By James Pearson and Jonathan Landay
LONDON/WASHINGTON (Reuters) – A cyberattack on a NATO member state could trigger Article 5, its collective defence clause, a NATO official said on Monday, amid concerns that chaos in cyberspace around Russia’s invasion of Ukraine could spill over into other territories.
NATO has for years made clear that a serious cyberattack could trigger the clause, but such a scenario has so far been largely hypothetical.
“Allies also recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as an armed attack,” the official told Reuters.
“We will not speculate on how serious a cyberattack would have to be in order to trigger a collective response. Any response could include diplomatic and economic sanctions, cyber measures, or even conventional forces, depending on the nature of the attack,” the official said.
Whether or not a cyberattack met the threshold of an attack large enough to trigger Article 5 was a “political decision for NATO Allies to make,” they added.
Britain and the United States have warned of potential cyberattacks on Ukraine which could have international consequences should, for example, malicious software designed to target networks in Ukraine start to spread elsewhere.
There has also been concern among cybersecurity experts that Russia could team up with some of the gangs and malicious actors that release malicious software such as the malware which held the Colonial Pipeline to ransom in the United States last year.
U.S. Senate Intelligence Committee Chairman Mark Warner said there were no clear guidelines on how NATO should respond, should such an attack take place.
“These are things that have been in hypothetical discussion for a decade, but because we’ve not come to any universal conclusion on what those standards should be, what level of attribution is needed, we’re kind of in a very grey area,” he told Reuters.
“The West may have wanted strategic ambiguity in this area, and that may still be the right choice,” he added.
“But have we sufficiently made clear to the Russians the red lines on cyber or frankly to the NATO public, the American public, on red lines on cyber? I don’t think we’ve done that.”
(Reporting by James Pearson in London and Jonathan Landay in Washington)
