NATO is struggling to agree on a common response to Russian cyberattacks leaving the alliance vulnerable, experts wanted last night. Recent months have seen a string of high-profile cyberattacks across Europe. Marks & Spencer, the Co-op and Harrods have all reported breaches, with M&S estimating losses of £300m. Jaguar Land Rover was forced to pause production, and airports in Berlin, Brussels and London faced weekend delays after a ransomware strike on a Collins Aerospace check-in system.
The outage, which officials confirmed was caused by a “third-party” ransomware attack, came just four days after Collins was awarded a NATO contract. Chancellor Rachel Reeves linked the incident to wider geopolitical tensions. “That is why we are increasing the pressure on Russia,” she said. “Russia respects strength, and that’s the only message they read.”
Investigators have not attributed the Collins attack to any state actor, though Western agencies have blamed Moscow for other recent operations, including sabotage of a Norwegian dam and the hacking of border surveillance cameras.
Yet NATO nations are holding back from cyber retaliation.
The disjointed nature of NATO’s cyber posture is borne out by the training and advice given by the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) in Estonia, established after Russian cyberstrikes in 2007.
Its 73 personnel, including staff seconded from partner nations such as Finland, Sweden, Austria, Ireland, South Korea and Japan, offer legal guidance and robust training through defensive exercises such as “Locked Shields” and offensive scenarios like “Crossed Swords.”
But Col Christoph Kuhn, a German officer and the centre’s deputy director, confirmed last week that “NATO has no offensive cyber capability. Defence is within your own network; once you cross outside, it becomes offensive, and that remains with nations.”
Instead, he explained, the centre provides parameters.
“We give the right and the left border, and it is the government that decides. Some allies are more offensive-minded, others defensive. Our role is to show the parameters – legal, technical, operational – and let nations choose.”
Lauri Almann, co-founder of CybExer Technologies and a former Estonian deputy defence minister, said NATO had already come a long way in its decision to publicly name and shame Russia.
“The attribution decision was significant,” he said.
He warned that, in some cases, retaliation may prove counterproductive by revealing networks and capabilities needed in wartime. “Hit us, we hit you probably doesn’t work. Eye for an eye doesn’t work in cyber – it doesn’t technically make any sense,” he said.
“Attacking Russian airports successfully would probably be more damaging to our security. We would reveal certain methods and presence.”
But Hans Horan, cyber expert with the Hague Centre for Strategic Studies, described NATO’s wider posture as “a hodgepodge.”
“They don’t tell members, ‘If Russia does this, you do that,’” he said.
“Tier one states – the Baltics, Finland, Poland, Germany, France, the UK – face daily incursions. Spain or Portugal are not in that league, and the difference in threat level feeds into the difference in investment.”
That unevenness, he argued, is precisely what Moscow seeks.
“Russia wants a disjointed Europe. It probes constantly – espionage, disruption, attempts to test resilience – knowing NATO isn’t harmonised.”
