Dealing with (cyber) war. Last year’s Cyber Defence Pledge event, held in Tallinn, was very different from this year’s version, held two weeks ago in Rome. “We now have an actual war, which is also a cyber war going on in Europe,” said David van Weel, Assistant Secretary-General for Emerging Security Challenges at NATO, in an exclusive interview with our sister site Formiche.net. Here’s a selection of extracts, lightly edited for the sake of clarity and readability.
Lessons from Ukraine: “Preparation helps. It ties into resilience. We, as NATO and others, have been assisting Ukraine in several fields, including cyber-defence, since 2014. And all those efforts have made Ukraine a well-prepared country to defend itself against cyber attacks. So we need to prepare while we can because once the war in cyber breaks out, you will be very busy recovering your networks.”
- The private sector “plays an enormous role in cyberspace and in helping to keep networks up and running.” Mr van Weel cited Microsoft’s role in keeping Ukraine’s data safe and Starlink’s in keeping communications up and running even as the device network was taken down at the beginning of the war. “We need to be closer to the private sector. We must engage them in our cyber defences and be ready for that,” he added.
- “We need to be ready to help each other. And although it is not always possible to physically go to other allies and help, there’s a lot that can be done virtually. So those are a few things we’ll be working on after the conference in Rome, in the run-up to the next summit.”
On secrecy versus information access. “There are complications when it comes down to clearances or secret information. Of course, as governments and intergovernmental organizations, we have access to secret and classified information that can’t be shared one-on-one with the private sector. On the other hand, we see that the private sector also has a lot of pieces in the puzzle when it comes down to detecting attacks or noticing malware on the system. So the challenge, I think, is to find a modus operandi that allows us to share information as far as we can. But also get information from the private sector that helps us fend off attacks.”
On Russia and China. “We know that we’ve seen several attacks that Allies have attributed not only to Russia but also to China, most recently, the Microsoft Exchange Server hack. Those are all serious. And so at NATO, we take them very seriously as well, but I can’t go into the details of the differences between the two actors.”
On the importance of values. “Our values and norms separate us from our competitors and adversaries. But modern-day technology values also determine how technology works and whether it works to our benefit or our detriment. That is why our nations are all engaged in legislation on artificial intelligence and data sharing. We feel it is very, very important that the innovators that will work for NATO know that technology will be used in a trusted way. Our operators deserve to know that the technology we will give them operates in line with our values. And last but not least, we also need to show the public that we are trusted users of new technology and, therefore, a force for good instead of evil. So for all those reasons, we’re working very hard to delineate what we find responsible use of new technologies.”
On the future of cyber NATO. “I’m optimistic for the future because everybody realizes the chain is as strong as the weakest link. And in cyberspace, that, too, counts. So we all need to do our best to ensure that we’re equally well-protected against intruders on our networks. And that doesn’t only count for our defence and NATO networks but also our critical infrastructure, which is very much digitally based. This needs to be part of our resilience efforts, as we see now in Ukraine, where the energy networks are being attacked physically and in cyberspace.”