This paper defines a framework for a coherent NATO cyber strategy, led by the U.S., which would build on the transatlantic alliance to forge a stronger platform for cyber cooperation and cyber defense.
Washington has taken the lead in promoting several important NATO initiatives, such as defining effective nuclear and counterterrorism strategies and establishing the Enhanced Forward Presence at the eastern frontier of the alliance. However, American leadership has been less focused and robust in promoting the alliance’s cyber agenda. The United Kingdom and other European allies championed important developments first. These included linking cyber to NATO’s core task of collective defense and recognizing cyber as a domain of military operations. Decisive U.S. support came only later in the process.
Today, unprecedented state-sponsored cyberattacks are targeting critical infrastructure and democratic institutions. Their increasing use in crisis environments and hybrid warfare highlights the need for NATO to do much more to bolster its cyber-defense capabilities as follows:
1. Define cyber defense as a top strategic priority for NATO members.
2. Promote a comprehensive, cross-domain strategy to deter cyberattacks.
3. Accelerate implementation of the cyber operational-domain roadmap.
4. Improve situational awareness within NATO by creating a joint cyber situational awareness and attribution platform.
5. Develop cyber capabilities faster, including creating a more flexible procurement process for IT.
6. Make better use of NATO as a political platform. In cyber-related crisis situations, utilize NATO for consultation, strategic communications, decisions on joint response, and collective defense and deterrence.
7. Use NATO’s institutional assets to address the tremendous need for skills and talent in
8. Support stronger cyber partnerships with trusted non-NATO partners.
As with past NATO challenges, robust U.S. leadership and cooperation with allies will be indispensable to timely and successful implementation of these key priorities.