NATO reflects on cyberspace – part 1

An exclusive report from a NATO TIDE Sprint meeting in Saint-Malo

 

On the café terraces crowded with holidaymakers this first week of the Easter holidays, the men in darks suit and ties chatting in English were rather out of place in the bright sunshine of Saint-Malo on France’s Britanny coast. Only those with knowledge of NATO who might have overheard the frequent references to “Norfolk”, might have understood that not far away from the historic walled city was being held a high-level meeting of a NATO Think-tank for Information Decision and Execution Superiority (TIDE). For security reasons attendees were strictly forbidden from wearing uniform or their passes once passed the door of the congress centre and were asked not to make any mention of the event on Facebook or other social media. Hence the reason why I’m only writing about it now, a good few days after the end of the meeting.

Welcome panel for the 29th TIDE Sprint (Photo credit: Christina Mackenzie)

 

Let’s step back a moment: back in June 2016 at its Warsaw summit NATO decided that cyberspace should be “a domain of operations in which NATO must defend itself as effectively as it does on land, in the air and at sea.” The Atlantic Alliance is thus reviewing not only its doctrines but also how its 28 member countries can act together in this new domain. So while cyberdefence is far from being the only topic discussed at the TIDE Sprint sessions (described as the “beginning of the technological journey”) organised by NATO twice a year, in spring in Europe and in the autumn in the United States, it was clearly the main subject of the meeting held between 3 and 7 April for the first time in France.

We must develop norms and confidence-building measures to foster a more stable cyberspace for the international community,” said German Admiral Manfred Nielson, Deputy NATO Allied Command Transformation, at the 4 April plenary session. “This will improve our ability to conduct operations in our traditional domains,” he added. However, as Lt-General Dominique-Marie Pinel, Deputy for Transformation-Interoperability in the Strategy Directorate of France’s DGA procurement agency, had stressed the previous day, “the solutions need to be easy to use because battlefield situations are not like labs.

Nielson explained to his audience of about 300 experts that on December 6, NATO and the European Union adopted a dozen or so measures to cope with the fight against hybrid threats and agreed to participate together in a number of exercises, whilst in February the defence ministers approved a 36-month roadmap divided into 12-month phases. “But the processes are slow,” he acknowledged, “and we are limited by financial considerations.” And the fact is, as Colonel François-Régis Boulvert, Head Section NNEC & Plan at NATO ACT, pointed out: “Every nation is its own master in this field and muddles along as best it can, but when you are on exercise, this doesnt work.

According to Nielson, the Alliance faces two major challenges: first, it must find the right balance between the cyber efforts made by the nations – and the extent to which they will unveil their cyber portfolios – and those made by the Alliance. And secondly it must work in the application of the rule of law, in legislative frameworks that were not designed to take into account the specificities of cyberspace.

He added that there are three urgent issues to be addressed: firstly, “is NATO really the right place to deal with this cyber problem because its processes are slow and not very agile?” The second is “are we ready to embrace uncertainty?” And the third is “are we anticipating the threat correctly?

…come back tomorrow for part 2.