Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Examining 2 recent cyberattacks against NATO members

STEVE INSKEEP, HOST:

The U.S.-led NATO alliance operates on a paramount principle, an attack on one is considered an attack on all. When the United States was attacked on 9/11, the alliance invoked that principle. If Russian tanks were ever to roll into a NATO nation, the principle surely would apply again. But things get murkier when a NATO nation faces a cyberattack. NPR cybersecurity correspondent Jenna McLaughlin is covering this story. Good morning.

JENNA MCLAUGHLIN, BYLINE: Good morning, Steve.

INSKEEP: I guess we should just note, if you follow the news, you know that numerous NATO nations get cyberattacked. The U.S. has been cyberattacked. What's a recent example?

MCLAUGHLIN: For sure. So one you might not have heard of but was really important was in Albania on July 15. The government was hit by a massive cyberattack. Now, many months later in September, Albania, alongside a whole bunch of independent researchers, concluded that it was Iran that was behind it. And that was based on forensics and because the attack was directed at a conference that was featuring some Iranian dissidents. So as a result, Albania actually decided to completely cut off diplomatic ties with Iran and kick all their diplomats out of the country, which was huge. That's actually never happened before. And actually, the latest is that it looks like there was another cyberattack on border crossing stations over the weekend in Albania. And they're also blaming Iran for that.

INSKEEP: And I guess we should just remind people, Albania is part of the NATO alliance, which now includes more than two dozen nations across Europe. So even the U.S. is blaming Iran. What happens now?

MCLAUGHLIN: Sure. So experts did agree that this was pretty huge and unprecedented. So it's a little hard to know. I imagine that part of the hope had been that cutting diplomatic ties would deter Iran from doing it again. But clearly, it's actually heating up. On the U.S. side, the White House did come out with some new sanctions on Iran's Ministry of Intelligence. And they've sent some teams to help out.

INSKEEP: Is NATO getting involved or invoking its treaty provision that an attack on one is an attack on everyone?

MCLAUGHLIN: So that is where things get interesting. And it's actually not just Albania that recently had a major cyberattack. We're also seeing Montenegro be hit by a ransomware attack. Criminal hackers demanded tens of millions to unlock government files. There's still a lot about this hack we don't know. There are U.S. teams on the ground in both of those places. So we have seen some NATO action to come and help and investigate and defend. NATO has condemned the attack. And it's in touch with those governments. But there hasn't been a team dispatched yet.

INSKEEP: And I suppose NATO is not about to fire missiles at Iran or something?

MCLAUGHLIN: Probably not. Like you said, Article 5 is - says that an attack on one is an attack on all. That doesn't automatically mean military action, though it could. But with cyberspace, I remember having conversations at the beginning of the war in Ukraine when the U.S. was warning that Russia might hit NATO allies with cyberattacks. Experts did say that it's not exactly clear that members would have to respond with additional cyberattacks or some kind of strong response like that. I spoke to John Hultquist about this. He's with the cyber firm Mandiant. Here's what he said.

JOHN HULTQUIST: Cyberattacks live in a very interesting space because they're nonviolent. And because a lot of their effects are reversible, the actors who use them probably recognize that this may be a tool that they can use without necessarily launching some sort of Article 5 response.

MCLAUGHLIN: Even so, cyberattacks are clearly more and more a part of modern warfare. If they get worse, we could see responses escalate as well.

INSKEEP: Such as how?

MCLAUGHLIN: So Biden has promised to use every tool to respond to Russia. The White House did quickly impose these sanctions. I think that they're always keeping their options open. And we'll have to see with Montenegro. But in the future, if an attack does lead to violence or permanent destruction on critical infrastructure, we could see an even stronger response.

INSKEEP: NPR's Jenna McLaughlin. Thanks.

MCLAUGHLIN: Thanks so much. Transcript provided by NPR, Copyright NPR.

Jenna McLaughlin
Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.
Steve Inskeep is a host of NPR's Morning Edition, as well as NPR's morning news podcast Up First.