16 Mayıs 2021
Are Security Threats Real or Perceived?
We can roughly evaluate existing security threats in two classes: conventional and unconventional threats.Conventional or traditional threats refers to a country perceives due to the military power and capacity of the other country such as security threats which were perceived by US and SSCR at Cold War era. Unconventional threats, on the other hand, the threats which can targets the civilian population as well as the armed forces, and specializes in unconventional tactics and they can perceived various types and shapes such as suicide or bombing actions,cyber attacks etc.In the past,the role of military was limited only interstate war but its role was extended in 21st century due to unconventional threats.In this essay,will be focused on cyber attacks threats in the context of NATO,European Union and Russia and it will be searched whether or not real or perceived.
Key words: NATO,cyber threat,cyber attack,non-traditional war,hybrid war.
Security Challenges in 21st Century and Cyber War
Security in the 21st century not only comprises traditional characteristics such as inter-states war,it also entails non-traditional features such as having to deal with cyber war.In this century,the security challenges extented and diversified. These challenges are too big for any one country or organization to handle on its own.Therefore,defence pacts was occured such as NATO and they adopted a concept was called ‘’collective defence’’(Article 5)¹.We can call the era in which we live as ‘’the era of asymetric war’’.States have been perceiving asymmetric threats from other countries. The asymmetric threat can be defined as “a broad and unpredictable spectrum of military, paramilitary, and information operations, conducted by nations, organizations, or individuals or by indigenous or surrogate forces under their control, specifically targeting weaknesses and vulnerabilities within an enemy government or armed force.”²The asymmetric threat is going to be difficult to avoid in any environment because it is unpredictable. Unlike the apparent danger of conventional warfare, the danger of asymmetric attack does not decrease significantly during operations other than war.
Security dynamics of the international system changed after the end of the Cold war. NATO has to be restructured according to the requirements of the new situation with the disappearance of the threats of Cold War.
The most significant change in the post-Cold War conflict was the increase in the asymmetricization of security.
The number of examples of asymmetric warfare seen in the history of war has increased after the end of the Cold War.³In this period when the Internet and information technologies began to enter our lives, these new technologies were used in wars.
NATO, Russia and Cyber War
Due to the uncertainty of the security environment after the Cold War, NATO prefers the hybrid method by considering that it would be right to have new ones without leaving the traditional war facilities. During this period, NATO was in an effort to adapt to the new period.
On September 11, 2001, the World Trade Center in New York, towers against the various targets of the World Trade Center towers, terror attacks, known security definitions turned upside down. Security has again climbed to the top of the list of priorities of many countries, and war on terrorism has become a topic that concerns all actors in the system, not just the state that has been attacked.⁴NATO countries have been worried about serious cyberattacks after this incident. The issue of cyber security started to come to the agenda of the NATO member states and measures were taken.
In 2007 the Estonian government decided to move the Bronze Soldier from the centre of Tallinn to a military cemetery on the outskirts of the city.
The decision sparked outrage in Russian-language media and Russian speakers took to the streets. Protests were exacerbated by false Russian news reports claiming that the statue, and nearby Soviet war graves, were being destroyed.
Russian speakers rose up on the streets in protest at the statue’s move – and cyber attackers followed behind.
On 26 April 2007 Tallinn erupted into two nights of riots and looting. 156 people were injured, one person died and 1,000 people were detained.
From 27 April, Estonia was also hit by major cyber-attacks which in some cases lasted weeks. Online services of Estonian banks, media outlets and government bodies were taken down by unprecedented levels of internet traffic. Liisa Past,a cyber-defence expert at Estonia’s state Information System Authority,
“Cyber aggression is very different to kinetic warfare,” she explained. “It allows you to create confusion, while staying well below the level of an armed attack. Such attacks are not specific to tensions between the West and Russia. All modern societies are vulnerable.”
That means that a hostile country can create disturbance and instability in a Nato country like Estonia, without fear of military retaliation from Nato allies.
The alliance’s Article Five guarantees that Nato members defend each other, even if that attack is in cyberspace. But Article Five would only be triggered if a cyber-attack results in major loss of life equivalent to traditional military action. But there is no concrete evidence that these attacks were actually carried out by the Russian government.
On condition of anonymity, an Estonian government official told the BBC that evidence suggested the attack “was orchestrated by the Kremlin, and malicious gangs then seized the opportunity to join in and do their own bit to attack Estonia”.¹’
In 2008, Russian forces entered Ossetia on August 8 and invaded Georgia after the Georgian forces began operations in South Ossetia on 7 August to establish Georgia’s territorial integrity. The Russians started to respond to Georgia with cyber attacks on the evening of 7 August 2008. Since Georgia’s membership in the alliance has not yet taken place, Georgia has not benefited from NATO’s security umbrella. The most important result that can be drawn from cyber attacks on Georgia is that it is a real hybrid war. Using traditional methods of warfare, Russia also launched cyber attacks simultaneously. It is possible to define this war system as a hybrid war. The fact that the incident took place supported NATO’s belief in hybrid warfare.
In terms of cyber warfare, NATO’s conceptual preference was to use the concept of cyber security.
In April 2009, the member states asked for the development of new cyber defense attitudes at the summit in Strasbourg / Kehl. It was decided to make cyber defense a part of NATO exercises and to strengthen the link between NATO and member states against cyber threats.
‘’We will accelerate our cyber defence capabilities in order to achieve full readiness. Cyber defence is being made an integral part of NATO exercises. We are further strengthening the linkages between NATO and Partner countries on protection against cyber attacks. In this vein, we have developed a framework for cooperation on cyber defence between NATO and Partner countries, and acknowledge the need to cooperate with international organisations, as appropriate.’’¹”
As an other example, Britain, Australia and New Zealand have accused Russian military intelligence of carrying out a worldwide campaign of “malicious” cyber attacks, including the hacking of the US Democratic National Committee in 2016.¹”’
British Foreign Secretary Jeremy Hunt said in a statement Thursday that the country’s National Cyber Security Centre (NCSC) had found that Russian GRU intelligence service operatives were behind cyber attacks believed to have cost the global economy millions of dollars.
Australia and New Zealand released similar statements alleging that their own intelligence agencies had found evidence of Russian involvement in the same attacks on political, business, media and sporting institutions.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” Hunt said in a statement.
The Kremlin has not responded to the British and Australian allegations, but Russian leaders have consistently denied many of the hacks attributed to Moscow, including allegations that it meddled in the 2016 US presidential elections.
As a result of all these events, NATO continued to increase its measures in the field of cyber security by cooperating with the EU.
“We are pleased with the progress made to enhance our preparedness and resilience,” said Dr. Antonio Missiroli, NATO’s Assistant Secretary General for Emerging Security Challenges. “Our focus will remain on strengthening the ways in which we share information, train, educate, and exercise together to ensure that we have the most robust tools possible for responding to growing cyber threats”.²’
At the Brussels Summit in 2018, Allies agreed to set up a new Cyberspace Operations Centre as part of NATO’s strengthened Command Structure. They also agreed that NATO can draw on national cyber capabilities for its missions and operations.²”
Cyber threats have become one of the most important security threats in our age. Cyber-war instruments have reached such a size, from a country’s critical infrastructure facilities to intervention in the country’s presidential elections, and have become quite difficult to deal with. Since the age we live in is a hybrid war era, it has become impossible to respond to hybrid warfare methods with traditional methods.
In this context, NATO sees cyber attacks on NATO member countries as a threat. EU countries claim that Russia is responsible for these attacks. NATO has entered into a restructuring process in line with the needs of the age and has taken important steps in cyber security in the member states.
‘’In spite of all these efforts, it is clear that it is not easy to take cyber security measures in NATO Headquarters and alliance member countries. Since 1999, it is not easy to fully realize the cyber security discussed at different levels and with different keywords. The biggest error in the transition to cyber defense strategy is the error that a strategy formulated by NATO headquarters is accepted by all members of the alliance. The Member States show different resistances according to their characteristics.’’²”’
As a conclusion,cyber attacks on EU and NATO member countries are not perceived as a real threat. However, it is clear that NATO did not respond to these threats in a timely manner. For this reason,NATO should produce and implement strategies that can adapt to the war-concept hybrid war methods of our era in a shorter time.
1. ‘’The principle of collective defence is at the very heart of NATO’s founding treaty. It remains a unique and enduring principle that binds its members together, committing them to protect each other and setting a spirit of solidarity within the Alliance.’’
3. In December 1994, Russian troops entered Grozny, the capital of Chechnya, to implement the constitution and to ensure Russia’s territorial integrity.The Chechens, using all the media, especially the internet, gave the first examples of information war.
1′. ‘’How a cyber attack transformed Estonia’’, BBC News, Tallinn, Estonia,27 April 2017
“Strasbourg/Kehl Summit Declaration, 04 April 2009”, https://www.nato.int/cps/en/natohq/news_52837.htm?mode=pressrelease
1”’. UK blames Russian military for ‘reckless’ cyber attacks, October 4, 2018
2′. NATO and the European Union work together to tackle growing cyber threats (10 Dec. 2018)
KOLODZİE, MICHEAL L., The Asymmetric Threat, http://www.almc.army.mil/alog/issues/JulAug01/MS628.htm
BEDESKİ,ROBERT E., Unconventional security threats ‐ an overview, Pages 78-90 | Published online: 08 Nov 2007, https://www.tandfonline.com/doi/abs/10.1080/14781159208412755?journalCode=cpar18
‘’What are today’s security challenges?’’
‘’Cyber defence’’,Last updated: 16 Jul. 2018 17:03, https://www.nato.int/cps/en/natohq/topics_78170.htm
‘’NATO and the European Union work together to tackle growing cyber threats’’, Last updated: 13 Dec. 2018 10:57,
JUNCUN,ME5 SU,Militaries Versus Non-Traditional Security Threats, https://www.mindef.gov.sg/oms/safti/pointer/documents/pdf/V44N1a4.pdf
‘’How are conventional and unconventional warfare different?’’
Collective defence – Article 5, https://www.nato.int/cps/en/natohq/topics_110496.htm
BIÇAKÇI,SALİH, NATO’nun Gelişen Tehdit Algısı: 21. Yüzyılda Siber Güvenlik, Vol. 10, NO. 40, Özel Sayı: NATO’nun Dönüşümü ve 21. Yüzyılda Güvenlik / Special Issue: NATO’s Transformation and Security in the 21st Century (Kış / Winter 2014), pp. 101-130, https://www.jstor.org/stable/43926270?seq=1#page_scan_tab_contents
‘’Strasbourg / Kehl Summit Declaration’,’Last updated: 08 May. 2014 11:08, https://www.nato.int/cps/en/natohq/news_52837.htm?mode=pressrelease
BIÇAKÇI,SALİH,’’Yeni Savaş ve Siber Güvenlik Arasında Nato’nun Yeniden Doğuşu’’,Uluslar arası İlişkiler,Cilt/Vol: 9,Sayı/No: 34,Yaz/Summer 2012,s./p. 205-226.
‘’UK blames Russian military for ‘reckless’ cyber attacks’’, October 4, 2018, https://edition.cnn.com/2018/10/03/uk/uk-russia-cyber-attacks-intl/index.html
‘’How a cyber attack transformed Estonia’’, 27 April 2017, https://www.bbc.com/news/39655415
Ege Üniversitesi – Uluslararası İlişkiler
Are Security Threats Real or Perceived? (Kemal Kısa)