Cyber Alliances: Collective Defense Becomes Central To Securing Networks, Data

September 19, 2014

Loren Thompson

When the North Atlantic Treaty Organization — NATO — wrapped up its summit in Wales earlier this month, the member-states issued a lengthy communique expressing solidarity on major defense challenges. One of the challenges mentioned was cybersecurity. The alliance stated that “cyber defence is part of NATO’s core task of collective defence,” presenting concerns so severe that they might lead to invocation of Article Five of the North Atlantic Treaty — the article calling on all members to come to the defense of a threatened nation. The communique went on to stress that “strong partnerships play a key role in addressing cyber threats and risks,” and committed alliance members to intensified cooperation in pursuit of integrated solutions.

It isn’t hard to see why NATO is worried about threats in cyberspace, given Russia’s recent use of on-line attacks against Ukraine and other countries in a style of combat that has come to be called “hybrid warfare.” However, a report by the Pentagon’s prestigious Defense Science Board released last year suggests that the cyber challenge reaches far beyond the use of botnets and distributed denial-of-service tactics. Describing the extensive vulnerability of U.S. military forces to cyber assault, the report then observed,

The impact of a destructive cyber attack on the civilian population would be even greater with no electricity, money, communications, TV, radio or fuel (electrically pumped). In a short time, food and medicine distribution systems would be ineffective; transportation would fail or become so chaotic as to be useless. Law enforcement, medical staff, and emergency personnel capabilities could be expected to be barely functional in the short term and dysfunctional over sustained periods.

These sustained periods, the science board stated, might last “months or years” as government and industry sought to rebuild damaged infrastructure — a possibility that led the panel to compare the specter of state-sponsored cyber attacks to the threat of nuclear war. So if you think that 56 million payment cards being compromised at Home Depot HD -0.37% is about as bad as cyber threats can get, think again. Civilians and soldiers alike have hardly begun to experience how destructive the coming age of information warfare is going to be.

But like NATO, private industry is beginning to grasp the challenge. And also like NATO, industry has begun to embrace the value of collective defense in meeting that challenge. Earlier this month, McAfee and Symantec SYMC -0.33% — the nation’s two biggest cybersecurity firms — agreed to join a Cyber Threat Alliance founded in May by Fortinet Fortinet and Palo Alto Networks PANW +1.24%. The goal of the new consortium, quoting a white paper it issued, is “to disperse threat intelligence on advanced adversaries across all member organizations to raise the overall situational awareness in order to better protect their organizations and their customers.”