NATO’s 2024 summit is over; as always, it has brought forward multiple topics. Especially given the current turbulent geopolitical and geoeconomic global environment, one could arguably focus on and analyse practically any of the agendas that resonated among the leaders and experts. I will argue for the importance and prominence of cybersecurity and the defence industry.
Resilient or vulnerable? Cyberspace is the silent battlefield
It is perhaps fitting to illustrate cybersecurity’s (rising) importance for overall national and societal resilience with a concrete example. It was during this very NATO summit that a series of cyberattacks by various anti-NATO hacktivist groups were conducted, aiming at undermining Allied initiatives particularly related to Ukraine. The tactics, for instance, include Distributed Denial of Service (DDoS) attacks on NATO websites. Of course, cyberattacks against NATO member states have been quite a frequent occurrence. They have intensified after 2022, and in the course of that year, they also changed in nature – whereas first, the cyber-war focused on Ukraine and Russia, it transformed into a high-intensity hybrid cyber-war across the EU and (European) NATO countries. The attacks seem to be also tied to concrete state decisions regarding support of Ukraine – as the recent cases of Denmark of the Czech Republic show.
Relatively inconsequential cyberattacks during NATO’s 75th summit symbolise a call for more proactive Allied measures as well as joint collaborative efforts among the member states in order to effectively defend against such threats and attacks. In a world defined by connectivity and interconnectedness, where accurate and timely data enable an effective defence, and where the “internet of things” is not only a buzzword but a concrete reality, cybersecurity should become one of the top priorities for NATO collectively and for individual member states.
That actually seems to be the case. In order to jointly address the intensifying complex and sophisticated threats to NATO’s communications and networks, the Allies agreed to establish a first-of-its-kind Integrated Cyber Defense Center. The new initiative should enable better, easier, and faster information-sharing among the Allies as well as joint development of critical capabilities enabling collective defence against cyber attacks. The Center plans to physically co-locate national personnel to the Supreme Headquarters Allied Powers Europe (SHAPE) in Mons, Belgium, in order for the Supreme Allied Commander Europe (SACEUR) to be provided nonstop with top-notch information enabling situational awareness and thus enhance collective resilience and defence regarding existing and emerging threats in cyberspace that could pose a risk to critical communications and, ultimately, any military operations. In contrast to individual Centers of Excellence that are focused on cyber (which are independent of NATO), the Center will be an integral part of NATO and will be structured and staffed accordingly – with civilian and military personnel as well as experts from industry working together there. The Centre should be operational no later than 2028.
NATO leaders also decided to launch four new joint projects to deepen cooperation with its Indo-Pacific partners – Japan, South Korea, Australia, and New Zealand. These projects, aiming to deepen overall cooperation and share the best practices, will also focus on cybersecurity and artificial intelligence.
Although it is clearly not – and neither should become – NATO’s responsibility, it is necessary to also add that cybersecurity is indeed a much broader topic as it does not concern only strictly military capabilities and capacities but also impacts national and societal resilience in other areas and aspects – be it critical infrastructure or even modern and electric vehicles, which collect and transfer a multitude of data. This opens up questions about data leaks as well as remote manipulations and remote control. The technology could also be used as an entry point into the country’s critical infrastructure. I am certain that we will hear more about issues regarding cybersecurity across various domains, including electric vehicles, as mentioned. Moreover, cyber is also a grey zone, where various hackers and groups comprised of various international actors aim at gradually and systematically destabilising targeted states and societies, undermining the effective functioning of their institutions, undermining social cohesion, and/or maintaining (considerable) influence in the field of technology, which, in extreme cases of crisis or, heaven forbid, conflict or even an outright war, could be abused. Until then, the activities remain under the threshold of war, bringing various legal issues to the forefront of attention as well.
No industry, no security
The second area of particular interest, I argue, should be the defence industry itself. After all, it is the private companies, almost exclusively, that enable complex and comprehensive defence, whether we speak about drones, tanks, or software. These all need to be developed, tested, produced, maintained, repaired, and modernised. This requires a functioning private sector, where innovation can happen, new technologies can be tested, and then produced in the required volume, quality, and time – and, of course, for a “reasonable” price.
The industry, with its capacities, limits, and potential, is the backbone of any effort to maintain or increase security and defence. At least since 2022, the topic has been hotly discussed at a plethora of events across the West – how best to support the industry? How much does the theory differ from the practice? In other words, are various new initiatives, programs, and existing patterns and regulations helping the industry achieve the desired results? Are some existing regulations, for instance, in the financial sphere, hurting the industry? What does the industry need – a qualified workforce, more capital, larger production capacities, or all at once? These questions are, perhaps, a bit more valid for the EU and the US than for NATO, but nevertheless, the Alliance does not neglect the topic.
Again, this was also reflected at the 75th summit, as the leaders decided to adopt a new NATO Industrial Capacity Expansion pledge. The primary aim is not to introduce higher levels of defence spending up from the already agreed (and still not respected by quite a few member states) 2% of GDP, but mainly to start focusing on finding ways how to spend available resources more efficiently and create opportunities to jointly develop, produce and then buy new weapons.
Interoperability is considered a key component of the new pledge amid all the increased spending and efforts to ramp up production. As said, new and more coproduction agreements should also result from the new pledge. These aspects will be crucial because it is not as important how much money is spent as it is how it is spent. Spending available resources more efficiently can bring much more results than simply spending more. It is important to coordinate closely with the EU since the power of the internal market there (and other synergies) can be harnessed and brought to benefit NATO as well. Examples of how joint efforts bring results include the January 2024 decision of the European NATO members to jointly buy up to 1000 Patriot missiles or the NATO Support and Procurement Agency (NSPA) decision – made on the 2024 summit premises – to order Stinger anti-aircraft missiles worth $700 million. Efficient working and execution of such activities will only become more important as, over the next five years, European NATO members (and Canada) plan to purchase thousands of air defence and artillery systems, around 850 modern aircraft (mainly the 5th generation F-35s), and other high-end capabilities in similar numbers.
Where possible and desired, it could also lead to coproduction agreements with partner countries from the Indo-Pacific region. Individual national efforts to update national defence strategies, streamline procurement processes, and invest in industrial production, which were identified as priorities in the 2023 NATO summit, should continue.
Conclusions
In today’s world, there are myriads of issues that require attention – including the attention of NATO leaders. Among these issues, there is an abundance of those that are arguably important. And then there are priorities. How do you select them? How do you discern and differentiate between issues that should be at the top of the list?
In this paper, I argued for two specific issues that should indeed be at the top of the list of priorities for NATO leaders: cybersecurity and the defence industry. The NATO 2024 summit addressed both of these issues and launched two important initiatives.
In order to jointly address the intensifying complex and sophisticated threats to NATO’s communications and networks, Allies at the summit in Washington, D.C., agreed to establish an Integrated Cyber Defense Center, which aims to enable better, easier and faster information-sharing among the Allies as well as joint development of critical capabilities enabling collective defence against the cyber-attacks. It should provide SACEUR with top-notch information, enabling situational awareness and thus enhancing collective resilience and defence regarding existing and emerging threats in cyberspace that could pose a risk to critical communications and, ultimately, any military operations.
In regard to the industry, leaders decided to adopt an Industrial Capacity Expansion pledge, which mainly aims at finding ways how to spend available resources more efficiently and create opportunities to jointly develop, produce and then buy new weapons with interoperability considered a key component. New and more coproduction agreements should also result from the new pledge. It is not as important how much money is spent as it is how it is spent. Spending available resources more efficiently can bring much more results than simply spending more. It is also argued to closely coordinate with the EU since the power of the internal market there (and other synergies) can be harnessed and brought to benefit NATO as well.As always, it is the implementation and execution in the real world that counts, without which any plan or strategy remains a piece of paper at best. Only time will tell if more integrated and joint efforts to respond to the cyberattacks will increase resilience and decrease vulnerabilities and if collective efforts to spend available resources more efficiently through joint development, production as well as the purchase of new weapons will increase NATO member states’ security, defence and deterrence capabilities. This decade will reveal the results.
Photo credits: Matej Kandrík
