Canada and Nato attempt to define threshold for cyber-attack response

News by Roi Perez

Amidst a Russian war of intelligence and influence, the Canadian military considers what defines a cyber-attack under the Nato agreement and when it should call in help of other countries.

Ahead of a 450-soldier Canadian-led Nato deployment to Latvia, military planners in the country are reportedly sending a contingent of cyber-warriors to fend off Russian sabre-rattling in the region, according to CBC News.  

Brigadier-general Paul Rutherford, commander of the Canadian military's Joint Forces Cyber-Component, told CBC that the decision was made to help respond to attacks which target civilians, rather than government infrastructure, similar to the attack on government agencies and banks in Estonia in 2007.

It is unclear, however, how far they will be able to act when countering cyber and information warfare threats coming from Russia.

Rutherford confirmed that his country's cyber rules of engagement are still "under development”, and added that there is no intention on Nato's or Canada's part to conduct offensive online operations against hackers, state-sponsored or otherwise.

The uncertainty surrounds Article 5 of the NATO agreement, which triggers the alliance's self-defence clause. Defining exactly what dictates a “significant cyber-attack” and when response moves from the online to the real world is still a matter of debate.

The situation isn't helped by the notion that the West is currently engaged in undeclared cyber-warfare with Russian hackers on an almost daily basis.

Ewan Lawson, senior research fellow at the Royal United Services Institute, told SC Media UK the conditions around the triggering of Article 5 have been rehearsed extensively.

“Article 5 is effectively the trigger for collective defence and the idea that an attack on one state is considered an attack on all. Clearly the issue of what constitutes an attack in and through cyber-space that crosses the threshold (which is not defined beyond being an armed attack) is difficult to define and is coupled with the problem of attribution,” Lawson said.

“However, it is possible to consider circumstances which involved a loss of life that might be sufficient. Much less talked about is Article 4 which allows states to bring issues of security concern to Nato's attention even if only to discuss a collective response.”

CBC reports that Anthony Seaboyer, the director of the Centre for Security, Armed Forces and Society at the Royal Military College in Kingston, Ontario, said that “the most likely form of attack Canadians will face in Latvia will come from the internet”.

Seaboyer said there's good reason for the hesitation on the part of Canadian and Nato officials, as hackers can launch cyber-attacks off laptops anywhere in the world, cover their tracks and create a haze of deniability.  

"You can find the IP address, but how do you prove who was operating the computer at the time?" Seaboyer said. "How do you prove who paid the person who was behind the attack? They don't leave their CVs, or a card, for you to know who has hacked."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews