NATO’s Cyber Approach Needs Change

https://www.lawfaremedia.org/article/nato’s-cyber-approach-needs-change

Publish Date: 2026-06-05 08:39:00

Source Domain: www.lawfaremedia.org

NATO’s Cyber Approach Needs Change

Last week, The Grugq and I traveled to Estonia for CyCon, NATO CCDCOE’s conference on Cyber Conflict. Our biggest takeaway from the conversations we had there is that NATO, unsurprisingly, is well prepared for one-off, large-scale military attacks. But it is failing to counter small, unremitting cyberattacks, and this needs to change.

NATO was created to deter the Soviet Union from military aggression. It still defines itself as a defensive alliance that can deliver a “resounding response” in the event of an unlikely but devastating Russian military attack.

Russian cyber operations, however, are continuous and conducted well below the threshold of armed conflict. Individual operations just aren’t damaging enough to attract a robust response. These continuous aggressive incursions are favored by states like Russia and China as a way to harass their adversaries during peacetime.

The Americans think the right way to respond to cyber campaigns is “persistent engagement.” U.S. Cyber Command says that under this framework “cyber operators constantly work to intercept and halt cyber threats, degrade the capabilities and networks of adversaries, and continuously strengthen the cybersecurity of the Department of Defense.”

That’s pretty much the opposite of NATO’s prepare-to-strike-back-decisively paradigm.

Russia is taking advantage of this gap, sprinkling some cyber elements into its EU-focused sabotage campaign. The campaign has resulted in real-world effects like fires at defense manufacturing plants and assassination plots. Despite the limited role of cyber operations in these attacks, the overwhelming vibe we got during CyCon was that NATO knows it must get better at contesting Russian cyber activities. It also knows it should respond with its own cyber operations.

One option here is for NATO to run more “hunt forward” operations in member states and to make this activity less U.S.-centric. In these operations, a…

Source

NATO’s Cyber Approach Needs Change

https://www.lawfaremedia.org/article/nato’s-cyber-approach-needs-change

Publish Date: 2026-06-05 08:39:00

Source Domain: www.lawfaremedia.org

NATO’s Cyber Approach Needs Change

Last week, The Grugq and I traveled to Estonia for CyCon, NATO CCDCOE’s conference on Cyber Conflict. Our biggest takeaway from the conversations we had there is that NATO, unsurprisingly, is well prepared for one-off, large-scale military attacks. But it is failing to counter small, unremitting cyberattacks, and this needs to change.

NATO was created to deter the Soviet Union from military aggression. It still defines itself as a defensive alliance that can deliver a “resounding response” in the event of an unlikely but devastating Russian military attack.

Russian cyber operations, however, are continuous and conducted well below the threshold of armed conflict. Individual operations just aren’t damaging enough to attract a robust response. These continuous aggressive incursions are favored by states like Russia and China as a way to harass their adversaries during peacetime.

The Americans think the right way to respond to cyber campaigns is “persistent engagement.” U.S. Cyber Command says that under this framework “cyber operators constantly work to intercept and halt cyber threats, degrade the capabilities and networks of adversaries, and continuously strengthen the cybersecurity of the Department of Defense.”

That’s pretty much the opposite of NATO’s prepare-to-strike-back-decisively paradigm.

Russia is taking advantage of this gap, sprinkling some cyber elements into its EU-focused sabotage campaign. The campaign has resulted in real-world effects like fires at defense manufacturing plants and assassination plots. Despite the limited role of cyber operations in these attacks, the overwhelming vibe we got during CyCon was that NATO knows it must get better at contesting Russian cyber activities. It also knows it should respond with its own cyber operations.

One option here is for NATO to run more “hunt forward” operations in member states and to make this activity less U.S.-centric. In these operations, a…

Source