- By Joshua Keating
Joshua Keating was an associate editor at Foreign Policy
Next month, NATO is due to release a new "strategic concept" strategy document. But according to EU Observer, the drafting of the document has been held up by a disagreement between the U.S. and Europe over the concept of "active" cyberdefense:
"Active cyberdefence is a very sensitive topic. Many experts have brought it up, that in order to have defence, you need some offence as well. I would be very surprised if Nato at 28 will find consensus to include it," a diplomat from one of the Baltic states said.
Following attacks in 2008 on its "classified military network" the Pentagon established a new cyber-command, making "active cyberdefence" one of its policy pillars, US deputy secretary of defence William J. Lynn said on 15 September in Brussels at an event hosted by the Security and Defence Agenda think-tank.
The US cyber-command goes beyond the passive "Maginot Line" mentality of the past, he explained. Passive defence systems are sufficient to meet 80 percent of attacks. But the other 20 percent need active systems, such as sensors that operate at network speed to detect and block intrusions.
Against this background, Mr Lynn in September called for "collective defence" – the core principle of the alliance – to be applied to computer networks. "The Cold War concepts of shared warning apply in the 21st century to cyber security. Just as our air defences, our missile defences have been linked so too do our cyber defences need to be linked as well," he said.
European allies are keen to protect themselves against Estonia-type cyber strikes (which saw bank and government websites paralysed in 2007). But they are showing little appetite for US-model "pre-emptive cyber-strikes" on hostile countries or organisations.
The argument takes place against the backdrop of suspicion that the United States was behind the "Stuxnet" computer worm, which may have targeted Iran’s nuclear infrastructure.