NATO Being Bullied? Impossible

In recent months, it has become impossible to ignore: cyber-attacks against NATO member states are rising sharply. According to a major digital-defence report from Microsoft, attacks attributed to Russian actors against NATO countries surged by around 25% in one year. While the large numbers may sound abstract, the implications are raw and urgent: the alliance that was formed for collective defence in the age of tanks and jets is now being tested in a landscape of code, networks and shadows.

What’s striking is not only the volume of incidents but the changing nature of the targeting. Government agencies remain high-value targets, yes—but so are research institutions, think tanks, non-profits and critical infrastructure (ports, shipping hubs, energy grids). These aren’t merely cyber-crime for profit; they are part of a broader hybrid-warfare strategy: probing, destabilising, eroding confidence, and preparing the battlefield for when—or if—a more kinetic turn occurs.

Why should this worry us? Because it raises a fundamental question for NATO: What constitutes an “attack” worthy of collective defence under Article 5? For decades the focus was on bombs, invasions and ships; now we face attacks that may not leave a crater—but can still disrupt power plants, halt ports, spoil elections, or undermine trust in institutions. That kind of damage may be just as harmful to societies as conventional conflict. Indeed, some intelligence officials warn that we might already be in a sort of “undeclared war”. Another dimension: the attacks expose asymmetry. A small number of well-placed cyber-actors can create outsized disruption. Compared to mobilising divisions of troops, states can employ proxies, criminal networks, and cyber-tools with relatively low visibility and cost. They blur the line between crime, espionage and warfare. One bulletin noted that cyber-physical sabotage of infrastructure (e.g., dams, undersea cables) is increasingly integrated with network intrusion.

What must NATO do? Here are some thoughts:

1. Re-define thresholds of attack: The alliance urgently needs a clearer definition of what level of cyber-event triggers collective response. If thousands of systems are compromised, ports disrupted, trust in democratic institutions shaken, those might be the equivalent of tanks crossing a border.

2. Improve readiness and resilience: Cyber-defence cannot be purely reactive. Member states must invest in infrastructure hardening, share threat intelligence, coordinate incident responses, and run joint exercises—not just for military engagements but for cyber-scenarios.

3. Public-private collaboration: Much of the infrastructure under threat is privately owned (energy grids, telecoms, shipping). NATO must deepen partnerships with industry, build shared frameworks, and ensure that key services cannot be quietly turned off or manipulated.

4. Deterrence and attribution: Cyber-actors often operate with deniability. To deter them, NATO must improve its ability to attribute attacks and respond with tangible consequences—sanctions, diplomatic moves, or even cyber-counter-operations that make the cost of entry higher for attackers.

5. Adapt strategic messaging: The war of perceptions is as real as the war of machines. Attacks aim not only to disable systems but to undermine public trust in alliances, governments and institutions. NATO must communicate clearly, maintain transparency and reassure populations that the alliance is neither oblivious nor impotent.

This is a defining moment for NATO. The alliance which once defended real-world borders now must defend digital borders—networks, data, infrastructure and trust. If NATO treats the cyber-threat as a sideshow, it risks finding itself outdated and ineffective. On the other hand, if it adapts, it can emerge stronger and more relevant than ever.

The shift from conventional war to hybrid war is not new—but the speed and scale at which it is now occurring demand an equal shift in strategy. When the next missile might be launched by code instead of a silo, who will step in? Who will answer? NATO must hold the line—not just against tanks but against bytes.

We cannot afford to wait until the lights go out, the ports stop, or the election results vanish into chaos. Because by then it may already be too late.

- A collaborative piece by Economics, Trade, Cybersecurity Focus Group @ ISYPO

Are you liking ISYPO's new Opinion Piece format? Let us know by contacting us via email!