Q3/2018 - NATO Summit
Next to the increase in contributions to NATO demanded by the USA, the issue of cyber security was one of the focal topics at the NATO summit meeting held in Brussels on 11 and 12 July 2018. Based on the resolutions of Cardiff (2015) and Warsaw (2016), it was confirmed that "cyber" now represented the so-called 5th dimension (alongside land, air, sea and space) of possible warfare. In order to build up the necessary defence against attacks by corresponding opponents, considerably greater efforts would be required than before.
It was decided to expand the "NATO Cyber Operations Center". The "Cyber Defence Pledge" shall be further enhanced with the aim to strengthen one's own defence capability and to increase the "costs" for cyber attackers for effective deterrence. The increased sensitivity of the NATO Heads of State and Government is reflected in the final communiqué, which states that "cyber threats to the security of the Alliance are becoming more frequent, complex, destructive, and coercive".
In the UN, the discussion as to whether a cyber attack is a use of force of the kind prohibited by international law (Article 2 of the UN Charter) and thus legitimises the attacked state to make use of the right to self-defence (Article 51 of the UN Charter) has not led to any clarifying result so far. In NATO, the discussion focusses on the question if a cyber attack on a member of NATO will trigger action due to the obligation of mutual defence assistance enshrined in Article 5 of the NATO Treaty. At the NATO summit, the attendants widely agreed that a cyber attack on a NATO partner must be seen as an attack on NATO as a whole. However, as reported in an article in the Financial Times, NATO Secretary General Stoltenberg had left it open in an interview on the eve of the NATO summit in Brussels, when exactly a cyber attack on a NATO member is to be considered a military attack within the meaning of Article 2 of the UN Charter. Stoltenberg argued that a precise definition of this borderline could be misinterpreted by potential attackers and seen as an invitation to program cyber attacks that were just below the defined threshold to war..