Monday, September 1, 2014

Avast Ye, NATO Summit Ahead

Even though today is a holiday, we are seeing heaps of pre-NATO summit announcements.  I have already written up a post for CIC that addresses how this summitry stuff tends to work, so I am just going to post here on and off about the various announcements.

Right now, the big stories are cyber and NATO Rapid Reaction Force.  NATO apparently has now developed a position that a cyber attack might be considered to be Article V-worthy.  That is, that a cyber attack on a member might lead to the invoking of Article V--an attack upon one is equal to an attack up on all. 

As the stories on this indicate, NATO tried this in 2010 but didn't get consensus.  Now, there is consensus.  Why?  Much has changed (although the reactions to Snowden stuff pushes in the opposite direction), but most notably Russia used cyber attacks against Ukraine so that it could perform the fait accompli in Crimea.  This could happen to Estonia or Latvia or Lithuania.  Or anyone else.  So, the idea here is to provide some deterrence--that any significant cyber attack could lead to ... war.  Not just cyber war but war war.  Bloodshed and all that.  This means that the cost of initiating a cyber attack against a NATO member must now include some probability that NATO might get involved both on the cyber battlefield and the ordinary battlefield. 

To be clear, NATO would need to get consensus to invoke Article V.  That is, there is no automaticity.  There would be a meeting and countries would go along or they might oppose.  Even if Article V is invoked, this would NOT require anyone to do anything.  Article V says that if an attack happens, "each country would respond as each deems necessary."  Participation is purely voluntary although non-participation may be costly via offending heaps of NATO countries.  Everyone showed up to some degree in Afghanistan, about half in Libya--Article V vs. not Article V.

The article on this indicated that there is no NATO cyber attack capability either to impose costs on the attacker or to stop the computers engaged in the attack.  This should not be surprising because there are few genuinely NATO capabilities.  The most significant NATO capability are the AWACs planes that help to monitor airspace.  Everything else that goes into a NATO fight in the Balkans, in Afghanistan, over Libya or at sea are national units under NATO command.  They are still ultimately controlled by their home countries with officers in positions to veto how these units are deployed--that these officers hold "red cards" that can be deployed "no, we will not do that."  So, there is no NATO cyber capability, but the US, the UK, Germany and others have capabilities that can be used in a cyber fight. 

This also relates to the NATO Rapid Reaction Force that is being discussed.  I have no clue as to how this will work unless countries actually give up national control of the units they contribute to this force.  This would be pretty hard for some countries and unconstitutional for others.  So, are only the less restricted/nearly caveat free allowed to contribute to the Rapid Reaction Force?  Hmmm.

More NATO news and my rapid and often not completely informed reactions to come this week.

No comments: