NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in cooperation with King’s College London and William & Mary, has published a new e-book ‘Cyber Threats and NATO 2030: Horizon Scanning and Analysis’, edited by A. Ertan, K. Floyd, P. Pernik, Tim Stevens.
The book includes 13 chapters that look ahead to how NATO can best address the cyber threats, as well as opportunities and challenges from emerging and disruptive technologies in the cyber domain over the next decade.
The present volume addresses these conceptual and practical requirements and contributes constructively to the NATO 2030 discussions. The book is arranged in five short parts, beginning with ‘Cyberspace Adversaries and NATO’s Response’. This part opens with two papers on Russian internet and cyber capacity. Juha Kukkola explores the strategic implications of Russian plans for a closed national network, identifying defensive and offensive advantages for Russia in the structural asymmetries thereby promoted. Joe Cheravitch and Bilyana Lilly draw attention to the constraints on Russian cyber capacity caused by domestic recruitment and resourcing issues and suggest how NATO might be able to leverage these limitations for its own cybersecurity objectives. Martin C. Libicki and Olesya Tkacheva offer a novel perspective on cyber conflict with an adversary like Russia, analysing the possibilities for horizontal escalation into other domains as well as in-domain vertical escalation, and the consequences for NATO doctrine and risk management.
Part two, ‘New Technologies and NATO’s Response’, opens with a chapter on 5G by Luiz A. DaSilva, Jeffrey H. Reed, Sachin Shetty, Jerry Park, Duminda Wijsekera and Haining Wang. The authors propose a series of measures that NATO and its partners can implement to secure 5G technologies and their supply chains, including forms of risk management, standardisation and certification that will maximise the military and social benefits of this new generation of mobile systems. Using an extensive horizon-scanning database, Jacopo Bellasio and Erik Silfversten identify a range of new and emerging technologies likely to shape the future cyber threat landscape and propose ways in which NATO can prepare for and adapt to these eventualities. Simona R. Soare and Joe Burton demonstrate the vulnerabilities of hyperconnectivity through the hypothetical scenario of a smart city under concerted cyber attack, drawing out the lessons NATO must learn about the relationship between local and supranational security under hi-tech conditions.
Part three, ‘Warfighting, the Cyber Domain and NATO’s Response’, contains two chapters concerned with Multi-Domain Operations (MDO), the warfighting concept being adopted across NATO. James Black and Alice Lynch explore the implications of MDO’s networked dependencies and how adversaries are hoping to exploit these, proposing that NATO needs to better understand the interplay of external threats and internal vulnerabilities to combat cyber threats to multi-domain activities. Franz-Stefan Gady and Alexander Stronell conduct a comparative analysis of NATO Allies’ integration of cyber capabilities with kinetic operations in MDO and offer proposals for improving NATO performance in a future high-intensity conflict with a near-peer competitor.
Part four, ‘Information Sharing, Cyber Threat Intelligence and Exercises’, begins with a view from the cybersecurity industry by Michael Daniel and Joshua Kenway of the Cyber Threat Alliance. They offer a programme for the sharing of CTI between NATO and its stakeholder community that seeks to correct some of the faulty assumptions built into existing CTI frameworks. Chon Abraham and Sally Daultrey’s comparative analysis of CTI sharing in Japan, the US and UK suggests that national contextual factors can inhibit this critical cooperative function and proposes a series of organisational changes to remedy this condition. Andreas Haggman makes a distinct methodological contribution to the NATO cybersecurity discussion with its promotion of wargaming as a tool for imagining and anticipating conflictual futures in their diverse social, political and technical dimensions.
Part five looks at ‘Regulatory and Policy Responses to Cyber Security Challenges’. Cindy Whang focuses on how export control regimes should be reinvigorated to accommodate cybersecurity concerns across the Alliance. Laurin B. Weissinger concludes the volume with an appeal to improve NATO’s understanding of networked complexity, including through threat and attack modelling, to provide more effective and tailored cybersecurity solutions.
All the chapters in this book have undergone double-blind peer review by at least two external experts.