Cyberattacks now can invoke Article 5 of the North Atlantic Treaty
During the June NATO summit in Brussels the allies reaffirmed the Alliance defensive mandate and added new commitments to counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns. ‘We reaffirm that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis. Allies recognize that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack’.
The NATO member states agreed to use NATO as a platform for information sharing and engagement on international cybersecurity concerns, and to continue to improve NATO’s cyber defenses.
Among the reasons for revising the defense policy were the frequent cases of cyber attacks on the critical infrastructure of the US and European members of the Alliance, as well as ransomware attacks on healthcare systems.