WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral

FIC 2020 Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain's NHS, Germany's top cybergeneral has said.

During a panel discussion about military computer security, Major General Juergen Setzer, the Bundeswehr's chief information security officer, admitted that NATO's secretary-general had floated the idea of a military response to the software nasty.

General Setzer said: "The secretary-general of NATO talked last year [about]... the WannaCry attack of 2017, [which] especially had consequences for hospitals in the UK, could also be a subject for the NATO."

The German army officer said this supported the idea that military thresholds for responding to hacking attacks should be deliberately vague, adding that just because someone hacks you doesn't restrict you to only hacking them as a response.

He said: "If we are talking about this special domain [of cyberspace], then if you go with military means, as an answer, the threshold doesn't mean you have to answer in the same domain. It's the risk of the opponent, what is your answer if you decide [an attack on a computer network] is above the threshold?"

The wider discussion focused on military cybersecurity challenges. Major General Rafael Garcia Hernandez, chief of Spain's cyber defence command, said that his soldiers were meeting their French counterparts to learn from each other. He added the meeting was "not just the commanders. No, no, the technical people too… we are quickly learning what cooperation means."

In the compartmentalised world of military network security, such meetings and idea-sharing sessions are relatively rare – especially when compared to the private sector. Some countries are nervous about revealing exactly how they get their information, as Captain William Wheeler, US Cyber Command's director of plans and policy, explained.

Wheeler, formerly a US Navy pilot before joining the tech industry, said: "In the cyber world, many times we run up against challenges with sharing some of the information from an intelligence collection standpoint. But when you think about it, do I need all that information or do I just need the basis – pieces of information [from which I can] take action?”

The American also shed some extra light on US Cyber Command's concept of "persistent engagement", which he said was "defensive in nature" and consists in part of "continuously looking for those cyber actors trying to do harm".

At the invitation of a host government, Capt Wheeler said, US military cyber teams "go out and work with them to operate on their networks, to look for this type of... malicious cyber activity." Once they find something of interest, they "collect that malware, that information, and bring it back, be able to share that with commercial industry who can then get it out to everyone."

As for the Huawei 5G kerfuffle in the UK and the EU earlier this week, the captain declined to be drawn on Chinese policy specifically but, in his upbeat southern US drawl, said: "I will tell ya this. The relationship that the European partners have with the US on the military side is absolutely outstanding. We realise we've got to work together and we'll find a way." ®