with support from
A Proactive Approach to the Cyber Domain Strengthens NATO’s Deterrence and Defense Posture
DAVID VAN WEEL is the Assistant Secretary General for Emerging Security Challenges at NATO
Since 2014, Russia’s cyberattacks against Ukraine have shown that malign actors won’t hesitate to employ cyber operations—including disinformation campaigns, espionage, ransomware, and the crippling of essential services and critical infrastructure—at any time, up to and alongside combat operations.
But malign actors are not limited to Russia, and targets go beyond Ukraine.
The world is facing an era of long-term strategic competition. Little by little, malicious actors are interfering in our democratic processes and institutions and targeting the security of our citizens through hybrid tactics—both directly and through proxies. Understanding the role of cyberspace in strategic competition means understanding that there is constant friction and continuous activity in the cyber domain. In other words, cyberspace is contested at all times, not just during crisis and conflict.
Against this backdrop, effective defense in cyberspace means taking a more proactive approach. This requires a shift away from the mentality of relying exclusively on deterrence by denial—persuading an adversary not to attack by convincing it that an attack will not achieve its intended goal. Instead, we need to foster an entirely new mindset regarding how to operate, compete, and, if necessary, fight in the cyber domain.
The first step is to embrace a comprehensive approach to cyber defense. This requires a better integration of activities among numerous stakeholders at each of NATO’s three cyber defense levels—political, military, and technical. At the political level, we need to be proactive to shape cyberspace in line with our values, promote stability through forward-looking policy development and the support of international norms, and clearly signal to adversaries that we are prepared to respond swiftly. At the military level, we must strengthen the role of our military cyber defenders by enabling civil–military cooperation throughout peacetime, crisis, and conflict. At the technical level, we must strive to defend ourselves effectively, ensuring that we are well equipped to detect, prevent, and protect against malicious cyber activity.
Second, effective national defense requires acting coherently with other states and relevant actors. We are stronger together in defending our values, and we cannot afford to duplicate our efforts. NATO offers a platform for political consultation and collective action against cyber and hybrid threats. Addressing the need to meet the current cyber threat landscape head-on, allies endorsed a new concept at the Vilnius summit to enhance the contribution of cyber defense to NATO’s overall deterrence and defense posture. As a result, NATO will further develop and enable civilian–military cooperation throughout peacetime, crisis, and conflict. Recognizing the unprecedented and critical role the private sector has played defending Ukraine from cyberattacks, another key focus of the concept will be strengthening the integration of industry expertise, as appropriate, in order to better protect NATO and allied networks, operate in cyberspace, and shape cyberspace in line with our values.
Beyond industry cooperation, NATO continues to intensify its cooperation through partnerships, including with partner countries, academia, the private sector, and other international organizations. For example, NATO cooperates with the European Union through a Technical Arrangement on Cyber Defence and continues to strengthen cooperation on cyber defense with efforts including information exchanges and training exercises.
Third, we must not forget the critical importance of resilience in cyberspace—getting the basics right and ensuring that defenders have the capabilities to detect, prevent, and mitigate malicious activity. Resilience is a cornerstone of cyber defense’s contribution to NATO’s overall deterrence and defense posture. Beyond endorsing the new concept, at Vilnius, allies also agreed to new and more ambitious national cyber defense goals and minimum requirements as part of the enhanced Cyber Defence Pledge, which recognizes that as states strengthen their defenses, they raise the cost to adversaries. While we may never be able to prevent all cyber incidents, we certainly will not succeed by sitting back and waiting for something to happen. While strategic competitors try to exploit NATO’s fault lines, the story of Ukraine’s defensive successes in cyberspace has demonstrated the power of having an effective cyber defense posture.
Finally, this new concept recognizes that being proactive cyber defenders also means being responsible actors. Beyond respecting our international commitments to upholding a norms-based approach to responsible state behavior in cyberspace, NATO allies and partners must be prepared to uphold the values and principles that drive us. We must be bold in enforcing norms. This will involve using all the tools in our democratic toolbox, ensuring over time that we not only raise the cost to malign actors but also hold them accountable when norms are being broken.
Any adequate response to these strategic challenges requires a genuine ambition to coordinate cyber defense efforts effectively. And it must be so. Just as we see constant friction in cyberspace, our cooperation should be always present—between allies, across the civilian–military spectrum, and between public actors and industry.
David van Weel is NATO’s Assistant Secretary General for Emerging Security Challenges. He is the Secretary General’s primary advisor on emerging security challenges and their implications for the security of the alliance and a member of the Secretary General’s senior management team. Prior to joining NATO, van Weel was the Foreign Policy and Defense Advisor for the Prime Minister of the Netherlands (2016–2020). That position followed a long career in the Netherlands Ministry of Defence, where he ended as Director for International Affairs and Operations/Policy Director (2014–2016) after serving as the Chief of Cabinet for the Minister of Defence and the Permanent Secretary (2012–2014) and as the Senior Policy Officer for, among other things, operations in Afghanistan and Libya, NATO, nuclear policy and disarmament, special operations, and the preparation of the defense budget.
Shelley McKinley
Developers Collaborate to Secure Software Ecosystem Amid Digital Threats
The war in Ukraine has shown that the tech industry has a meaningful role to play in enabling developers to strengthen defenses from cyberattacks.
David Agranovich
Detect, Disrupt, Deter: The Multistakeholder Threat-Disruption Model
The tech industry was first to push back as cyber mercenaries launched influence operations, malware development, and espionage, but governments are catching up.
Stéphane Duguin
Tracing Cyberattacks in Times of Conflict: The Hard Path to Cyber Peace
Transparency and rigorous data collection are essential to credibly tracking cyber operations during the Russia–Ukraine war— as are being neutral and facilitating redress for all victims.