NATO can’t truly defend cyberspace without private partnerships
The Ukraine war is perhaps the clearest example of the value of international cyber cooperation.
OPINION By ALEXANDER BOTTING AND PALLAVI BHARGAVA
Against the backdrop of the Russian war in Ukraine, where cyberattacks and military actions have been happening simultaneously, it was encouraging to see cybersecurity emerge as a critical focus at the 75th Annual NATO Summit. Given the digital threat to critical infrastructure across NATO countries, it’s essential for NATO to prioritize cyber defense and develop strong public-private partnerships with top security experts across the alliance.
At the summit, NATO took a solid first step toward this goal by announcing the NATO Integrated Cyber Defense Center — bringing together civilian and military personnel from across the NATO Enterprise and recruiting industry experts — as well as enhanced cooperation with the Indo-Pacific Four.
The center will utilize advanced technology to enhance situational awareness and boost collective cyber resilience, strengthen the protection of NATO and allied networks, and inform NATO commanders on possible threats and vulnerabilities in cyberspace.
The Russia-Ukraine war is the first to be regarded as a truly “hybrid war,” wherein large kinetic attacks have been accompanied, and often supported, by large cyberoperations. Before Russian troops crossed into Ukraine, Moscow launched a slew of cyberattacks against the country. However, with the help of international allies, Ukraine had been collecting information on Russia’s ongoing cyberattacks, dating back to 2014. As a result, Ukrainian systems were stronger than expected and prevented most Russian cyberattacks — neutralizing more than 3,000 Russian cyberoperations in 2023.
As Russian attacks intensified, the Ukrainian government implemented legislation enabling the migration of government data to a secure cloud environment. It completed that migration with the support of companies like AWS and Microsoft and strengthened partnerships with many leading cybersecurity companies. With such a strong Ukrainian response, Russia was forced to change its approach, and cyberattacks that were initially intended to target critical infrastructure were instead targeted toward gathering intelligence to support kinetic activities.
The impact of these partnerships shows just how effective investment in multinational, multi-stakeholder collaboration efforts can be.
While lessons from the Russia-Ukraine War continue to be identified, there are important takeaways that we can already draw from the conflict. Chiefly, Ukraine proved resilient against attempts to deliver a digital knockout blow. This was due in part to its investments in cyber resilience and in part to the difficulty of shutting down entire capabilities through digital means alone.
Ukraine’s strategy, from its initial migration of government data to a secure cloud environment to reinforcing critical infrastructure protection, heavily relied on private sector collaboration. The partnership has been integral to ensuring the resilience of Ukrainian digital infrastructure in the wake of unparalleled Russian aggression.
Furthermore, it’s clear from the war that digital espionage can effectively inform and enhance the impact of traditional offensive and defensive military activities. Russia’s use of cyberespionage against Ukraine exemplifies the value that NATO’s adversaries derive from successful espionage campaigns. The Russian group APT29 has notoriously run spear-phishing campaigns against NATO members, targeted tech companies and IT service providers to compromise government and software supply chains, and even breached executive agencies across Europe and the US numerous times. The information gleaned from these attacks directly informs Russian military activities. To limit the effectiveness of these attacks, the alliance needs to invest in and prepare cybersecurity capabilities alongside kinetic capabilities.
The Ukraine war is perhaps the clearest example of the value of international cyber cooperation.
Ukraine has received support from 45 countries since the beginning of the war, which has been a key factor in enabling them to withstand Russian aggression. International collaboration not only facilitates the pooling of resources where they are most needed, but it brings together diverse perspectives and capabilities, enabling a more complete vision of global cyber activity. For example, in late 2021, the Log4Shell zero-day threatened to put up to 93% of cloud environments at risk worldwide. Public and private actors around the world came together through a neutral forum facilitating secure, private, and quick information sharing, ultimately stopping the situation from getting detrimentally worse.
These lessons should set a clear path for NATO, especially as it should expect an increase in cyber-espionage from adversaries such as China and Russia. Members of the alliance and its IP4 partners have seen an uptick in cyberattacks since the Russian invasion of Ukraine. As tensions continue to rise in the Taiwan Strait, a similar trend can be expected.
Knowing this, NATO members must prioritize investing in the cybersecurity of critical infrastructure assets — both public and private. The resilience underscored by Ukrainians throughout the conflict should serve as a hopeful example of what the alliance is capable of achieving with vastly more resources and expertise available.
While the details of NATO Integrated Cyber Defense Center and Indo-Pacific Four collaboration have yet to be determined, the launch of these initiatives represents two steps in the right direction. NATO members must continue to shift toward a new paradigm in which they collaborate with the private sector and with each other with a greater level of trust and integration. In doing so, they can better leverage the wealth of resources sitting within their own borders.
Alexander Botting is the coordinator for the Coalition to Reduce Cyber Risk and leads the international policy work of the Cybersecurity Coalition. He also served as director for global regulatory cooperation at the US Chamber of Commerce, where he led initiatives in the areas of cybersecurity, emerging technologies, and regulatory cooperation.
Pallavi Bhargava is an intern at the Center for Cybersecurity Policy & Law and is pursuing a double major in public policy and computer science at Duke University.