America will maintain control over its own personnel and capabilities.
The decision comes on the heels of the NATO summit in July, when members agreed to allow the alliance to use cyber capabilities that are provided voluntarily by allies to protect networks and respond to cyberattacks. It reflects growing concerns by the U.S. and its allies over Moscow’s use of cyber operations to influence elections in America and elsewhere.
“Russia is constantly pushing its cyber and information operations,” said Wheelbarger, adding that this is a way for the U.S. to show its continued commitment to NATO.
NATO Secretary-General Jens Stoltenberg told reporters on Wednesday that the inclusion of offensive cyber operations in alliance missions “is just one of many elements in our strengthened NATO cyber defenses.” And he said that it’s important to have cyber capabilities that can be used against the Islamic State group to destroy the networks they use for recruiting, financing and communicating.
He said that Britain and Denmark have also agreed to make cyber contributions to NATO and he expects other allies will follow.
“We have seen an increasing number of cyber-attacks. They are more frequent, they are more sophisticated,” Stoltenberg said. “We see cyber being used to meddle in domestic political processes, attacks against critical infrastructure. Cyber will be an integral part of any future military conflict.”
Wheelbarger told reporters traveling to NATO with Mattis that the move is a signal to other nations that NATO is prepared to counter cyberattacks waged against the alliance or its members.
Much like America’s nuclear capabilities, the formal declaration of cyber support can help serve as a military deterrent to other nations and adversaries.
The U.S. has, for some time, considered cyber as a warfighting domain, much like air, sea, space and ground operations. In recent weeks the Pentagon released a new cybersecurity strategy that maps out a more aggressive use of military cyber capabilities. And it specifically calls out Russia and China for their use of cyberattacks.
China, it said, has been “persistently” stealing data from the public and private sector to gain an economic advantage. And it said Russia has used cyber information operations to “influence our population and challenge our diplomatic processes.” U.S. officials have repeatedly accused Moscow of interfering in the 2016 elections, including through online social media.
“We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of a crisis or conflict,” the new strategy states, adding that the U.S. is prepared to use cyberwarfare along with other military weapons against its enemies when needed, including to counter malicious cyber activities targeting the country.
The document adds that the Pentagon will “work to strengthen the capacity” of allies and partners.
NATO has moved cautiously on offensive cyber capabilities. At the Warsaw Summit in 2016, allies recognized cyberspace as a warfighting domain. It has said that a computer-based attack on an ally would trigger NATO’s commitment to defend its members. And last year the alliance agreed to create a new cyber operations center. But the focus has always been on defending NATO networks and those of its members, not offensive cyberwar.
NATO Secretary-General Jens Stoltenberg said on Tuesday that the defense ministers will have a working session this week to address cyber and other risks, and how allies can cooperate to counter such threats. He did not provide details.