Chelsey Slack, Deputy Head of the Cyber Defence Section at NATO
For more than a decade, cyberspace has slowly but surely crept into our daily lives, going from being an experiment spearheaded by few to integrating nearly every one of our devices in our pockets, work devices, household objects and infrastructure management systems. This evolution prompted NATO to add cyber defence to its core task of collective defence.
Cyberspace has also been recognised as a domain of operations, with NATO allies recognizing the evolution of threats and seeing the need to be just as effective in cyberspace as in other domains such as air, land and sea. Although the principles underpinning the protection of this space are grounded in the same concepts as traditional domains, Chelsey Slack, Deputy Head of Cyber Defence at NATO, highlights key differences between these domains and what these differences mean in the context of international security.
“Growing up in Canada, my favourite subjects were always related to history, social studies and law. During high school, I had my first exposure to international relations; I learned about how countries work together and what they saw as key issues. That really piqued my interest and I decided to pursue my university studies in political science with a focus on international security.
Later, I worked for the Canadian foreign ministry and realised that I wanted experience in a multilateral context. After getting my Bachelor’s degree, I landed an internship at NATO, where I worked on trans-national threats.
One day during that internship, on my way home for Christmas, I wound up sitting at the airport, waiting for my delayed flight. I starting talking to the person sitting next to me; at the time, I was just about to submit my online application to a Master’s program and this man asked me about my research proposal. When I told him that I wanted to look into post-war reconstruction, this stranger, who worked in a similar field, looked at me very bluntly said: “That’s a very interesting topic but there are a lot of people working on it. I think you should consider focusing on something else.
When I got back to my internship after the holidays and my supervisor involved me in the development of one of NATO’s cyber defence policies, I knew this was what I had to write my thesis on… and I’ve been working on that same topic ever since!”
Chelsey sees cyberspace as a vector of potential and innovation that relies on open collaboration and exchange platforms and brings many benefits to society. That’s why she is passionate about her work in cyber defence at NATO:
“It’s about ensuring that cyberspace remains the open, secure and transparent place that we need it to be, to continue to harness those benefits.”
Although the same principle of collective defence – where an attack against one ally is considered as an attack against all allies – underpins cyberspace as it does air, land and sea, Chelsey has developed a deep understanding of how bringing this principle to life in cyberspace is different.
The first difference resides in the nature of this space: it is intangible.
“You can see troops, you can see tanks, and you can see planes that cross your border; but it’s not so easy to see an attack or understand what you’re dealing with in cyberspace.”
The second is that cyberspace underpins our communication systems and critical infrastructure, linking it to every other domain, while remaining a distinct domain of operation. The third is the pace of innovation and technological changes in cyberspace and its effect on established procedures. In the past, you could buy a new piece of equipment, for instance a truck or a tank, and it would be good to go for years.
“In cyberspace, you have to constantly keep up with the development of technology. The minute you buy a new piece of equipment, it’s already out of date.”
This speed does not only affect the technology:
“You need to make sure you train the people so they are able to operate in this constant state of change.”
In addition, although NATO allies recognized that international law applies in cyberspace, the domain’s specificities pose challenges:
“How do you impose consequences? What is the best way to enforce the international law that we have to draw upon?”
Lastly, the number and diversity of actors involved in cyberspace is far greater than on land, in the sea or in the air. Each one of these actors, many of which are private, is a potential target. This makes governments’ role in managing cyber threats and responding to them significantly more complicated.
As the fog of war is thicker in cyberspace, there are still plenty of questions being debated amongst allies. When NATO recognized cyber defence as a part of its core tasks of collective defence, there was deliberately no threshold set to determine what it would take for a cyber attack to be considered an act of war:
“This decision is context-dependent and ultimately needs to be a political one”.
Additionally, if a cyber attack were to be grounds to invoke Article 5, it would not mean the allies’ response would have to leverage cyber capabilities.
“That’s part of the cross-domain approach; cyber is but one tool in our toolbox.”
Many of us do not think about cyber security through the foggy lens of war. Professionals like Chelsey bring cyber security from a commercial concept to one of international security, and ultimately, will have an enormous influence on the world we live in.