No solvency. The internet is a global network, so if the Baltics strengthen their own cyber security Russia will just look to other countries to find weaknesses in. the internet security infrastructure.
Ben Stojvoskyi, 2021, 1-21, https://www.zdnet.com/article/cyberattack-fears-raise-the-alarm-in-eastern-european-countries/, Cyberattack fears raise the alarm in Eastern European countries
The cyberattacks that targeted multiple US government agencies and companies in recent months have raised the alarm in developing Eastern European countries regarding their own cybersecurity capabilities. During the past year, some of them, like North Macedonia, have already experienced breaches of their state IT systems: last summer, the country had its electoral process disrupted by massive DDoS attacks that happened on election night. Hackers targeted the website of the state electoral commission, which went down for a few days before the election results could finally be made available to the Macedonian public In 2019 in neighboring Bulgaria, more than five million people had their personal data stolen in a breach of the national tax agency. The hacked database was then also shared across various hacking forums, as ZDNet reported at the time. SEE: Security Awareness and Training policy (TechRepublic Premium Shorty after those attacks, Bulgarian officials acknowledged the need for further investments in cybersecurity. Bulgarian foreign minister Ekaterina Zaharieva said the country would aim to increase the number of IT specialists in the state administration. The country also signed a 10-year roadmap with the US, aimed at bolstering the modernization of its army and cybersecurity. Bulgaria’s neighbor Romania also faced several cyberattacks the same year, as ransomware attacks targeted computer systems across hospitals in the country. Should this have happened during the current COVID-19 pandemic, the consequences for the health system in the country could have been dire The cybersecurity community, as well as experts and IT professionals across the Balkans, are sounding the alarm regarding the cybersecurity capacities of various state institutions in these countries. The fragile state of cybersecurity in countries across the region could yet be exploited by hacker groups and malign actors. By targeting multiple state agencies or institutions, such attacks could also have consequences on their economies – for instance, an attack on the banking system could cause a major disruption. And most of these countries do not have the resources like their Western counterparts to invest in strengthening their cyberdefences, despite their desire to do so. Even if they did, attacks such as those in the US show that there are no guarantees when it comes to the potential that various cyber threats can have.
The Baltics have the best cyber security in Europe, they are in the top 7
Tech July 11, 2021, https://tbtech.co/news/which-european-countries-have-the-best-and-worst-cybersecurity/, Which European countries have the best and worst cybersecurity?
The research found that Portugal scored highest for cyber safety with a result of 8.21 out of 10, followed by Lithuania and Slovakia, who produced scores of 7.99 and 7.21 respectively. Notably, the United Kingdom finished outside of the top 10, placing 16th out of 24 with a score of 5.59.
Rank Country Cyber Security Score (/10)
1 Portugal 8.21
2 Lithuania 7.99
3 Slovakia 7.21
4 Greece 7.03
5 Spain 6.82
6 Estonia 6.75
7 Latvia 6.20
8 Finland 6.09
9 Denmark 6.08
10 Slovenia 6.05
The top 10 countries with the best cybersecurity
Turn – Integrating the Baltics into NATO’s cyber security leaves these countries worse off, as NATO has weak cyber security
Bruce Scheiner, June 4, 2021, https://www.brookings.edu/techstream/hacked-drones-and-busted-logistics-are-the-cyber-future-of-warfare/, Hacked drones and busted logistics are the cyber future of warfare
In 2018, a 29-country NATO exercise, Trident Juncture, that included cyberweapons was disrupted by Russian GPS jamming. NATO does try to test cyberweapons outside such exercises, but has limited scope in doing so. In May, Jens Stoltenberg, the NATO secretary-general, said that “NATO computer systems are facing almost daily cyberattacks.”
Bojan Stojkovski is a freelance journalist covering foreign policy and technology based in Skopje, North Macedonia., 1-21, 21, https://foreignpolicy.com/2021/01/04/flawed-cybersecurity-is-a-ticking-time-bomb-for-the-balkans/, Flawed Cybersecurity Is a Ticking Time Bomb for the Balkans
However, during the last few years, NATO member states across the region have also been hit hard by various cyberattacks. In 2019, neighboring Bulgaria suffered the largest theft of personal data in the region, after its National Revenue Agency was hacked. More than 5 million Bulgarians have had their personal data exposed, and the hacked database was shared on various hacking forums.
And Tech, July 11 (same cite as above) indicates, “The United Kingdom has the lowest exposure rank in Europe.” The UK is a leading NATO member. The US another NATO member, is known to experience cyber attacks all the time
Turn – NATO engages in offensive cyber operations
Patrick Tucker, May 24, 2019, https://www.defenseone.com/technology/2019/05/nato-getting-more-aggressive-offensive-cyber/157270/, NATO Getting More Aggressive on Offensive Cyber
In the latest signal NATO is adopting a tougher posture against cyber and electronic attacks, Secretary General Jens Stoltenberg this week said that the defensive alliance will not remain purely defensive. Stoltenberg told attendees at the Cyber Defence Pledge conference in London, “We are not limited to respond in cyberspace when we are attacked in cyberspace.” NATO members have already “agreed to integrate national cyber capabilities or offensive cyber into Alliance operations and missions,” he said. But the parameters of a NATO response to cyber attacks remains undefined. In 2015, Stoltenberg said that a cyber attack against one member nation could trigger an Article 5 collective response by all members. Yet only once has a collective response ever been invoked, at the request of the United States following the attacks of September 11, 2001. NATO is a defensive organization, so what an offensive cyber posture looks like remains something of a mystery. An Article 5 response can take many different forms.
Offensive cyber operations escalate
Ellers, 10-23, 19, How America’s Cyber Strategy Could Create an International Crisis, https://nationalinterest.org/blog/skeptics/how-americas-cyber-strategy-could-create-international-crisis-90526, María Ellers is a US-Russia Relations Intern at the Center for the National Interest.
The United States has adopted a new cyber warfare strategy focused on “persistent engagement” and “forward defense” in an attempt to thwart Chinese, Russian and other state-sponsored cyber attacks. While this unprecedented “defend forward” approach gives America many significant advantages in navigating cyber warfare, it also entails high-risks that could unintentionally escalate conflict. As a result, America must consider whether its traditional understanding of concepts like offense, defense and deterrence are applicable to the strategy of cyber warfare and whether they should continue to inform Washington’s cyber strategies. This was the theme of a panel discussion held by the Center for the National Interest on September 10, 2019. The discussion featured prominent experts on cyber warfare: Jason Healey, a senior research Scholar at Columbia University’s School for International and Public Affairs and the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012; and Ben Buchanan, assistant professor at Georgetown University and author of the book The Cyber Security Dilemma, which examines the intersection between cybersecurity and statecraft. The discussion focused on unpacking Washington’s new cyber strategy while raising questions on its effectiveness and subsequent implications on national security. Healey explained that the new strategy of persistent engagement and forward defense is not just designed to deter cyber adversaries, but to force adversaries to “play defense” and “raise the costs of offensive operations.” Persistent engagement refers to the Defense Department’s initiative to counter foreign cyber threats as they emerge. Forward defense, similarly, aims to gain the upper hand against an adversary by using direct actions to track, intercept and disrupt attacks in foreign cyberspace before they occur. America’s two strategies work together to ensure that there is no operational pause in American cybersecurity operations and that America has the capacity to disrupt attacks so effectively that an adversary’s “costs of employing an attack” against the United States are “higher than its benefits.” When deployed correctly, they put America’s enemies on the defensive and ensure that any states attempting to launch offensive cyber operations against America would be forced to rebuild its software and focus on its own defensive tactics instead of attacking. Healey explains that, from Washington’s perspective, such strategies would allow the United States to dominate the cyber domain, whilst establishing a set of norms of conduct in the cybersphere in a way that diplomatic negotiations would be unable to achieve via cyber redlines. In this way, these strategies would act as its own deterrent mechanism by setting the “guardrails” of permissibility in cyber warfare through the use of standard “tacit bargaining,” where states will moderate their behavior towards the United States over the long-term, thereby creating a more stable cyber environment and lasting U.S. superiority. Unfortunately, these strategies do have drawbacks. Although the Defense Department contends that persistent engagement and forward defense are inherently nonaggressive, move-countering strategies, it continues to promote them and use axioms like, “the best defense is a good offense,”—a phrase Healey finds extremely problematic. To Healey, this illustrates a lack of understanding in Washington as to what offense and defense actually mean in the context of cyber warfare, which could cause states to find themselves in a position of “not just persistent, but permanent conflict.”
Offensive cyber operations are likely to escalate, and US will not remain dominant
Ellers, 10-23, 19, How America’s Cyber Strategy Could Create an International Crisis, https://nationalinterest.org/blog/skeptics/how-americas-cyber-strategy-could-create-international-crisis-90526, María Ellers is a US-Russia Relations Intern at the Center for the National Interest.
Buchanan argues that Washington’s poor understanding of the indistinguishability between offense and defense is the pitfall in current American cyber strategy and that the utilization of traditional militaristic concepts in the cyber domain prevents the United States from identifying how intelligence collection can create unintended escalation. Buchanan remains skeptical that states will be encouraged to self-regulate their behavior in cyberspace. He worries that America’s cyber strategy may actually incentivize conflict escalation. Countries that perceive America’s defensive strategy to be offensive in nature would be encouraged to attack the United States in order to retaliate or acquire intelligence of their own to ensure their defense in the future. Healey describes this as a tit-for-tat response. Should the United States continue to utilize these strategies, then states will find themselves in a position of “not just persistent, but permanent conflict,” according to Healey. Though a defensive strategy of retaliatory countermeasures may be intended to avoid escalation, friction may instead lead to increasing instability in the cyber realm which could quickly spiral out of control. America’s new cyber strategy runs the risk of creating a security dilemma in cyber warfare, an arena in which traditional theories of deterrence are largely inapplicable. According to Healey, there exists a perceived “lack of restraint” in cyber warfare that gives the attacker a dangerous inherent advantage. In the cyber world, “defensive success” does not discourage attackers—advantage comes from the use of capabilities, “not their possession.” Thus, in a domain where cyber capabilities are likely to be used as first-strike weapons, “surprising your adversary” is much more important, further decreasing the likelihood that signaling will take place. Further insecurity is created due to rapidly regenerating capabilities in cyberspace, causing any relative superiority gained by the United States to be inherently fleeting and thus deterring an adversary from responding to traditional deterrence strategies. In other words, even if the United States were to gain superiority in the cyber field, it would not last long and would likely encourage other actors to attack the United States using newly developed cyber technology. For Healey, this is the most destructive factor to any strategy that attempts to deter escalating conflict.