involved hacking. but the relationship between anonymous and occupied does remind us that the lines between these categories of cyber conflict that i'm going to talk about remain quite blurry. next in the list is what has been called hacktivism. the converging of hacking with act vism. website defacements, breaking into websites and stealing personal information and the the use mal ware. the most well known recent examples include the exploits of the anonymous groups. these groups are generally against the state of course, but there are also patriotic hackers. we hear a lot about russian and chinese, but here we have them as well. this includes one hacker for example who calls himself the

jester. he uses various techniques to take down jihadist web forms. he also used targeted mal ware to mobile phones. next is cyber espionage. the use of the same techniques, social engineering, targeted use of mal ware, et cetera, to collect information on an add versionry for your competitor. there are really two types of cyber espionage, economic and political military. in economic we see competing corporations from different countries who engage in espionage on line. next is political military espionage which is more like the traditional state versus state

espionage that we typically think about when we think of espionage. this includes attempts to steal national security information. again, the boundaries are blurry here between these categories. states like china and russia will enlist the help for the purpose of engaging in cyber espionage. next is cyber crime, which of course is the use of various hacking tools and techniques for criminal purposes including theft and extortion. so just one example is the use of d dos attacks which can be used by organized crime groups to carry out what is essentially the equivalent of a protection react against e commerce websites. the techniques and tools are the same as used by political purposes and it's a way in which the boundaries are quite blurry. next in the list is cyber

terrorism. attacks against computers, networks and the information stored therein -- in furtherance of political or social objectives. to qualify cyber terrorism an attack should result in violence against persons or property, attacks that led to bodily injury, plane crashes, explosion or severe economic loss would be examples. serious attacks against critical infrastructures could be acts of cyber terrorism depending on their impact. attacks that disrupt nonessential services would not. cyber terrorism is typically carried out by nonstate actors, however most observers concede we have not yet seen any real world examples of cyber terrorism. finally in this list is cyber war, which we've heard a lot of talk about lately. an often times a lot of tease other types of cyber conflict

get lumped under this term, but for the purposes of this discussion i would like to define cyber war as something, you know, different and removed from all of these other types of conflict. and that is cyber war is the use of computer network attack techniques by one state against another where such attacks cause damage to military capabilities or civilian critical infrastructure. like cyber terrorism, such attack should result in injury, death, damage or destruction. we've seen few if any acts of stan alone cyber war to date. how does nato fit into all of this? well, nato's first experience with cyber conflict came during the 1999 kosovo operation. during that conflict people on both sides used the web to spread and or counter

propaganda. there were also a number of website break ins and viruses. beyond the immediate parties to the conflict, hackers from china became involved after the accidental u.s. bombing of the chinese embassy. the most well known was the 2007 cyber attacks against he is tonia. the protest spread on blien ray reports that the immediate effects to people were minimal and in many cases nonexistent and that no critical services were permanently affected. nonetheless, the attacks served as a wake up call leading to changes in policy including the

creation of the ccboe. in april 2011, the cyber initiative which provides cyber war information and advice to the u.s., published a report that assessed libyan vulnerable to cyber attacks. it came to light as a result of a breach of servers and theft of internal e-mails. it described possibilities for several attacks against libya. the wash post reported that the u.s. did consider cyber attacks to clear the way to protect civilians, but the u.s. rejected them because of the doubts about the ability to employ them in an effective and timely management. it was not nato's only encounter with hacktivists in 2011.

anonymous -- only released three pdfs so there's a debate whether they stole one gig bite or not. the hack was in response to a report that had listed hacktivism as a threat to glowing security. it's most recent cyber defense policy statement highlights a number of principles and goals for nato's cyber defense efforts. the primary focus of the policy remains the defense of nato's own networks and systems. actions in this area centralizing, but it also includes identifying critical and dependence -- developing minimum cyber defense standards for these national systems, especially where they intersect with nato networks. while recognizing the inevitability of cyber attacks,

the policy recognizes the need -- resilience to rapidly recover from attacks when they do occur. finally, nato retains the option to assist member nations that ask for assistance in the face of a cyber attack. to maintain flexibility, response will not be automatic or predefined in terms of its actions or scope. they seek to remain strategic ambiguity. the north atlantic council provides political oversight to the development and implementation of policy and also plays a crucial role in decision making in response to cyber attacks on nato and its members. vsh as well as to meet those minimum nato standards that are being developed.

the cyber defense management board, and finally the computer incident response capability works at the technical end of things to respond to cyber incidents. because nato is partly dependent on the networks and systems of its members, it has created rapid reaction teams that can be dispitched to assist members who are the victim of cyber attacks. and finally the center was established in 2008. to that end, they have hosted several international conferences and published in a number of reports that examine the challenges of strategy and law and other issues related to implementing cyber defense straightgy. i'll end by talkling about the challenges. nato faces a number of challenges in its attempt to implement these.

the first and most important challenge is whether or not cyber attacks should be identified as attacks that will trigger article five commitments. so far nato has not taken this step, but there are those who have argued that it should. however, i argue that there are good reasons not to deal with cyber attacks under article five. because of difficulty with attribution, any internal benefit that could be gained would be iment willed at best. what's more, most cyber attacks do not rise to the level of a military attack. nato would be stretched thin if it were to respond in each instance of cyber attack on a member state with an article five response. finally, the most potentially devastated cyber attacks, would already fall under article five. so no knew provision for putting cyber attacks under article five is really necessary.

so the temptation to define all cyber attacks as falling under article five is a tendency that we should continue to resist. second, developing and implementing a cyber defense strategy will be made more difficult by the fact that not all member states share the same perceptions of cyber threats. though most of the states agree that cyber threats are on the rise and of great concern, there is variation in the details of these threat perceptions including an identification of the most important sources, objects and potential impacts of these threats. these differences will inevitably pose a challenge and could limit the possible scope of nato response actions. third, aggregating all types of cyber attack into a genetic category of cyber threat, especially under the term cyber war, not oebl risks militarization of the issue, but also risks stretching nato's ability to respond to these issue. a level of hacktivism, crime and

espionage are daily occurrences. they can't be dealt with in the same way. on the flip side, disaggregating these threats raises the challenge of which organizations are best to respond to the various types of threats that are faced in and through cyber space. so for example most critical infrastructure systems are owned by private tooks within individual member states. it's often dif couple enough for the member states themselves to effectively deal with sieb security within their own boards and this difficulty combined, all come together to make it difficult for nato to do more than focus on its own networks. the u.s. reluctance to use cyber attacks points to the challenge of deploying them within timely manner and in turn this points

to potential legal challenges for deploying offensive cyber attacks in a time of conflict, in acard with the discrimination and proportionality. thank you. >> i think we'll go ahead and open it up for q and a. i'm just going to try and wrap this up and so reframe it so we can get a comment on, i think somebody mentioned something really important about integrating thsubstantive conversation we're having where we need to convince a lot of people with power to think about things differently and enact different kinds of priorities. so what i heard from my panelists here is that we're in

a world now where we haven't quite defined what is security, in an age of globalization, instant connection, we're in a world where distributive power has brought a wide ranging distributive threats and the most response to that has been drones, which makes sense but in a way is completely inadequate. when you look at the problems we're facing at the intersection of civil military issues. having worked in congress for many years, watching the u.s. military struggle with finding problems and coming up with solutions in our engagements throughout the '90s, we haven't had a forthright conversation about the division of labor for secured in a world where we've reached the limits of force in so many different ways. and nato it seems to me is

making institutional attempts to move forward, just reading the literature. saying instead of an exit strategy for afghanistan and the region, we need a commitment strategy. i heard somebody else the other day define development and nation building as expedition airy communication. over the 12 years i'd loot at this issues, it started out as military missions other than war and is now called stability operations. there's probably 12 different terms in there including peace enforcement, peace keeping, all of them have an identity politics of national security geeks problem, because if you call it one thing, it's sort of branded. and i think it ended up certainly in afghanistan calling these provisional reconstruction teams which were basically doing well armed social work.

so we've moved into this world where the military itself, at lease in this country, is looking at moving from containment to what they call sustainment. and sustainment is when you move from a military deterrent to having credible influence so other countries want to be involved with you, trust you, will go into partnerships with you. and what's again watching the budget debates in this town, it's taken the guns versus butter discussion to a whole other level where our own credibility is defined by the level of domestic investments we make in ourselves. if anybody is looking at what's going in congress right now, certainly you had senator luger who wasn't defended on the substance, he was defeated because he was substantive. that was a big issue in his racement and we have a budget crisis coming up in december where we're going to have this sequestration. you've got the usually suspects

and the usually chorus of voices, fence off, defend spending, hardware, military and the military itself continually testifying to the fact that the problems we're sending them into have no military solution. and it seems to me that this kind of a gathering can at least start to be more discrete and categorical about the division of labor and how do we get the political will now to move forward on this? because in my view, and geneve and i worked on the hill for a number of years together, we've never had better cover to have this conversation. because you've got some of the greatest thought leadership coming from the defense department and military alliances like nato. and nato has been a political military alliance as much as a military political alliance for almost two decades now. so are we going to finally have an honest forthright conversation about what this means? that's what i'd like to know.

>> let's go from here, down. >> executive director of basic. jean-loup, i wanted to focus on yours, particularly on the comments that lorelei has just made about nato being a political military alliance rather than a military political alliance and my question resolves around how relevant that is to the nonproliferation agenda. let me take you to a thought experiment. what if you picked up nato's defense college and planted it into tehran, what kind of a world would it look like? what would you be advising the leadership of tehran today? how would they respond to a situation where there are american forces in those

countries, nuclear forces, et cetera, et cetera. nuclear weapon states in pakistan and israel within striking distance. what would we be advising? because that is the relevant question when it comes to nato's response to nonproliferation. because as with our relationship with russia, deterrence is not in our capabilities. it is what in the minds of the russians or as it was, the soviets. and if we can influence what is in the mind of the iranians, that is the real goal when it comes to nonproliferation. if we surround them with more hardware, that will only encourage them to seek sol lace in other forms of hardware that we don't already have. if we try to engage them in conversation that could have them seeing that it's in their interest to engage in

nonproliferation, then we have a hope. so my question really is do you see the linkage between the classic linkage between disarment and nonproliferation, and if analysts do? if there is such a rin link, is there a link between nato's nonproliferation policy and its decisions over the next few years over the deployment of forward-based tactical weapons in europe or indeed its engagements in the review cycle we'll complete in 2015? >> actually, if people could direct their questions to one person, then i think we'll move along faster. >> okay. i'll try to answer. still struggling to imagine if i was working in tehran for the nato defense college, i will ask my boss when i go back to rome

what he thinks about it. about the issue of how tehran perceives its regional environment and in the end if we reenforce nato mill tory posture toward tehran, is it going to be the best way to lead to an arms race? i think nato is one part of the solution, but if we look in a comprehensive way at the iran yanish you, i would say that, of course diplomacy works only when we have the diplomatic, the economic and the military credibility, meaning that economic sanctions i think are necessary if we want to get some effective reactions from tehran.

but in the meantime, i think it's a positive sign that we have a new diplomatic process like for the next summit in bagdad. if we withdrew -- if we withdraw now the economic sanctions without having any diplomatic outcomes, it would be ineffective. so that's one thing. nato here i think is also part of the equation because in the end if we don't have a clear idea of how nato positions itself against one issue which has been defined by most of the nato country's decision makers, most of the presidents, the chief of states of the nato members, as the most important issue in terms of national security interest in the coming years, if we don't have any idea

of how nato should act against that, i think this means that we are almost acknowledging that nato is no longer relevant for the modern security challenges. regarding a nonproliferation engagement, i actually think that -- and there is the panel tomorrow on the nonstrategic nuclear weapons. i would say that it's still possible to have a credible deterrence posture against any country outside of the nato area, for instance in the middle east, without the nonstrategic nuclear weapons in europe. and that's the reason why, by the end of my presentation, i wanted to be specific about the fact that when i talk about the option, the possibility in coming years of extend pd

deterrence, we should not try to imagine a physical -- physical stations of nuclear weapons. i don't think that this is the key to solve the issue. i think it's more credible if we start working on exercises, joint planning with the partners. for instance, we have a nato exercise in the gulf area where we use multi capable aircraft, that's i think a credible sign that nato has some resolve if iran was to cross the rubicon. in the meantime, i think the nonproliferation engagement can be assisting. sorry. >> that's okay. i'm going to move ahead because we only have a few minutes left. you want to ask a question to a

specific panelist? >> yes. my name is ted sea, a disargument consultant with basic and with european leadership network in london. before that i was assigned to the u.s. mission to nato and was the first holder of the counterpiracy portfolio there. i need, i'm afraid, to challenge the characterization of cooperation which took place between nato and the eu. as of august 2008 there were nato allies that insisted that nato not stand up to nato koupt poi rah see. the reason this took place through september to october, it became obvious that the eu was incapable of mounting a counterpiracy operation in a timely fashion. in fact, it was not able to do so until december of that year. all of a sudden the prohibition of nato doing counterpiracy became a demand that nato do counter piracy.

we go forward to december 2008, at atlanta finally stands up and there's a prohibition again? >> in one sentence, what's the question? >> the question is how do we prevent these kind of economically irresponsible duplication of capabilities and operations in the future? >> thank you for your question. it's a fascinating question. i think if i had an answer to the question, i'd solve a lot of problems within the european union. regarding the counterpiracy operations, it is very clear that the eu could not do it alone. what i was trying to say is that the uu is doing its part, trying to develop capabilities in order to take part in such operations. the eu as an international security actor is still an

infant. it's still trying different possibilities, launching missions within specific frameworks, no large scale operation, no large scale mission. for the moment, the number of ships involved in atlanta, as you may know, is fairly limited, so we would not be able to do it alone. i think it's developing its capacity, developing its capabilities. in terms of trying to avoid the costly duplication of efforts, i think that's what i was trying to underline there, the institutional complexity as such that when you start with a good idea, you could have a good idea at the beginning, but then you run into very complicated hurdles in order to achieve what you were trying to achieve, the launch of atlanta could be one example. lib ba, the aborted operation in

libya could be another example of something where there was a little political will but became so die remember jent that it's then handed over to nato to such an extent. >> thank you. i just can't be the only woman who speaks on this panel today. i'm going to say kina and david will wrap it up. >> kin net benedict from the bulletin of the atomic sciences oovps. in responses of issues of terrorism and cyber security and emerging threats, surprise is a larnl element of all these. you've all -- several of you have suggested building resiliency, i guess, into the system. resilience is a term that's used fairly frequently. i would -- i'm interested in your clarification, you sense of it. it might mean flexibility, adaptation, even redundancy. it might require a lot more money. and i guess what i'm interested in is how you build resiliency into a system which already

seems to be built on hierarchy, fairly rigid command structures and fiscal constraints. i'd just be interested in what your vision of resiliency might be in order to deal with these new emerging threats. thank you. >> i'll be happy to take part of it. when i was growing up, not to date me, i was always interested to the british civil service attitude. people saying we should have bombshell terse. the swiss have a bomb shelter everywhere, such a tiny country. how come we don't have that. civil service would be don't be ridiculous. it's absurd. i was always kind of annoyed by the british civil service answers. frankly there was real truth in at