Share this article on:
Growing ransomware attacks and the continuing war in Ukraine are having an increased impact on countries not on the front line and may even be a trigger for a wider conflict.
A report from Switzerland’s Federal Intelligence Service (FIS) sheds light on the state of play of cyber security in the country and in Europe in general.
The Switzerland’s Security 2023 report breaks down a range of threat vectors and areas of influence that might affect the land-locked, neutral country, but chief among them are cyber attacks driven by Russian actors.
The most alarming thing to note in the report is the possible “spillover effects” of the war in Ukraine. While Switzerland — like many other countries — is not seeing direct threats to its critical infrastructure, the roll-on effect of supply chain attacks and attacks on other countries still cause “disruption, partial failure or temporary restriction of critical services”.
The report calls out the unpredictability of non-state actors as a particular challenge.
“The threat and the unpredictability which such activities give rise to should not be underestimated, even if these actors have so far attracted more attention by announcing their intentions than by carrying them out,” the report said, alluding to the fact that for some pro-Russian hacking groups, the propaganda value of attacks is more important than the attack itself.
But the issue remains of what happens when a threat actor with clear links to Russia, and acting on its behalf in a time of war, targets and successfully disrupts or damages the critical infrastructure of a NATO nation. According to the FIS report, such an attack could lead to the activation of the Article 5 collective defence clause — and quite possibly in error.
“It remains to be seen how states will react if such a group causes damage to critical infrastructure,” the report said. “Although not officially conflict parties, these groups are at least indirectly involved in events in the war, and in some cases, it is unclear how independently they are actually acting. This makes clear attribution of responsibility difficult and might lead to incorrect apportionment of blame or to escalation.”
Traditionally, Article 5 states that an “armed attack” on one NATO member is to be considered an attack on NATO at large, and all member states would be expected to come to the defence of the attacked state. But as recently as 2019, NATO Secretary-General Jens Stoltenberg stated that cyber attacks do, in fact, count when it comes to Article 5.
“To keep us all safe, as it has been doing for 70 years, NATO is adapting to this new reality,” Stoltenberg said at the time. “For NATO, a serious cyber attack could trigger Article 5 of our founding treaty. This is our collective defence commitment where an attack against one ally is treated as an attack against all.”
However, so far, cyber attacks that have targeted NATO countries — such as those that targeted German airports after it promised to send Leopard tanks to Ukraine — have not been seen as such a trigger, likely due to the aforementioned problems of attribution and their limited scale.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.