The History of Russia’s Cyberwarfare Against NATO Shows It Is Time to Add to NATO’s Article 5

Since cyberwarfare has become a thing, Russia has been the only serious perpetrator of cyberwarfare against members of the NATO military alliance, with its just-discovered massive SolarWinds cyberwarfare operation only the latest in a string of impunities.  It is long past time for NATO to view these as the acts of war that they are and to evolve accordingly.

By Brian E. Frydenborg (LinkedInTwitter @bfry1981YouTubeFacebook)  December 24, 2020 (updated December 24-27 with additional sourcing); see June 7, 2021 follow-up special report Already in a Cyberwar with Russia, NATO Must Expand Article 5 to Include Cyberwarfare

NATO cyberwarfare

SILVER SPRING—A note on terminology before proceeding: obviously, cyberwarfare consists of cyberattacks.  But cyberattacks can also very much be carried by criminals, hacking groups, or even a mischievous high school student against his own school district.  Cyberwarfare goes far beyond such attacks, and large-scale cyberattacks backed by governments or terrorist organizations might better be termed cyberassaults than cyberattacks, though both terms will be used herein since cyberattack is still by far the most common term, even if problematic for the reason just outlined.

A Brief, Selective, General History of Modern Cyberwarfare, Russia, and NATO

There have been no armed attacks against the territory of any North Atlantic Treaty Organization (NATO) Alliance member states by hostile governments since the inception of NATO in 1949, thought terrorists have carried out numerous armed attacks, 9/11 by far being the largest and most others being small in scale.  Thus, 9/11 is the only instance in NATO’s history in which its founding treaty’s Article 5 was invoked, which compels all member states to consider “an armed attack” against one state to “be considered an attack against them all” and for them all to come to its aid up to and “including the use of armed force.”

The NATO Alliance has served for over seventy years not only as a foundation of preventing armed attacks from Russia and other major powers against most of Europe and North America, but also a foundation of one of the most peaceful and prosperous eras in world history.  But there is one major type of warfare that has been hitting NATO member states intensely for years and increasingly so: cyberwarfare.  And virtually all cybercampaigns of this cyberwarfare have been waged by Russia, part of Russian President Vladimir Putin’s overall war against the West, especially NATO but also even Western democracy.

Apart from some Chinese hacking/cyberespionage known to have begun at least by 2003, the first two serious cyberassaults (in these cases carried out much more so as part of geopolitical cyberwarfare campaigns) were Hezbollah’s and Israel’s surprising cyberattacks against each other during their 2006 war and Russia’s less-surprising but far larger cybercampaign against NATO-member Estonia in 2007, just three years after it had joined the Alliance.  It was not long after that when it became clear Russia was absolutely a bad-faith actor with which we have needed, since the last years of the George W. Bush Administration and through the Obama and Trump Administrations, to take a much tougher stance, as I have argued before

Unsurprisingly, then, the two countries that have led in cyberwarfare since are Russia and China, the first being the weaker of the two but also NATO’s (and America’s) clearest top state enemy and the second being the overall stronger of the two, but more restrained and America’s clearest top state rival for global power and influence.  Though China has conducted its own massive hacking and espionage operations (not uncommon among major powers) and has its own influence operations, it is Russia that has without question been the dominant aggressor with acts far more hostile than hacking operations focused mainly on espionage.  In fact, Russia is unique among major powers in carrying out significant acts of hostile cyberwarfare beyond espionage ever since its Estonia campaign.  And while espionage against NATO states is bad for any of those states, espionage has long been viewed as separate from acts of war and should remain in a different category from acts of war in all but the most extreme of cases, a select level in which the latest Russian cybercampaign (detected to be only espionage so far even if at a historic level) seems begging to be included.

Since the Estonia campaign, Russia become dramatically more aggressive against NATO, often skillfully manipulating nationalisms (as I discussed recently) and flooding NATO member states with cyberwarfare, with election interference and boosting secessionism as common features.  Notable cybercampaigns have been directed at the United States, the United Kingdom (including the Scottish independence and Brexit referenda), GermanyFranceItalySpain, the Netherlands, BulgariaNorway, EstoniaLatviaLithuania, the Czech Republic, Canada, Turkey, Denmark, Romania, Poland, Slovakia, Montenegro, and even (North) Macedonia, unsurprisingly focused there on preventing its recent accession to NATO (and these do not even get into campaigns carried out beyond NATO territory). 

These cybercampaigns involve thousands of Russian government paid-trolls and Kremlin-created bots operating thousands of fake accounts that create millions of Tweets, comments, and posts.  And the way these operations tend to work is by promoting politicians and political parties coopted or compromised by or even favorable to Russia and Putin’s agenda and slamming their opponents or anyone critical of Russia and willing to stand up to Putin.

Many of the parties getting the most help (including funding) from Russia exhibit the same hackneyed brand of thoroughly boring right-wing ethnonationalism of the type embraced by Putin’s own United Russia party, which has in recent years forged alliances with several major political parties in Europe, including in major NATO states Italy, Germany, and France (and there are suspicions about the UK, where details of this remain redacted in the recent British parliamentary Russia report).  Similar political interference efforts are known to extend beyond  NATO countries.

Using its primary hybrid mix of disinformation, hacking, and propaganda, and with a network that combines top Kremlin figures, shadowy Russian government operatives, oligarchs in Putin’s pocket, and various state-linked media “outlets,” these operations have had far more effect than most people in NATO countries realize: helping to sway the views of many millions and dramatically distorting public discussion, politics, and policies in countries on everything from Ukraine (see the Hunter Biden “story,” for years a Russian disinformation campaign) and Syria to sanctions and even the current coronavirus pandemic. This model is skilled at preying on ignorance and confirmation bias to turn media outlets and citizens alike in these NATO states into Kremlin allies, whether as unwitting “useful idiots” or witting Fausts.  From Donald Trump and France’s Marine Le Pen and Brexit champion Nigel Farage to Fox News’ all-stars and “contrarian” journalists Glenn Greenwald and Matt Taibbi, for a variety of reasons, extremists not only on the right but also on the left embrace or parrot Kremlin talking points and narratives after years of these effective influence operations, shaping debate from both within the halls of government power and newsrooms, corrupting and bending the debate to Russia’s ends.  Russian disinformation is thus vastly amplified and passed on further as misinformation by the duped and again as disinformation by the corrupted so that public opinion, media, and even laws and policies become more anti-NATO, more anti-EU, more anti-American, more pro-secession, more pro-Russia, more pro-Putin as a result.  And when the Kremlin’s candidates win, they and their allies may spout Russian disinformation to suit their ends, as former FBI counterintelligence agent Asha Rangappa explains is the case with the Trump Administration.  They can also can move to obstruct efforts to both investigate Russian infiltration and hold Russia accountable for its cyberwarfare, with clear and indisputable examples of late from the Trump Administration and Boris Johnson’s UK government as illustrated clearly in the Mueller report and the aforementioned British parliamentary report, respectively.  Even when the Kremlin’s chosen do not win, these Russian operations still manage to weaken their victorious opponents and skew political atmosphere.

All this has been the case to varying degrees from Washington to Rome, from London to Berlin, weakening NATO and its ability to collectively defend itself.  Over time, the degree to which the pendulum has swung to more pro-Russian positions and people has been nothing short of remarkable and very much in part because of Russia’s concerted cyberwarfare effort.  And all this further divides the Alliance and even member states’ own societies internally, which itself is also a major goal of Russia’s.

Time to Adapt NATO’s Article 5 for the Cyberwarfare Era

Thus, what Russia and the Soviet Union before it had been unable to do for decades with conventional armed forces Putin is now to a significant degree accomplishing through cyberwarfare.  And while the NATO Allice had been incredibly effective in preventing and deterring armed attacks, it has had a dismal record at preventing and deterring cyberattacks, a trend that is only increasingly so as Russia’s cyberassaults become more and more brazen, with Russia’s only-just-detected massive months-long and ongoing cyberespionage campaign (and perhaps much more than cyberespionage, we may discover over time) making this only pathetically more obvious.

While NATO’s Article 5 does not exclude cyberwarfare from being considered a pretext for a collective response, it has not been one in practice and the extreme lack of clarity or cohesion from NATO only has Russia acting on the cyberwarfare front with impunity.

To this end, cyberwarfare—including information warfare—must be explicitly included in Article 5, with “or cyberattack” added after the three instances of “armed attack” in the Article.

I will elaborate much more on how this will work in the future, but for now, even this brief historical overview of the intersection of NATO, Russia, and cyberwarfare makes obvious the dire need for a new approach for NATO to reinvigorate a domain of warfare that has been nothing but a grand embarrassment for the Alliance in the face of sustained Russian aggression.  Only with a new, clear, and bold policy that make cyberattacks as off limits as “armed attacks” can NATO continue to secure its members states as it has for most of its history and reverse its loss of power, prestige, and effectiveness Russia’s relentless cyberassaults have already initiated and inflicted.

See my June 7, 2021 follow-up special report Already in a Cyberwar with Russia, NATO Must Expand Article 5 to Include Cyberwarfare and my related article on the UK Parliament’s singularly excellent Russia report and my discussion as a member of a panel with author and Senior International Correspondent for The Guardian, Luke Harding, on Russia’s bad behavior

Also see Brian’s eBook, A Song of Gas and Politics: How Ukraine Is at the Center of Trump-Russia, or, Ukrainegate: A “New” Phase in the Trump-Russia Saga Made from Recycled Materials, available for Amazon Kindle and Barnes & Noble Nook (preview here), and be sure to check out Brian’s new podcast!

eBook cover

© 2020 Brian E. Frydenborg all rights reserved, permission required for republication, attributed quotations welcome

If you appreciate Brian’s unique content, you can support him and his work by donating here

Feel free to share and repost this article on LinkedInFacebook, and Twitter. If you think your site or another would be a good place for this or would like to have Brian generate content for you, your site, or your organization, please do not hesitate to reach out to him!