NATO is working on a “special doctrine” for cyber operations and taking steps to help member states bolster their cyber defenses, an official said Monday.

Merle Maigre, who directs a NATO-affiliated cyber center headquartered in Tallin, Estonia, outlined the alliance’s multi-pronged efforts on cybersecurity during an appearance at the Center for Strategic and International Studies in Washington, D.C.

ADVERTISEMENT

“NATO is currently on its way to come to a better understanding and develop its thinking [of] how cyber defense is better reflected in both policy planning and military planning,” Maigre said. “NATO is developing a special doctrine for cyber operations. NATO’s center in Tallinn is the custodian for the doctrine.”

The alliance is also looking to provide better training for member states in cybersecurity, she said, which the Cooperative Cyber Defence Centre of Excellence in Tallinn is helping support.

Maigre added that the alliance is also focused on building “resilience” among member states so they can better protect their systems.

“Where NATO is currently going is helping the allies to build resilience, providing a framework for member states to have a better understanding of ... their critical information protection, how these systems are being developed and who is responsible for that,” Maigre explained.

NATO has been increasingly focused on cybersecurity as threats have compounded in recent years. At the Warsaw summit last year, alliance members recognized cyberspace as a domain of operations. The alliance also recognizes cyber defense as a core part of its collective defense efforts.

NATO Secretary-General Jens Stoltenberg has also said that a cyberattack could trigger the Article 5 principle of collective defense, which declares an attack on one ally is an attack on all.

Maigre was asked Monday what cyber incidents, in particular, could trigger Article 5. Maigre did not offer up a specific example, instead stressing, “there’s nothing automatic about Article 5.”

“Article 5 requires North Atlantic Council, be it at the level of ambassadors, ministers or head of states and governments, to gather and make a decision, and that applies also to any country bombing other country," Maigre said.

“It needs to be a consensus-based decision,” she later added. “No one can be against it.”

Tanel Sepp, a cyber official at Estonia’s defense ministry, explained that an invocation of Article 5 would depend on the type of cyberattack. The principle has been invoked only one time, following the Sept. 11 terrorist attacks against the United States.

“It is always and will always be a question of effects,” Sepp said. “What kind of attack are we talking about and what is impacted.”

The event in Washington reflected on a series of cyberattacks that hit Estonia in 2007 which authorities have pinned on Russia.

--This report was updated on Nov. 7 at 7:12 a.m.