Professional Documents
Culture Documents
Friday, 31 CYBER SECURITY AND Dr Max Smeets (NLD) Panel lecture (90
March DEFENCE Mr Christian Lifländer min.) and Q&A (60
(EST/NATO) min.)
Mr Daniel Black
Objectives
Introduction
The European Union (EU)
The European Union (EU) has been an influential player in global politics, ever since
six European countries (Belgium, France, Germany, Italy, Luxembourg and the
Netherlands) signed the Treaty of Rome in 1957.
The EU is undoubtedly the result of a process of cooperation and integration which
began in the early 1950s. After more than 50 years and seven waves of
enlargement[1], it now has 27 members, which delegate sovereignty on issues of
mutual interest to common institutions representing the interests of the Union as a
whole.
The Brexit referendum has, on the other hand, led to a different phase for the EU,
with long-term repercussions yet to be fully grasped. On 27 February 2023, a political
agreement in principle between the European Commission and the UK government
was reached on the Windsor Framework.[2]
Some major milestones for the EU have been the Treaties of Maastricht, Amsterdam,
and Lisbon. “Maastricht” transformed the European Community into the European
Union, uniting under one roof the “three pillars” of European cooperation (the
European (Economic) Community, including the single market and, later, the euro;
the Common Foreign and Security Policy; and Justice and Home Affairs).
“Amsterdam”, building on the achievements of the Maastricht Treaty, laid down plans
to reform the EU institutions, give Europe a stronger voice in the world, and devote
more resources to employment and the rights of citizens. Finally, “Lisbon” aimed at
making the EU more democratic, efficient and transparent. The year 2009, however,
also marked a deep crisis for the EU.
The eurozone crisis resulted from a combination of complex developments, which
also brought to the fore some fundamental questions in relation to a true political
union. Additionally, the political system that should provide the blueprint for
“Bruxelles” has deliberately been left unanswered thus far.[3]
On 21 March 2022, the EU Council formally approved the Strategic Compass. The
Compass covers all aspects of the security and defence policy, and is structured
around four pillars: act, invest, partner and secure. These pillars include themes
such as the following: reinforce the EU's civilian and military CSDP (Common
Defence and Security Policy) missions and operations; develop a Foreign
Information Manipulation and Interference Toolbox; strengthen European
Defence Technological and Industrial Base; and strengthen cooperation with
strategic partners such as NATO, the UN and regional partners, including the
OSCE, AU and ASEAN. Please refer to the link in the footnote for a broader
introduction to the Strategic Compass.[4]
[4] https://www.consilium.europa.eu/en/press/press-releases/2022/03/21/a-strategic-
compass-for-a-stronger-eu-security-and-defence-in-the-next-decade/
[5] The shaping of a Common Security and Defence Policy | EEAS Website
(europa.eu)
[6] Foreign policy: aims, instruments and achievements | Fact Sheets on the
European Union | European Parliament (europa.eu)
[7] The shaping of a Common Security and Defence Policy | EEAS Website
(europa.eu)
[8]EUR-Lex - european_security_defence_policy - EN - EUR-Lex (europa.eu)
[13] ibid
[14] pesco_factsheet_2021-12.pdf (europa.eu)
[15] Denmark votes to join EU shared defense policy - CNN
[16] EU defence cooperation: Council sets conditions for third-state participation in
PESCO projects - Consilium (europa.eu); Questions & Answers: Third States’
participation in PESCO projects | EEAS Website (europa.eu)
[17] Third-country participation in EU defence (europa.eu)
[18] EU relations with Ukraine - Consilium (europa.eu)
[19] https://ec.europa.eu/info/strategy/priorities-2019-2024/stronger-europe-world/eu-
solidarity-ukraine_en
[20] Joint statement following the 24th EU-Ukraine Summit - Consilium (europa.eu)
[21] NATO - Topic: Relations with the European Union
[22] NATO - Official text: Joint Declaration on EU-NATO Cooperation by the
President of the European Council, the President of the European Commission, and
the Secretary General of the North Atlantic Treaty Organization, 10-Jan.-2023
Objectives
To provide insight, as appropriate, into major trends in technology, and to discuss the
impact of these drivers in the changing international security environment and the
impact on the future battlefield (including, inter alia, autonomous systems and
hypersonic weapons).
To discuss the weaponization of social media.
To examine current advances in Artificial Intelligence.
To discuss how NATO is adopting and adapting to EDTs, including, as appropriate,
means to improve digital resilience and how NATO should preserve its technological
edge.
Introduction
The Strategic Concept states that “Emerging and disruptive technologies bring both
opportunities and risks. They are altering the character of conflict, acquiring greater
strategic importance and becoming key arenas of global competition. Technological
primacy increasingly influences success on the battlefield.”
Recent techno-scientific developments are likely to bring new horizons to defence
issues and international security. Big data analytics, advanced computing, robotics,
Artificial Intelligence (AI), and autonomy loom large as the ground-breaking areas
that can fundamentally alter contemporary strategic affairs. Innovation and
technology are closely interlinked, and we are witnessing exponential breakthroughs
in both domains.
Algorithmic warfare-related developments deserve attention. The sudden uptrend in
big data, decades of exponential growth in computer processing capacity, as well as
cloud technology have led to the emergence of algorithmic warfare. Furthermore,
advanced cognitive applications, which depend on deep neural networks, underpin
machine learning capacity.[1] The latter is already manifest in our daily lives, such as
in certain commercial applications (for instance, the Siri voice recognition application,
Go player AlphaGo, and IBM’s Watson). Several defence research agencies,
intelligence organizations, and militaries are interested in these lucrative
technologies, eager to explore the potential of robotic warfare, autonomous lethal
systems, etc.
In this regard, one should pay attention to two crucial points to ensure a good grasp
of what is happening, and to achieve better strategic foresight.
First, whilst major military spending once fuelled research and development efforts, it
is now commercial research and development efforts in leading technologies that are
mostly spearheading breakthroughs and innovation, waiting to be transposed into the
military domain. We have already started to see commercial tech giants securing
multi-billion US dollar defence tenders.
Second, contemporary warfare takes place in dynamic and highly uncertain battle-
spaces that necessitate knowledge-based behaviour – for which human beings, at
present, have the upper hand compared to machines –, as well as the ability to
navigate through safety-critical tasks. For instance, giving complete weapons
release marge de manoeuvre to AI for a targeted killing in an urban landscape that
carries a high collateral casualty risk is still not possible.[2] Still, it is hard to rule out
such a possibility in the coming decades.
Along with advanced algorithms, new weapons systems can redefine the basic
parameters of the contemporary international security system. Drones as delivery
platforms of biological and chemical warfare agents; fast unfolding advances in life
sciences; emerging technologies; the harvesting and weaponizing of pathogens;
hypersonic weapons; space-based assets; directed energy weapons; and the sixth
generation of air warfare concepts are a few examples of technologies that can
drastically change our security and defence paradigm.
Apart from battlefield developments, cyber-enabled information operations and next-
generation political warfare are trends that should be closely monitored. While the
cyber aspects of international security studies have most frequently focused on cyber
aggression and the targeting of critical national infrastructure systems and networks,
the weaponization of information in cyber-space to target societies and their cognitive
security is a rising concern. Western democracies and digitalized, globally connected
nations are especially vulnerable in the face of this new wave of political warfare. We
need to be cognizant of how the internet is also changing war and politics.
Finally, one must pay attention to changes in the international system. Data has
become the new oil, and the geopolitics of information has become the new great
game.[3] Against this backdrop, we may expect new winners and losers in the next
phase of the information age, resembling the industrial developments of past
centuries.
Allies are determined to preserve the technological edge, and to ensure
interoperability. Following the adoption of the Emerging and Disruptive Technology
Implementation Roadmap at the 2019 London Summit in February 2021, NATO
Defence Ministers endorsed a strategy on Emerging and Disruptive Technologies to
guide NATO's development of EDT policy in specific subject areas.
In March 2021, the NATO Advisory Group on Emerging and Disruptive Technologies
issued its first annual report, identifying concrete areas for the Alliance to consider as
NATO adopts these new technologies.
At the 2021 Brussels Summit, as part of the NATO 2030 agenda, NATO Leaders
agreed to launch a civil-military Defence Innovation Accelerator for the North Atlantic
(DIANA) and to establish a NATO Innovation Fund. “On 30 June 2022, 22 Allied
countries launched NATO’s Innovation Fund, the world’s first multi-sovereign venture
capital fund. The Fund will complement DIANA, and will invest 1 billion euros in early-
stage start-ups and other venture capital funds developing dual-use emerging
technologies of priority to NATO. These include Artificial Intelligence; big-data
processing; quantum-enabled technologies; autonomy; biotechnology and human
enhancement; novel materials; energy; propulsion and space.”[4] Additionally, on 12
December 2022, the Board of Directors of DIANA agreed that energy resilience,
secure information sharing and sensing and surveillance will be the priority areas of
focus for DIANA’s work on Emerging and Disrupting Technologies (EDTs) in 2023.[5]
In October 2021, NATO Defence Ministers agreed to NATO’s Strategy on Artificial
Intelligence.[6] “Artificial Intelligence is one of the seven technological areas that
NATO Allies have prioritized for their relevance to defence.[7] On 13 October 2022,
NATO Defence Ministers agreed to establish a Review Board to govern the
responsible development and use of Artificial Intelligence (AI) and data across the
NATO Enterprise. NATO’s Data and Artificial Intelligence Review Board (DARB) met
on 7 February 2023 “to start the development of a user-friendly and responsible
Artificial Intelligence (AI) certification standard to help industries and institutions
across the Alliance make sure that new AI and data projects are in line with
international law, as well as NATO’s norms and values”[8].
Introduction
Energy security is, as applicable to a general context, the “uninterrupted availability
of energy sources at an affordable price”.[1] Access to relatively cheap energy has
become essential to the functioning of modern economies. However, the uneven
distribution of energy supplies among countries has led to significant vulnerabilities
and geopolitical tensions. International energy relations have contributed to the
globalization of the world, leading at the same time to energy security and energy
vulnerability.
Global energy use continues to grow. Availability of uninterrupted and diversified
energy sources is vital to Euro-Atlantic security, to the world economy, and to the
functioning of modern societies.
In NATO’s new Strategic Concept, Allies confirmed their determination to enhance
energy security and invest in a stable and reliable energy supply, suppliers and
sources. Allies also confirmed their ambition for NATO to become the leading
international organization when it comes to understanding and adapting to the impact
of climate change on security.
Energy security is also assessed in terms of long-term and short-term energy needs.
While the long-term approach focuses on “timely investments to supply energy in line
with economic developments and sustainable environmental needs, short-term
energy security focuses on the ability of the energy system to react promptly to
sudden changes within the supply-demand balance”.[2] The lack of energy security
could have repercussions in various domains, from the distribution of basic services
to national security. New threats to energy security emerge in the form of increased
competition for energy resources due to the accelerated pace of industrialization in
countries such as India and China, and due to the stronger impact of climate change.
The energy security outlook is under stress following the Russian invasion of
Ukraine. On 25 March 2022, the EU and the US established the Task Force on
European Energy Security in order to meet the current challenge and to support
Europe's efforts in energy security. On 3 November 2022, the EU-US Task Force on
Energy Security met in Washington to discuss implementation of the 25 March Joint
Statement.[3]
In June 2022, the EU Council adopted a sixth package of sanctions, which, inter
alia, prohibits the purchase, import or transfer of seaborne crude oil and
certain petroleum products from Russia to the EU. The restrictions apply from 5
December 2022 for crude oil and from 5 February 2023 for other refined petroleum
products[4]. Please see the link in the footnote for details, including derogations.
To meet expectations of uninterrupted availability of energy sources at affordable
prices, the security of energy supply is considered an integral part of energy security
policies. Energy supplies are exposed to several risks, including heightened political-
military tensions, disruption from supplier countries, but also to extreme weather
events, industrial hazards, terrorism and hybrid threats. Digitalization creates
significant risks as increased exposure to cyberattacks and cyber-security incidents
potentially jeopardizes the security of energy supplies and the privacy of consumer
data. Cyber-security and related challenges are evolving at a rapid pace.
Increased assertiveness regarding access to major sources of oil and gas, water
supplies and other valuable resources, combined with geopolitical
developments/tensions, heightens the potential for international conflict. Additional
projects to control the supply routes could play an important role in determining future
relations between nations.
Thanks to new technologies, new forms of energy are increasingly being utilized,
including shale gas and renewable energy sources, such as hydro, solar, wind and
biofuel. Energy security is not simply a function of energy supply, but depends on
elaborate systems of interconnected networks that are often transnational, making
energy security a global security issue. How to address the multiple challenges
posed by the evolving security environment with respect to critical energy systems
infrastructure is a major question facing nations today. On the other hand, energy
systems are increasingly owned by private companies in an ever-growing number of
countries.
The Bucharest Summit in 2008 took note of a report on “NATO’s Role in Energy
Security”, in which NATO identified principles and outlined options and
recommendations for further activities. The 2021 Brussels NATO Summit, once
again, underlined the important role that energy security plays in our common
security. Allies also adopted the NATO Climate Change and Security Action Plan.
[5] “The disruption of energy supplies could affect the security of societies in Allied
and partner nations, and have an impact on NATO's military operations. While these
issues are primarily the responsibility of national governments, NATO Allies continue
to consult each other on energy security to further develop NATO’s capacity to
contribute to energy security, concentrating on areas where it can add value. NATO
seeks to enhance its strategic awareness of energy developments with security
implications; develop its competence in supporting the protection of critical energy
infrastructure; and work towards significantly improving the energy supply for the
military”.[6]
Recently, at the Madrid Summit, the Allies declared that energy security is to be
strengthened and that reliable energy supplies to our military forces should be
ensured. Given current developments involving Ukraine and the heightened rhetoric,
energy security has once again become a prominent agenda item affecting common
security and global economic stability.
Suggestions for Committee Discussion
What are the energy-related critical challenges impacting the Allies and the Euro-
Atlantic area?
What is the relevance of energy security and energy data in estimating political and
economic developments/outcomes?
What are the alternative energy sources and their impact on the environment?
What can national defence and security institutions as well as business communities
do to protect energy systems and infrastructure?
How can climate change affect energy security?
Where are attacks on energy systems likely to come from?
What role do you think NATO should or could play in the field of energy security in
order to safeguard the security interests of the Allies?
What international policies and management instruments are needed to prevent
energy security from becoming a major source of conflict in the near future?
Cyber Security and Defence
Objectives
To analyse emerging security threats within the cyber defence domain, as well as the
impact of cyber on the security of states and on the international system.
To discuss the different strategies and response options to address cyber threats
(including, as appropriate, offensive and defensive cyber operations).
To consider how to better prepare for future cyber threats, taking account of Allied
security.
Introduction
The digital age provides vast opportunities for effective and instantaneous
communication, access to extensive data and information, and a broad range of
analytical and functional capabilities. The use of digital technology, in general, and
the internet in particular, has become part of everyday life and an indispensable tool
in performing our professional and personal activities. All these technologies are
intended to make our lives easier by providing the information we need in order to
accomplish tasks as quickly, effortlessly and effectively as possible. Cyber
capabilities are now a critical component of national power.
However, these increases in capability and access also involve risks and
vulnerabilities that cannot be ignored. The type of cyberattacks occurring recently
constantly put these vulnerabilities to the test. Many examples of such private and
government-led “attacks” on the cyber front have significant consequences for
economies and security systems. The explosion in computing power and connectivity
creates opportunities for those who wish to use the same technologies to commit
crime, conduct espionage and subvert the very organization of society. Use of the
internet to “deny access”, steal or corrupt data or destroy functionality has become
an increasing source of concern for governments, businesses and individuals across
the globe. Furthermore, controlling and regulating all aspects of “online” activity have
proved to be an impossible task even for the most powerful and technologically
sophisticated governments. Various scenarios show that cyberattacks could disrupt
essential services and thus have a substantial impact on the physical domain.
Cyber defence[1] is part of NATO’s core task of collective defence. During the
Warsaw Summit in 2016, the Allies recognized cyberspace as an operational
domain, combining land, air and sea. This will enable the Alliance to better protect its
networks, missions and operations, with a greater emphasis on cyber training and
planning. The Allies also pledged to strengthen their own cyber defences, and share
more information and best practices, as a matter of priority.
At the Brussels Summit in 2018, the Allies reaffirmed NATO’s defensive cyber
mandate and stressed their determination to employ the full range of capabilities,
including cyber, to deter, defend against, and to counter the full spectrum of cyber
threats, including those conducted as part of a hybrid campaign. At the Summit,
Allies also agreed to set up a new Cyberspace Operations Centre[2] as part of
NATO’s strengthened Command Structure. They also agreed that NATO can draw
on national cyber capabilities for operations and missions. At the Brussels Summit in
2021, Allies endorsed a new Comprehensive Cyber Defence Policy, which supports
NATO’s core tasks and overall deterrence and defence posture to further enhance
the Alliance’s resilience.
At the Madrid Summit in 2022, the Allies announced that “our cyber defences would
significantly be strengthened through enhanced civil-military cooperation, and
partnership with industry would be enhanced. Allies have decided, on a voluntary
basis and using national assets, to build and exercise a virtual rapid response cyber
capability to respond to significant malicious cyber activities. Following the Madrid
Summit, senior officials from NATO and the European Union (EU) met in mid-July
2022 to take stock of recent developments in the cyber threat landscape, and to
explore further areas of engagement on cyber defence. NATO’s 2022 Cyber Defence
Pledge Conference was held in November 2022, in Rome. Last December, NATO
also concluded its largest annual cyber defence exercise, Cyber Coalition 2022,
which involved more than 1,000 cyber defenders from 26 NATO Allies, invitees
Finland and Sweden, as well as Georgia, Ireland, Japan, Switzerland, the European
Union, and participants from industry and academia.
In recent years, the NAC issued a number of statements in relation to malicious cyber
activities. (Please refer to the links in the footnote[3].)
Suggestions for Committee Discussion
What are the critical risks and threats in the cyber domain?
Is cyberspace being militarized, and if so, to what extent? What are the implications
of this for the Allies’ and the Alliance’s security?
Is it right to speak of “cyber war” or “cyber terrorism”? How will state and non-state
actors use cyber capabilities to achieve political or economic goals (defence and
offence), and how will cyber threats and attacks influence the way in which countries
protect their national security and promote national interests?
How can cyber capabilities be made operational in a joint, multinational setting (how
can capabilities be added to the toolbox of the operational commander?), and how
can cyber capabilities be better integrated into force structures?
Can we defend ourselves when we have difficulty with attribution? What tools are
available to deter cyberattacks?
What is the overlap between information warfare, intelligence and cyber operations,
and how can cyber strengthen these fields?
How do you balance the need for government authorities to monitor cyber-based
activities for potential defence and security threats against individual citizens’
freedoms and rights?
Is it possible to define/interpret a cyberattack as an “armed attack” under Article 5?
[1] https://www.iea.org/areas-of-work/energy-security
[2] https://www.iea.org/areas-of-work/energy-security
[3] Latest meeting of the EU-US Task Force on Energy Security (europa.eu)
[4] EU sanctions against Russia explained - Consilium (europa.eu)
[5] NATO - NATO Climate Change and Security Action Plan, 14-Jun.-2021
[6] NATO - Topic: Energy security
[1] For a detailed study, see: Peter, Layton. Algorithmic Warfare, Australian Air Force
Air Power Development Centre, 2018.
[2] Artificial Intelligence and the Future of Warfare | Chatham House – International
Affairs Think Tank
[3] For a detailed work, see: GeopoliticsInformation.pdf (belfercenter.org)
[4] https://www.nato.int/cps/en/natohq/news_197494.htm
[5] NATO - News: NATO approves 2023 strategic direction for new innovation
accelerator, 12-Dec.-2022
[6] NATO - Summary of the NATO Artificial Intelligence Strategy, 22-Oct.-2021
[7] NATO - News: NATO releases first-ever strategy for Artificial Intelligence, 22-Oct.-
2021
[8] NATO - News: NATO starts work on Artificial Intelligence certification standard ,
07-Feb.-2023