.
O

ver the last thirty years, technology has rapidly advanced in both sophistication and proliferation. This has created a vast digital landscape where governments interact, militaries conduct operations, citizens access critical services, and where civil society collaborates. These opportunities in the new landscape have helped save lives, share important information across borders in real-time, and give people a voice where they may not have had one. Unfortunately, this new digital landscape has also been infiltrated and exploited by malicious state and non-state actors. 

NATO’s Cyber Challenges

While attacks on Critical Infrastructure (CI) and military installations have always been a priority for NATO, the rise of misinformation and disinformation campaigns and tactics has brought the effects of cyber malice to the doorstep of democracy. To complicate these issues further, emerging technologies, particularly Artificial Intelligence (AI) and Big Data, make combating these disinformation and misinformation attacks against democratic institutions more difficult for allies.

The challenges that NATO and the transatlantic community face today have shifted from that of decades past. The alliance can continue to evolve and innovate how it conducts actions, communicates, and interacts internally and with external partners in the new cyber world of today. A major part of this evolution involves fostering a robust and aware cyber civil society across the alliance. A vibrant civil society, especially in the digital world, is one of the major barometers of a healthy democracy.

Malicious state actors such as Russia threaten this barometer, and thus the health of democracies across the alliance. Russia’s latest aggression against Ukraine has also involved many cyber-attacks against both CI and civil society. While in Ukraine, signs of software disabling critical services such as medical care were discovered, across the alliance, Russia’s disinformation campaigns have begun in earnest. In Germany for example, there has been a sharp uptick of activity in pro-Russian websites, controlled media activity, and pro-Kremlin social media accounts. All of these tactics are aimed at swaying public opinion against Ukraine. This is an explicit attack on democracy with cyber propaganda that continues to be constant and aiming to confuse. 

NATO has made significant progress at strengthening its cybersecurity posture, both preventatively and in response to increased aggression from malicious state actors. Since its first cyber defense policy released in 2008, NATO has continued to improve how it prioritizes actions and engages in collaborations with allies. 2018 was a major milestone with the implementation of a strategy to integrate lessons from cyber effects into new operations by openly sharing between alliance members and allies. One of the most recent—and relevant to a cyber civil society—was the launch of the Defence Innovation Accelerator for the North Atlantic (DIANA) in 2021. This program brings together technology disruptors, cybersecurity innovators, end-users, and others involved in emerging technologies. It is a major step in NATO’s extending its collaboration with those outside the immediate defense sphere. This is imperative to improving cybersecurity through knowledge, understanding, and thus, prevention.

Strengthening Cyber Civil Society to Protect Democracy

Prevention is a major facet of why it is important to have a strong and active cyber civil society. There are no traditional front lines in the world of digital warfare. There are few rules of engagement and those are rarely followed by malicious actors. Outside of warfare, this applies to the democratic institutions and organizations that operate within the NATO community. NATO’s military protects its democracies from physical attack. It is the civil society of the transatlantic community that will protect its democracies from these more nebulous attacks, particularly with regard to disinformation and misinformation. 

There are several areas that NATO and its allies can begin to consider to help strengthen its cyber civil society against malicious cyber interference, just as it strengthens its borders against kinetic, conventional aggression. Focusing on these areas will drive transparency and increase knowledge across the information environment, mitigate the proliferation of disinformation, support independent monitoring of actors and tactics, and encourage collaboration and responsibility on cybersecurity across the alliance.

In the 2018 Brussels Summit Declaration, NATO declared its intent to intensify efforts to counter disinformation in addition to its work against malicious cyber activities. In NATO’s Two Track Model, “understanding the information environment” is one of the two main tracks that combats disinformation. The other being “engage.”  The first track has helped to ensure disinformation does not disrupt military operations, particularly when it comes to troop movements. NATO could leverage this same model in the civilian sphere. “Understand and Engage” provides a powerful model for real-time cyber intelligence. Although a real-time model may not be feasible, the fundamental idea will support a growing cyber civil society. 

“Understand and Engage” for Cyber Civil Society

A continued investment of resources between NATO allies and industry leaders can be used for community learning sessions. These lessons can cover best practices and safety measures around digital services and disinformation. These sessions can provide “living” (almost real-time) updated materials for civil society organizations around the alliance. NATO can leverage relationships and information from DIANA, along with additional multi-stakeholder efforts to support development of training for communities to identify and track disinformation. 

This allows for a consistent flow of information between community allies, which ensures that no one is left in the dark. This is especially relative to Ukraine as it begins reconstruction of its institutions. It strengthens the links of NATO’s cyber chain, so enemies have a harder time finding a weak area to exploit. Most importantly, it is based on key tenets of a democracy by exercising the promotion of digital accountability, transparency, and collaboration through this cyber civil society lens.

In addition to prevention, understanding and engagement also help build resilience in a cyber civil society. In NATO military terms, cyber resiliency concerns the ability to reestablish critical infrastructure and services following an attack. Again, this is important for ensuring that civil society organizations are able to function and provide their services following an attack. There is no longer a question of if you will be breached, but when. However, better understanding and more consistent engagement across allies and partners means that if an organization is targeted, allies, independent monitors, and other civil society organizations—facilitated by NATO—can ensure no permanent damage occurs. This is important to keeping the alliance’s governance institutions and supporting organizations available to those that need them, this is necessary for keeping democracy stable and strong in cyberspace.

NATO has been a global leader in the realm of cybersecurity for nearly two decades. While it continues to serve at the frontlines of the major conflict between Russia and Ukraine, it is also playing a major role in the war in cyberspace between Russia and other malicious actors. It can continue to serve in this capacity by extending its support to fostering a cyber civil society that spans across the alliance and to allies outside of it. This can serve as a model for others as well as support stronger connections and communication with external partners. A focus on prevention and resilience in developing materials and supporting collaboration across organizations is not only helpful for global democracy, but necessary for it in the digital landscape of today as well as what is on the horizon.

About
Christopher Jackson
:
Christopher Jackson is a strategic cybersecurity expert who has advised CISA, international governments, Fortune 500 companies, and nonprofits. He is also a consultant to the Community of Democracies Working Group on Democracy and Technology.
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.

a global affairs media network

www.diplomaticourier.com

Fostering a NATO Cyber Civil Society Through Prevention and Resiliency

Photo via Adobe Stock

July 7, 2023

Cyberattacks on critical infrastructure and military installations have always been a priority for NATO, but now disinformation threatens our very democratic institutions. NATO must work to foster a vibrant, resilient cyber civil society to resist these pressures, writes Christopher Jackson.

O

ver the last thirty years, technology has rapidly advanced in both sophistication and proliferation. This has created a vast digital landscape where governments interact, militaries conduct operations, citizens access critical services, and where civil society collaborates. These opportunities in the new landscape have helped save lives, share important information across borders in real-time, and give people a voice where they may not have had one. Unfortunately, this new digital landscape has also been infiltrated and exploited by malicious state and non-state actors. 

NATO’s Cyber Challenges

While attacks on Critical Infrastructure (CI) and military installations have always been a priority for NATO, the rise of misinformation and disinformation campaigns and tactics has brought the effects of cyber malice to the doorstep of democracy. To complicate these issues further, emerging technologies, particularly Artificial Intelligence (AI) and Big Data, make combating these disinformation and misinformation attacks against democratic institutions more difficult for allies.

The challenges that NATO and the transatlantic community face today have shifted from that of decades past. The alliance can continue to evolve and innovate how it conducts actions, communicates, and interacts internally and with external partners in the new cyber world of today. A major part of this evolution involves fostering a robust and aware cyber civil society across the alliance. A vibrant civil society, especially in the digital world, is one of the major barometers of a healthy democracy.

Malicious state actors such as Russia threaten this barometer, and thus the health of democracies across the alliance. Russia’s latest aggression against Ukraine has also involved many cyber-attacks against both CI and civil society. While in Ukraine, signs of software disabling critical services such as medical care were discovered, across the alliance, Russia’s disinformation campaigns have begun in earnest. In Germany for example, there has been a sharp uptick of activity in pro-Russian websites, controlled media activity, and pro-Kremlin social media accounts. All of these tactics are aimed at swaying public opinion against Ukraine. This is an explicit attack on democracy with cyber propaganda that continues to be constant and aiming to confuse. 

NATO has made significant progress at strengthening its cybersecurity posture, both preventatively and in response to increased aggression from malicious state actors. Since its first cyber defense policy released in 2008, NATO has continued to improve how it prioritizes actions and engages in collaborations with allies. 2018 was a major milestone with the implementation of a strategy to integrate lessons from cyber effects into new operations by openly sharing between alliance members and allies. One of the most recent—and relevant to a cyber civil society—was the launch of the Defence Innovation Accelerator for the North Atlantic (DIANA) in 2021. This program brings together technology disruptors, cybersecurity innovators, end-users, and others involved in emerging technologies. It is a major step in NATO’s extending its collaboration with those outside the immediate defense sphere. This is imperative to improving cybersecurity through knowledge, understanding, and thus, prevention.

Strengthening Cyber Civil Society to Protect Democracy

Prevention is a major facet of why it is important to have a strong and active cyber civil society. There are no traditional front lines in the world of digital warfare. There are few rules of engagement and those are rarely followed by malicious actors. Outside of warfare, this applies to the democratic institutions and organizations that operate within the NATO community. NATO’s military protects its democracies from physical attack. It is the civil society of the transatlantic community that will protect its democracies from these more nebulous attacks, particularly with regard to disinformation and misinformation. 

There are several areas that NATO and its allies can begin to consider to help strengthen its cyber civil society against malicious cyber interference, just as it strengthens its borders against kinetic, conventional aggression. Focusing on these areas will drive transparency and increase knowledge across the information environment, mitigate the proliferation of disinformation, support independent monitoring of actors and tactics, and encourage collaboration and responsibility on cybersecurity across the alliance.

In the 2018 Brussels Summit Declaration, NATO declared its intent to intensify efforts to counter disinformation in addition to its work against malicious cyber activities. In NATO’s Two Track Model, “understanding the information environment” is one of the two main tracks that combats disinformation. The other being “engage.”  The first track has helped to ensure disinformation does not disrupt military operations, particularly when it comes to troop movements. NATO could leverage this same model in the civilian sphere. “Understand and Engage” provides a powerful model for real-time cyber intelligence. Although a real-time model may not be feasible, the fundamental idea will support a growing cyber civil society. 

“Understand and Engage” for Cyber Civil Society

A continued investment of resources between NATO allies and industry leaders can be used for community learning sessions. These lessons can cover best practices and safety measures around digital services and disinformation. These sessions can provide “living” (almost real-time) updated materials for civil society organizations around the alliance. NATO can leverage relationships and information from DIANA, along with additional multi-stakeholder efforts to support development of training for communities to identify and track disinformation. 

This allows for a consistent flow of information between community allies, which ensures that no one is left in the dark. This is especially relative to Ukraine as it begins reconstruction of its institutions. It strengthens the links of NATO’s cyber chain, so enemies have a harder time finding a weak area to exploit. Most importantly, it is based on key tenets of a democracy by exercising the promotion of digital accountability, transparency, and collaboration through this cyber civil society lens.

In addition to prevention, understanding and engagement also help build resilience in a cyber civil society. In NATO military terms, cyber resiliency concerns the ability to reestablish critical infrastructure and services following an attack. Again, this is important for ensuring that civil society organizations are able to function and provide their services following an attack. There is no longer a question of if you will be breached, but when. However, better understanding and more consistent engagement across allies and partners means that if an organization is targeted, allies, independent monitors, and other civil society organizations—facilitated by NATO—can ensure no permanent damage occurs. This is important to keeping the alliance’s governance institutions and supporting organizations available to those that need them, this is necessary for keeping democracy stable and strong in cyberspace.

NATO has been a global leader in the realm of cybersecurity for nearly two decades. While it continues to serve at the frontlines of the major conflict between Russia and Ukraine, it is also playing a major role in the war in cyberspace between Russia and other malicious actors. It can continue to serve in this capacity by extending its support to fostering a cyber civil society that spans across the alliance and to allies outside of it. This can serve as a model for others as well as support stronger connections and communication with external partners. A focus on prevention and resilience in developing materials and supporting collaboration across organizations is not only helpful for global democracy, but necessary for it in the digital landscape of today as well as what is on the horizon.

About
Christopher Jackson
:
Christopher Jackson is a strategic cybersecurity expert who has advised CISA, international governments, Fortune 500 companies, and nonprofits. He is also a consultant to the Community of Democracies Working Group on Democracy and Technology.
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.