Active Cyber Defence and NATO - NATOs innovative offensive strategy towards Russia and China

To date, NATO has always relied on its defensive mandate to battle cyber threats. In its capacity to reconcile Allies’ strategies, foster the sharing of sensitive information between its members, and advocate for education and technological innovation, it has erected a multitude of training centres and cooperated with member states’ national military cyber trainings. However, amid a tremendous, rapid evolution of cyber technology, stretching from government misinformation campaigns to newly emerging critical infrastructure, there is growing potential for this technology to be used in cyber warfare. This article will discuss NATO’s position vis-à-vis the two greatest future cyber threats: China and Russia. First, a discussion of the emergence of 5G networks and Huawei’s dominance of this technology will reflect on the question of if military safety can outweigh economic benefits. Second, the article will examine threats to the Alliance’s critical GPS infrastructure, particularly Russia’s meddling with foreign satellites. Subsequently, examining these threats highlights the main future challenges and how this forms the stepping stones to move to the next chapter: NATO’s major policy shift from defensive to offensive cyber defence policy, as stated in the Brussels Summit Declaration of 2018. To conclude, a multitude of policy recommendations will set out the way toward success for NATO’s new offensive Cyber Structure Command of 2023.

By Maaike Machiels

1. Cyber Defence: Defining the Concept

In addition to cyber threats to civilians, companies, governments, and national militaries, NATO has faced several cyber attacks during this decade. Consequently, and similar to national security mechanisms and governments, NATO is challenged with conceptualizing and institutionalizing its cyber defence policy as well as reinforcing cyber security in its member states against the rapidly evolving field of cyber technology.

Prior to illustrating current challenges and elaborating on NATO’s future endeavours in the cyber field, this article will attempt to conceptualize the notion of ‘cyber defence’. Subsequently, NATO’s cyber defence strategy will be submitted to scrutiny. This analysis will constitute the basis for drafting policy recommendations for enhancing NATO’s efficiency and operability in the future, global cyber sphere.

A concise definition of cyber attacks, carrying authority in (inter)national military doctrine, is supplied by the Tallinn Manual 2.0. According to this Manual, a cyber attack is “a cyber operation, whether offensive or defensive that is reasonably expected to cause injury or death to persons or damage or destruction to objects.”[i] This definition was drafted by a group of legal experts acting under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), based in Tallinn, Estonia. The definition leaves room for interpretation and simultaneously illustrates one of the current challenges in the cyber domain: defining the concept and limits of cyber attacks, leading to the (de)legitimation of any strategy/policy within the cyber defence field.[ii]

In 2017, NATO Secretary General Jens Stoltenberg emphasized the dangers of cyber attacks, whether against NATO’s critical infrastructure or on the national infrastructure of its member states, citing a sixty-percent increase in cyber attacks from 2016 to 2017.[iii] The gradual increase of cyber attacks threatens the entire globe, because this new phenomenon defies all pre-existing international laws and military rules. Modern cyber threats blur the distinction between governmental and private attacks, do not distinguish between military and civilian targets, and occur both in peace- and wartime. Therefore, an all-encompassing cyber threat demands a holistic, immediate, and legitimate response as well as an ongoing debate with all affected stakeholders. States’ actions to prevent cyber attacks, while not having the same intent as the aggressor but nevertheless participating in the cyber security sphere by either deterring, preventing, defending, or undertaking an offensive countermeasure, can be categorized as ‘cyber defence’.[iv]

Cyber experts often distinguish active cyber defence from non-active cyber defence. Active Cyber Defence (ACD) encompasses proactive and offensive (counter)measures outside of the victim’s network that might amount to surpassing the ‘armed attack’ threshold, thus provoking a conventional conflict between two state actors subject to the rules of international humanitarian law. A wide array of countermeasures can be put into place, from detection and neutralisation of malicious software by using intelligence sensors and measures obstructing espionage, to strikes such as ‘hack-backs’: the latter possibly amounting to ‘cyber warfare’.[v] Both the US and the UK utilize the ACD approach in case of a cyber attack. 

The EU opted for a less offensive, but preventive, approach categorized as ‘resilient or fortified cyber defence’. This approach prioritizes information sharing, public-private cooperation, and education and training in common standards and concentrates on fortifying critical infrastructure so as to proactively defend its assets from any future cyber attack. The focal point of this doctrine is to guarantee the continuous functionality of infrastructure that is likely to succumb to any future cyber attack and might bear disastrous effects for a society. In some writings, ‘resilient’ and ‘fortified’ cyber defence are approached as if they are different concepts.[vi] This article, in contrast, does not distinguish one concept from the other in order not to strain too far from practice. Both concepts, best stipulated as ‘non-active cyber defence’, are to some extent interchangeable and procure better results when applied simultaneously. Until recently, NATO followed the resilient approach. NATO’s current position and future endeavours in cyber defence will be elaborated in further detail in the following sections.

2. NATO’s position in Cyber Defence

International law is created by and for states. According NATO’s Cyber Defence Pledge, the Alliance’s mandate has always been essentially defensive, relying on its Allies’ cyber capabilities to execute operations. (Legal) protection of critical infrastructure and related offensive strategies always remained a sovereign national prerogative, while NATO’s cornerstone was to build a resilient cooperation, founded on information-sharing, education, and risk management, to counter any negative consequences resulting from cyber attacks. To date, NATO’s priority lies with improving its own institutional infrastructure and computer networks, whilst supporting and bolstering resilience and defence capabilities through multinational projects.[vii] Nonetheless, future NATO policies should take a stance regarding the behaviour of Allies when being attacked by an aggressor state, and NATO has to reconcile its own agenda with the approaches of its members.[viii]

NATO has proven to be concerned with the rapid evolution of cyber space and cyber threats thanks to its many endeavours during the last years. The inclusion of cyber attacks in Article 5, the embodiment of NATO’s collective self-defence, incited further action in the cyber field. For instance, NATO provides adequate resources to its Allies through institutions such as the NATO Cyber Defence Centre of Excellence, the NATO Cyber Rapid Reaction Teams, the NATO Computer Incident Response Capability, and cooperation with national CERT (Computer Emergency Response Teams). The resilience strategy of NATO’s cyber defence strategy is reflected in the outcomes of the Warsaw Summit and the Brussels Summit. Moreover, NATO has fostered cyber interoperability with the EU, the UN, the OSCE, and industrial stakeholders as well as sponsored national cyber initiatives.

1. Current Challenges

The preamble of the North Atlantic Treaty emphasizes NATO’s guiding purposes and principles: freedom, civilisation, democracy, individual liberty, the rule of law, and the preservation of peace and security. In light of the emergence of Russia and China as possible adversaries in a future cyber conflict, the importance of these fundamental principles when engaging in cyber warfare was questioned during the Munich Security Conference in February 2019.[ix] On the one hand, cyber policy strategies concerning critical infrastructure are a national prerogative. On the other, these national strategies do not necessarily coincide with other states, nor are they governed by one institution; therefore, they remain very much unregulated on the international scale.[x] Despite states’ dominant role in cyber defence, two newly emerging infrastructure networks are nonetheless worth addressing on the NATO level: Chinese 5G networks and GPS networks mainly threatened by Russia.

2. Critical Infrastructural Challenges

1. Chinese 5G Networks

Huawei’s innovative 5G network will provoke a major evolution in global economics, (cyber) security, and policy-making.[xi] Among other benefits, 5G networks promise faster data speed, enhanced artificial intelligence and machine learning in the global market, and will thus conquer a major position in all corners of the ‘internet of things’ across the globe. Huawei, holding the world’s largest market share, has completely surpassed other ‘5G pioneers’ such as Ericsson, Nokia, and ZTE.[xii] Huawei’s dominance, acquired through government support, investment in education and technological innovation, attractive selling prices, large-scale contracting, and unrivalled competition, have aided Chinese economic and governance models in penetrating Western, democratic societies.[xiii]

Western economic powers and alliances fear China’s prevalence in the global market. Even though a 5G-breakthrough is an enormous (economic) goal rather than merely a security risk, several NATO Allies[xiv] have attempted to diminish China’s influence on their national networks, including completely banning Huawei’s services. This measure is based on a multitude of legitimate concerns.

Firstly, exclusively relying on one vendor, in this case a society driven by national interest instead of individual human rights, might facilitate China’s illegal meddling in Western societies’ data. China is known for its cyber espionage and mass surveillance practices[xv] and does not refrain from publicly identifying itself as an adversary of Western democracies.[xvi] Even more so, China signed a deal with Russian’s telecom giant MTS to launch 5G-generation in 2019–2020. This bilateral agreement further distances China from any democratic cooperation with Western democracies and solidifies its economic position against the ‘rest of the globe’. Likewise, by co-opting Russia, China might pose a greater military threat to the heart of the Alliance.

Secondly, Huawei has refrained from divulging any information regarding its internal functioning or its relationship with the government, Chinese military, or intelligence service. In spite of many public allegations, Huawei has brushed these off by stating it is the most audited technology company in the world.[xvii] This lack of disclosure renders any transparency impossible between democratic states and Chinese companies.

Thirdly, smart technology paves the way for potential surveillance over the entire planet. States with a weaker human rights protection, such as Serbia, Turkey, and Russia, have been subjected to mass surveillance through the purchase of Huawei’s cameras with facial recognition software, thereby endangering its citizens’ human rights and subjecting its own government to political meddling.[xviii]

The purchase of 5G networks by some NATO Allies illustrates a dual approach towards external cyber powers: states benefit from the advantages of global trade, on the one side, and avoid a possible adversary in future cyber conflict, on the other.[xix]  These differences in policy-making might cause fractures within the Alliance and renew debates concerning fundamental Western values.[xx] National policies, financial and technological resources are strongly nuanced and differ amongst each other,[xxi] and there is no consistency between national policies on the threat Huawei poses. The UK, not lacking resources for cyber defence, established the “UK Huawei Cyber Security Evaluation Centre”. This centre, with newly erected centres in Germany and Belgium to follow, is a rigorous supervision mechanism overseeing Huawei’s operation in the national context and aims at holding Huawei accountable for any breaches in national cyber space. Two-thirds of NATO’s allies, nonetheless, lack the necessary resources to establish such oversight mechanisms and are dependent on richer third countries, such as the UK.[xxii] Concerns regarding sensitive information sharing between NATO and Allies might raise tensions and obstruct (bilateral) agreements.

Apart from its Allies, NATO itself might suffer damages. NATO depends on the critical infrastructure of its Allies to execute national operations and missions. Therefore, any threat to critical national infrastructure affects NATO by extension. Even more so, any threat to its Allies is a threat to NATO’s founding values. NATO must ensure (military) safety outweighs economic benefits.

1. GPS networks

Space-based assets should be awarded a major position in future debates about the protection of critical infrastructure of NATO Allies. To some extent, data stemming from other critical infrastructure is highly dependent on terrestrial networks, such as the reliance of telecommunications on GPS satellites. This interoperability might lead to a cascading effect, where not only the attacked server suffers damages but all linked networks representing different aspects of society.[xxiii] Therefore, a cyber strategy proportional to the scale and gravity of the cyber threat should be in place.

Space-based assets encompass cyber elements that depend on navigation and (geo)location in which the global position system (GPS) is the most important—and hackable—tool, because its data flows through satellites, ground stations, and land pipes.[xxiv] Even though critical terrestrial infrastructure goes far and beyond GPS satellites, this article will remain limited to illegitimate interference in GPS systems as this might pose an equal threat to NATO and its Allies.

GPS systems not only transmit data between terrestrial satellites but operate through ground stations, connecting landlines and user terminals. All these tools may be endangered by cyber threats. Apart from the multitude of possible targets, cyber threats themselves are multifaceted. Cyber threats to GPS systems might range from causing rather minor disturbances in the satellite’s network, such as monitoring data patterns, to severe cyber attacks, such as inserting corrupted data, loss of data, widespread disruptions, or permanent loss of a satellite. On top of that, military and commercial assets cannot strictly be distinguished. For example, military GPS signals are often deployed in commercial aviation. Accordingly, cyber threats to military targets might cause (collateral) damage to civilians, as well. This peculiar predicament is especially concerning for NATO, as the organization relies on Allies’ military GPS infrastructure. Considering society’s equal reliance on military and commercial infrastructure, a nation-state lacking considerable resilient GPS networks exposes not only its government and military to cyber threats but also its citizens. An undemocratic foreign power’s, such as Russia’s or China’s, dominance over civil aviation might threaten the individual human rights of the buyer nation’s own citizens, no matter its economic advantages.[xxv]

Like China, Russia is known for its unlawful interferences in Western democracies’ cyber space and being the aggressor of cyber attacks on (military) institutions, companies responsible for vital national infrastructure, and citizens. Russia claims to dispose of assets that are capable of disrupting cyber space or that might deny space-based assets to adversaries in future warfare as a form of military boycott. 

Another reason to prioritize cyber defence for GPS networks is their inherent two-fold vulnerability. Firstly, several supply chain elements of GPS networks in commercial use are barely traceable. In combination with the lack of a coherent global supervision mechanism, data leaks, breaches, or weaknesses in the supply chain are often not addressed nor can military security standards be enforced.[xxvi] Secondly, NATO expressed its desire to include space as a domain of warfare during the London Summit end 2019. Even though many applaud the inclusion of space into modern warfare categories, the principles of international humanitarian law will have to be reshaped to be pragmatically useful for space warfare. For instance, scholars will have to investigate how the principle of distinction can govern an attack on a satellite with dual (civilian-commercial and military) use.

Moreover, the threat to national cyber space reflects a threat to NATO as an organization. NATO has no satellites of its own, with the exception of stationary ground satellite communications.[xxvii] When it wants to conduct a military operation, NATO is obliged to solicit its member states or GPS equipment and software. In brief, NATO remains highly reliant on its allies for all space-sourced data, information, and services, and the present security of space capabilities is ultimately in the hands of states. Consequently, a cyber attack on a national satellite might equally affect cyber space in a member state and in NATO itself.

3. Conclusions and Recommendations

1. The Brussels Summit of 2018 and the Cyber Command Structure of 2023

During the Brussels Summit in 2018, NATO recognised the complex and rapidly changing nature of cyber space and ventured in the direction of developing an ‘overarching space policy’, which was finally approved on 27 June 2019. NATO Secretary General Jens Stoltenberg emphasized the defensive nature of NATO’s operations in which NATO needs to be a forum to share information, support allies, and increase interoperability. Apart from solely addressing ‘space’ as a vulnerable factor, the outcome of the Brussels Summit introduced a New Cyber Operations Centre in Belgium that will serve to strengthen the cooperation between NATO and its Allies by assimilating NATO’s resources within the needs of Allies’ operations.[xxviii] This newly founded centre will operationalise the new Cyber Command Strategy starting from 2023.

Recognising the rising cyber threat from non-democratic countries in an enhanced, economically dependent and interconnected globe, NATO wishes to integrate member states’ cyber capabilities into NATO operations. These operations will be coordinated by the Cyber Command Centre in Belgium and will remain under one general, unified command of the  Supreme Headquarters Allied Powers Europe (SHAPE). The Supreme Allied Commander Europe (SACEUR), thus enabled by a crafted and pragmatic operations’ toolbox, will offer an immediate and ‘real-time’ response to cyber threats, much like the pre-existing agreements on air defence and ballistic missiles. The purpose is to go beyond pure protection and prevention of attacks on Allies’ and NATO infrastructure and to acquire a full understanding of NATO’s cyber space, in particular its vulnerabilities. This will be a reliable tool for commanders and to deter possible future adversaries from attacking.

NATO’s newfound ability to interfere directly with adversaries’ operations, manipulate infrastructure through malware, shut off power networks, and stop an attack before it happens will affect the calculations of hostile actors, particularly whether or not the potential cost of the attack outweighs strategic gains.[xxix] In brief, this command structure implies a major policy shift from NATO’s past, purely defensive mandate to granting NATO the capacity to launch offensive attacks.

However, while applauding NATO’s awareness of the emerging threats and its recognition of a swift, unified response, a multitude of challenges must be overcome in order to render the command structure operational. To date, NATO lacks cyber warfare principles, thereby lacking any legal ground to derive hands-on rules regulating NATO’s offensive attacks and diminishing its ‘immediate reaction’ capacity.[xxx] Besides lacking cyber warfare principles, NATO’s general policies are absolutely a conditio sine qua non that determines how to respond offensively. So far NATO remains dependent on US policy and steers its operations on a case-by-case analysis, which will not be effective under a general command structure. Therefore, a formalized general command is absolutely vital to offer top-down guidance to Allies.[xxxi]

As cyber threats penetrate all layers of society, a holistic command structure should go beyond unifying purely military responses and enlarge its scope to the private sector, because the private sector’s strong online presence, for instance, might contribute to combating misinformation.[xxxii]

1. Conclusions and recommendations

Even though NATO recognizes the absolute necessity of a unified, formal, immediate, and holistic command, the enforcement of this command structure remains rather utopian. Following the formation of such a command, NATO will have to develop a general policy plan to carry out its new command structure mandate. This section will, while concluding the previous sections, reflect on a few policy recommendations that should be taken into account before 2023.  

The existing debate on whether to engage with Huawei’s mobile networks demands a drastic (NATO-steered) policy change for some of its Allies. A protectionist approach will shield NATO from any technological advancement, which is a disproportionate cost in relation to a minor security gain, with counterproductive effects. The withdrawal of NATO Allies from global 5G networks will only deteriorate relations with China and enhance China’s market dominance. Therefore, to counter the threatening, undemocratic Chinese (and Russian) dominance over NATO’s Allies and to deter any cyber attacks, NATO will have to enhance its international collaboration with Huawei and impose a ‘peaceful forcible cooperation’.[xxxiii] Although seemingly contradictory at first, NATO must uphold open, peaceful diplomatic engagement with rivals, firstly, to partake in global trade and, secondly, to create a platform to preserve its fundamental democratic aims and principles. Diplomatic engagement will pave the way for enhanced transparency, openness, and mutual dependency. Bilateral agreements based on mutual respect and without sacrificing NATO’s fundamental values will reduce the logic for foreign cyber aggression,[xxxiv] thereby de-incentivizing any future adversary from developing cyber threats.[xxxv]

Nevertheless, should these bilateral agreements be drafted in the future, they should be enforceable, include accountability clauses, have the ability to impose sanctions/obstructions to a certain degree, and include all stakeholders on a level playing field in cyber defence.[xxxvi]

Apart from the diplomatic approach with China, NATO should ensure its Allies maintain confident relations with one another. As mentioned above, resources differ between member states, leaving the majority dependent on a third state’s cyber intelligence. To ensure its own military power and resilience against China, NATO should facilitate the sharing of sensitive information amongst its Allies.

While fostering a unified offensive cyber defence strategy, NATO should refrain from its Allies’ national prerogatives, namely the decision of whether or not their reaction to a certain cyber attack is legitimate and thus authorized by the UN Charter. Admittedly, international law is not sufficiently developed to regulate counter offenses in detail, but most fundamental texts—whether designed for warfare or peacetime—should be respected.  

Not only should NATO take responsibility, but so also should its Allies, who are encouraged to re-evaluate their national digital dependency, especially in relation to 5G networks. States should investigate their continuity mechanisms and draft scenarios with alternative solutions to sole dependence on Huawei.[xxxvii] On an even more pressing note, and before any policy or general principles can be drafted, member states should urgently develop a common risk assessment of Huawei’s mobile networks on global trade and military security. A successful resilience and offense strategy should be built on a common strategy fuelled by a certain consensus on values, measurements, and beliefs.

In conclusion, a considerable number of top-down policies remain to be drafted: strategies demand to be amended on NATO’s side, and Allies’ stances will have to be reconciled in order to tackle future cyber threats from Russia and China. Recent security meetings and conferences, namely the Munich Security Conference, demonstrate an awareness and incitement to address today’s needs in cyber space. NATO and its Allies wish to centre themselves around the democratic defence of human dignity while striving for global peace and upholding respect for the rule of law, thereby reaching consensus on the destination of NATO’s role in cyber space. The journey ahead—or the years leading to 2023—will prove whether or not this destination is feasible.

About the Author

Maaike Machiels is a recently graduated student from Hasselt University, Belgium. She received
her master’s degree in administration of law. Her thesis dealt with the law of war in the 21st century, with a particular focus on states’ obligations in Syria. Currently, she is conducting legal research in the field of international criminal law in Jerusalem, Israel. She is a patron of Jonge Atlantici (Netherlands Atlantic Youth) and participated in the Model NATO Conference on ‘Proportionality in Cyber Warfare’ in The Hague Centre for Strategic Studies in June 2019.

Notes

[i] N.M. Schmitt, Tallinn Manual 2.0 on the International Law applicable to Cyber Operations, NATO Cooperative Cyber Defence Centre of Excellence, Gen. Ed. (Cambridge: Cambridge University Press, 2017), accessed 7 October 2019, https://assets.cambridge.org/97811071/77222/frontmatter/9781107177222_fr....

[ii] S. Arts, “Offense as the New Defense: New Life for NATO’s Cyber Policy,” Policy Brief, The German Marshall Fund of the United States, 13 December 2018, accessed 9 October 2019, http://www.gmfus.org/publications/offense-new-defense-new-life-natos-cyb....

[iii] “Doorstep statement by NATO Secretary General Jens Stoltenberg prior to the informal meeting of EU Ministers of Defense, Tallinn, Estonia,” The North Atlantic Treaty Organization, 7 September 2017, accessed 7 October 2019, https://www.nato.int/cps/en/natohq/opinions_146642.htm?selectedLocale=en.

[iv] B. Tinger, “Electronic jamming between Russia and NATO is par for the course in the future, but it has its risky limits,” New Atlanticist, Atlantic Council, 15 November 2018, accessed 9 October 2019, https://www.atlanticcouncil.org/blogs/new-atlanticist/electronic-jamming....

[v] For example, a situation in which a company’s/government’s networks were hacked by another state and the victim state answers by hacking the networks of the aggressor. See: S.R. Dewar, “The ‘Triptych of Cyber Security’: A classification of Active Cyber Defence”, Proceedings of the 6th International Conference on Cyber Conflict, NATO CCD COE Publications, Tallinn, 2014, pp. 21, accessed 8 October 2019, https://ccdcoe.org/uploads/2018/10/d1r1s9_dewar.pdf.

[vi] ‘Fortified’ implies the establishment of identification technologies, such as anti-viruses and firewalls. See: Ibid.

[vii] Arts, “Offense as the New Defense.”

[viii] B.C. Porter, “Collective Defense of Human Dignity: The Vision for NATO’s Future in Cyberspace,” Issue Brief, Atlantic Council Scrowfort Center for Strategy and Security, 16 July 2019, accessed 9 October 2019, https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/co....

[ix] Munich Security Conference, Munich Security Report 2019, Conference Proceedings, accessed 13 October 2019, https://www.securityconference.de/en/publications/munich-security-report/.

[x] “Cyber security in critical infrastructures,” Open Data Security (ODS), 27 August 2019, accessed 23 October, https://opendatasecurity.io/cyber-security-in-critical-infrastructures/.

[xi] K.A. Sen, “5G Access key to competing globally, says Former Homeland Security Secretary Chertoff,” Atlantic Council, 24 April 2019, accessed 23 October 2019, https://atlanticcouncil.org/blogs/new-atlanticist/chertoff-cyber-5g/.

[xii] Huawei’s annual revenue in 2018 was USD 107 billion, which is good for a market share of 29%, more than the market share of Ericsson and Nokia combined. Huawei also surpassed the market share of mobile networks of ZTE. See: B. Fung, “How China’s Huawei took the lead over U.S. companies in 5G technology,” The Washington Post, 10 April 2019, https://www.washingtonpost.com/technology/2019/04/10/us-spat-with-huawei....

[xiii] Huawei already has a monopoly in Latin America, Mexico, Brazil, and some European countries, spending twice as much on research as Ericsson and Nokia combined. See: D.P. Goldman, “We Need Our Mojo Back Vis-à-Vis China,” Law & Liberty, 12 September 2019, accessed 21 October 2019, https://www.lawliberty.org/2019/09/12/we-need-our-mojo-back-vis-a-vis-ch... Fung, “How China’s Huawei took the lead”; Sen, “5G Access key to competing globally”; Porter, “Collective Defense of Human Dignity”; K. Kaska, H. Beckvard, and T. Minarik, Huawei, 5G and China as a Security Threat, CCDCOE, accessed 22 October 2019, www.publiations@ccdcoe.org.

[xiv] Such as the US, Australia, New Zealand, Japan, the Czech Republic. See: Kaska, Beckvard, and Minarik, Huawei, 5G and China.

[xv] Such as the alleged cyber espionage with Cisco in 2013 and T-Mobile in 2014, data breaches through hacking practices in the US and other illegitimate actions in Iran, North Korea, Australia, and the Czech Republic. See: Ibid.; Fung, “How China’s Huawei took the lead.”

[xvi] Kaska, Beckvard, and Minarik, Huawei, 5G and China.

[xvii] Ibid.

[xviii] “Huawei surveillance: Chinese snooping tech seen spreading to nations vulnerable to abuse, keeping tabs on trouble-makers,” The Japan Times, 17 October 2019, accessed 23 October 2019, https://www.japantimes.co.jp/news/2019/10/17/business/tech/huawei-survei....

[xix] Porter, “Collective Defense of Human Dignity.”

[xx] M. Chertoff, Speech, 8th Annual International Conference on Cyber Engagement, Atlantic Council Scowcroft Center for Strategy and Security, Washington, 23 April 2019, accessed 20 October 2019, https://atlanticcouncil.org/blogs/new-atlanticist/chertoff-cyber-5g/. 

[xxi] For example: allowing the purchase of 5G networks from Huawei (Slovakia); restricting the purchase (US); distributing the purchase between several providers (Canada). See: Kaska, Beckvard, and Minarik, Huawei, 5G and China.

[xxii] Ibid.

[xxiii] T. Harisson, K. Johnson, and T.G. Roberts, Space Threat Assessment 2018, Report, The Center for Strategic & International Studies: Aerospace Security Project, April 2018, accessed 23 October 2019, https://www.csis.org/analysis/space-threat-assessment-2018.

[xxiv] Example of ground stations: use of landlines and antenna’s on the ground. See: L. Lumiste, Chatham House Report: Space – NATO cyber security’s weak spot, International Cyber Developments (INCYDER), 2019, accessed 10 October 2019, https://ccdcoe.org/library/publications/chatham-house-report-space-nato-....

[xxv] Porter, “Collective Defense of Human Dignity.”

[xxvi] D. Livingstone and P. Lewis, Space, the Final Frontier for Cybersecurity?, Research Paper, Chatham House, International Security Department, September 2016, accessed 23 October 2019, https://www.chathamhouse.org/sites/default/files/publications/research/2....

[xxvii] Such as SATCOM. See: Lumiste, Chatham House report: Space.

[xxviii] Founded by the US-led coalition in NATO on 31 August, the Centre has already received contributions and national resources from Estonia, the USA, Britain, and other states. See: R. Emmott, “NATO Cyber Command to Be Fully Operational in 2023,” Reuters, 16 October 2018, accessed 30 October 2019, https://www.reuters.com/article/us-nato-cyber/nato-cyber-command-to-be-f... Arts, “Offense as the New Defense.”

[xxix] Arts, “Offense as the New Defense.”

[xxx] Ibid.

[xxxi] Ibid.

[xxxii] Porter, “Collective Defense of Human Dignity.”

[xxxiii] Ibid.

[xxxiv] Ibid.

[xxxv] Arts, “Offense as the New Defense.”

[xxxvi] Some of the players are civilians (critical civilian infrastructure, personal cyber hygiene), private companies, and private-public cooperations. See: Porter, “Collective Defense of Human Dignity”; Kaska, Beckvard, and Minarik, Huawei, 5G and China; Sen, “5G Access key to competing globally.”

[xxxvii] Kaska, Beckvard, and Minarik, Huawei, 5G and China.