If NATO’s Article 5 is triggered as a result of the recent cyberattack, it would be the first since 9/11, which was the only time Article 5 has been invoked.
As I have repeatedly stated, Russia is the most likely culprit and probably launched the attacks. Russia has the capabilities, motive, and history. But cyber forensics is still nascent and not capable of fully tracking the point of origin of the attacks with enough resolution to identify the culprit in court. It needs to be combined with other technical and human intelligence.
Most likely, however, monitors would be installed which would remove most doubts as to the identity of the initiators. We have had that capability for decades, it has most likely improved tremendously. The problem is introducing these findings into a court of law. Consequently, secondary, less capable sensors would also need to be installed, the use of which would be compromised in a court of law but would not reveal true capabilities.
byJul 2, 2017, 2:15pm EDT
In the wake of last week’s massive Petya ransomware attack in Eastern Europe, researchers are reaching consensus that the incident was a politically-motivated cyberattack. According to CNBC, the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) recently put out a statement claiming that the attack was like done by a state actor or a group with state approval. The development means that the cyberattack could be viewed as an act of war, triggering Article 5 of the Washington Treaty and compelling NATO allies to respond.
“As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty,” wrote Tomáš Minárik, a researcher at the CCD COE law branch, in the release. “Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures.”
The statement puts the CCD COE, a NATO-sponsored cybersecurity research center based in Estonia, in agreement with researchers poring over the details of the attack. The Petya virus was seemingly aimed at central Ukrainian institutions instead of a broad array of ransom targets, and Ukraine bore the brunt of the attack. That fact, along with the basic errors that make ransom seem like a poor reason for a campaign of this scale and complexity, makes it looks like cyber criminals were not the culprits.
“The operation was not too complex, but still complex and expensive enough to have been prepared and executed by unaffiliated hackers for the sake of practice,” the Centre wrote in the release. “Cyber criminals are not behind this either, as the method for collecting the ransom was so poorly designed that the ransom would probably not even cover the cost of the operation.”
It’s possible Russia sponsored the campaign, given its history of military and cyber attacks in Ukraine, though there’s no concrete evidence proving the Russian government’s involvement. What’s more, some major Russian firms were hit in the attack. However, the Ukrainian state security service is blaming Moscow, claiming yesterday that the same Russian hackers who took down the country’s power grid last year were behind the hacks.