An interesting read from @AtlanticCouncil by @safashahwan @SimonPHandler and @loomisoncyber. They recommend a NATO digital 0.2% policy (member states spend 0.2% of GDP on cybersecurity). While important for advancing the NATO conversation, I see a few issues.
A short thread. https://twitter.com/safashahwan/status/1316457716139855872">https://twitter.com/safashahw...
A short thread. https://twitter.com/safashahwan/status/1316457716139855872">https://twitter.com/safashahw...
First, as @JimGoldgeier and Garret Martin have written, NATO& #39;s 2% metric has become increasingly obsolete, and burden-sharing needs redefining: https://tinyurl.com/y2oa62q2
Mapping">https://tinyurl.com/y2oa62q2&... this construct onto cyber spending risks reinforcing and outdated concept.
Mapping">https://tinyurl.com/y2oa62q2&... this construct onto cyber spending risks reinforcing and outdated concept.
Second, while alluring, a focus on developing offensive capabilities runs counter to NATO& #39;s current cyber posture. NATO will not carry out offensive cyber ops itself, but instead would integrate offensive capabilities from volunteering member states: https://tinyurl.com/yc3p3knb ">https://tinyurl.com/yc3p3knb&...
Pegging a spending goal for offensive capabilities could undermine the alliance& #39;s defensive premise and provoke animosity from non-NATO states.
Developing offensive capabilities is also unrealistic for many smaller member states right now. My dissertation work on Estonia shows that human capital constrained the development of EDF& #39;s Cyber Command.
Until militaries can compete with the private and civilian defense sectors for talent, offensive planning will lag. Militaries need first and foremost to make sure they are adequately staffed for network defense before pivoting to building offensive capabilities.
I think the biggest payoff lies in the article’s discussion of digital transformation, but this notion remains broad. Instead of focusing immediately on spending metrics, the alliance should strive for greater clarity on strategic issues.
Deconfliction is certainly an area that needs more attention. For example, @Maxwsmeets has advocated for a Memorandum of Understanding between member states over offensive cyber ops: https://tinyurl.com/y3v5chan ">https://tinyurl.com/y3v5chan&...
Another potential approach is for NATO to promote a dialogue on civil-military deconfliction within member states so that high-demand, low-density resources are optimized in military and civilian defense spheres. Greater efficiency would certainly aid digital transformation.
However, until the alliance answers bigger questions related to deterrence and collective defense, developing a new spending metric seems arbitrary. This piece is certainly thought-provoking and is an important step forward in discussing NATO’s approach to cyber.
End thread
End thread