BRUSSELS — When President Obama meets with other NATO leaders later this week, they are expected to ratify what seems, at first glance, a far-reaching change in the organization’s mission of collective defense: For the first time, a cyberattack on any of the 28 NATO nations could be declared an attack on all of them, much like a ground invasion or an airborne bombing.
The most obvious target of the new policy is Russia, which was believed behind computer attacks that disrupted financial and telecommunications systems in Estonia in 2007 and Georgia in 2008, and is believed to have used them in the early days of the Ukraine crisis as well.
But in interviews, NATO officials concede that so far their cyberskills are limited at best.
While NATO has built a gleaming new computer security center, and now routinely runs computer exercises, it possesses no cyberweapons of its own — and, apparently, no strategy for how it might use the weapons of member states to strike back in a computer conflict. In fact, its most powerful members, led by the United States and Britain, have spent billions of dollars on secret computer offensive programs — but they have declined so far to tell NATO leaders what kind of weapons they might contribute in a NATO-led computer conflict.