First of all, it should be noted that with the development of technology and the introduction of the internet into the every house, every information we share from our servers has started to pose a threat to our personal data. Apart from the legal protection methods related to the protection of personal data, the nature of cyber attacks has come to the agenda. Work to develop a defense against cyber attacks was first raised in Prague in 2002. This issue, which was discussed for the first time at the NATO summit, has been expanded and addressed over time. Accordingly, in 2008, NATO discussed its cyber defense policy for the first time. When the date shows 2014, the cyber security problem, which is now an important problem of our time, has been adopted by the allies and the common defense clause has been added. Accordingly, Article 5 of the NATO treaty ; ‘ The Parties agree that any armed attack against one or more of them in Europe of North America shall be deemed to have been carried out against all of them.’ It will also be enforced in the event of a cyber attack.
Thus, NATO allies started to take important steps in the name of cyber security. When we came to 2018, the agenda of the summit meeting held in Brussels was that the threats to the security of the alliance started to become more complicated. Based on this, ‘The alliances should be able to work in cyberspace just as we do in the air, on land and at sea, to strengthen and support the deterrence and defense stance of the Alliance as a whole.’ security measures that can be taken about the threat of security. In this regard, The United States has activated the United States Cyber Command.
Cyber security is expressed as the whole of tools, policies, security concepts and measures, rules, risk management approaches, actions, trainings, practices, and technologies used to protect the assets of institutions, organizations and users in cyberspace in the light of integrity, confidentiality and accessibility principles.[1]
Since the 1950s, a new threat area has started to be characterized as the new battlefield in the world and as of the 21st century, a new threat area has started to form with the development of the information sector and the definition of cyber war has been included in our lives and has been described as the 5th battlefield in the world.[2]
Today, individuals, companies governments can be exposed to threats such as malicious software, botnets, DDOS attacks, Trojans, viruses, breaches, information thefts, identity thefts etc. that are considered as cyber-attacks.[3]
For all these reasons, as the types of threats have changed, NATO’s protection measures have also changed. An agreement on information sharing was signed in 2003 by nine countries (USA, Germany, England, France, Netherland, Spain, Italy, Canada, Norway) participating in the Summit on the subject of cyber security measures, which was first discussed in Prague. In 2004, The NATO Communication and Information Systems Services Agency (NCSA) was established. There for, NCSA is the first structuring action to respond to cyber-attacks.
In 2008, instant support couldn’t be provided to Estonia, which suffered a major cyber-attack and was exposed to cyber-attacks for one month. In the wake of large-scale and devastating cyber-attacks against its ally, NATO has moved to improve its defenses. Firstly, The Cyber Defense Management Authority (CDMA) was created. In addition, the Cyber Defense Center of Excellence was established in Estonia, and it was aimed that the member countries would receive various trainings, studies and researches. In this centre, for the first time, The Tallinn Handbook, which was written by international law experts and examined cyber warfare, was published. Every year, CCDCOE coordination has been established by allied states to combat cyber threats. This coordination is carrying out the world’s largest cyber-attack exercise ‘Locked Shields.’
In 2006, The NATO – European Union Joint Declaration was signed at the Warsaw Summit due to the continuous deformation of NATO’s cyber threats and the existence of gaps in international law. There for, it was aimed to pave the way for more arguments and cooperation with the member states.
When it comes to the 2018 Brussels Summit, The Cyber Operations Center, which will be operational as of 2023, has been established to enable allies to produce common defense in the field of cyber security.
In light of all these developments, NATO is addressing this issue in two ways of doing so. The first of these is the use of cyberspace as a field of operation and the other is the commitment to Cyber defense.
Referring to NATO’s objectives in cyberspace, as the Allies stated in Brussels, ‘ in order to strengthen and support the alliance’s deterrence and defence posture posture as a whole, on air, land and sea. We should be able to work in cyberspace as effectively as we work very effectively’ the alliance stated that operations are responsible for coordinating cyberspace operations.[4]
The commitment to cyber defense, as stated in Article third of the Washington agreement; ‘Allies will protect develop their individual and collective capabilities to counter an armed attack’ the alliance countries should demonstrate sectoral adaptation to cyber defense issues not only under the umbrella of the military defense union, but also their governments. What is expected from governments in terms of compliance is ; adequate care and attention to cyber defense, the use of government resources, sectoral support and academic support for innovative practices.
In this work with NATO alliances, it has signed standardization agreements with its member states in order to implement common military and technical procedures. (STANAG) Each NATO state shall approve a STANAG and implement it within its own army. The aim is to implement common operational and administrative procedures.
The STANAG (Standardization Agreement) standards are published by the NATO standardization office in Brussels in English and French, NATO’s two official languages. STANREC has been prepared on the recommendation of Standardization. Member States are obliged to comply with these standardizations in all military products they produce.
NATO, which carries out various studies in order to adapt to changing conditions and conditions, develops various strategies by cooperating in this sense. They have taken their first steps in developing an artificial intelligence strategy (NATO Artificial Intelligence (AI) Strategy) by organizing consultation meetings with the European Union in cyberspace studies. In this sense, it is aimed to prevent threats and security vulnerabilities in cyberspace. While achieving the targets, it is reported that six principles will be adhered to. These principles are; legality, disclosure and traceability, responsibility and accountability, reliability, manageability, reducing cognitive bias.[5] Together with the artificial intelligence strategy, NATO officially announced at its meeting in 2021 that will establish a Data and Artificial Intelligence Review Board in order to prevent cyber-attacks and to control them by human hands. There for (The Data and Artificial Intelligence Review Board) DARB was established to carry out studies on behalf of preventing possible cyber-attacks by supporting the artificial intelligence strategy. In addition, another function is to guide the stages of product development and achieve the goals of contributing to the work of the innovation community. Each NATO country has candidates with artificial intelligence expertise in various related fields such as computer science, data analytics, engineering, law, philosophy, social sciences to serve in DARB; academia, private sector or civil society, government employees can choose from it.
DARB’s first effort will be to improve the RAI certification standard. RAI (Guiding Responsible AI Adoption) applications can be considered as a process standard based on input from NATO enterprise stakeholders and experience from the public, private sectors and non-governmental organizations.[6] The Responsible AI certification standard (RAI) was approved by the board in October 2021 and aims to lead the fields of cyber defense, climate change and image analysis in the innovation process by establishing certain standards in order to prevent risks to the use of artificial intelligence and to carry out quality controls.[7]
NATO Standardization Documents
NATO Allies have stated that by 2022, their strategic concepts will be focused on digital transformation and that the first steps will be taken for this transformation. This confirmed NATO’s first vision for digital transformation. It is aimed that the alliance will conduct multi-area operations by 2030, increase political consultations and make data-based decision in order to increase awareness and ensure interoperability in all areas. In this sense, The DARB board, which met on 7 February 2023 and consisted of lawyers, engineers, military personnel, and ethics experts who are experts in their professions, reported that a standardization including data use and quality controls would be completed by the end of 2023.[8]
See Also; Privacy By Design Became The ISO Standard!
Sources:
[1] Hill, R. (2015). Dealing With Cyber Security Threats: International Coorporation, ITU and WCIT. 7th International Conference on Cyber Conflict, 119-134
[2] Güvenlik Bilimleri Dergisi, Şubat 2020,UGK Özel Sayısı, 135-158 / Doğan Şafak POLAT sf.141
[3] Güvenlik Bilimleri Dergisi, Şubat 2020,UGK Özel Sayısı, 135-158 / Doğan Şafak POLAT sf.139
[4] https://www.nato.int/docu/review/index.html ( North Atlantic Treaty Organization )
[5] https://www.nato.int/cps/en/natohq/official_texts_208374.htm?selectedLocale=en ( North Atlantic Treaty Organization )
[6] https://www.nato.int/cps/en/natohq/official_texts_208374.htm?selectedLocale=en ( North Atlantic Treaty Organization )
[7] https://www.nato.int/cps/en/natohq/news_208342.htm ( North Atlantic Treaty Organization )
[8] https://www.nato.int/cps/en/natohq/news_211498.htm#:~:text=NATO’s%20Data%20and%20Artificial%20Intelligence,projects%20are%20in%20line%20with (North Atlantic Treaty Organization)
