NATO: The Growing Alliance and the Insider Risks

The alliance has not properly considered the risks emanating from the half-hearted or hostile within the organization.

During the Cold War, the insider threat to the transatlantic alliance was either infiltration by the Warsaw Pact or some form of theft. The central focus was on counterintelligence and the main enemy was Soviet espionage.  Today, in 2023, the insider threat is not only spies and sabotage; it is any misalignment with the mission, which undermines the mission and its ability to conclude the tasks successfully. Regretfully, that can mean some member states are the issue. This is of course a problem of success. As the alliance grows — Finland’s entry on April 4 making it member state number 31 — was a wonderful moment, reflecting the free choice of a representative democracy to seek the security offered by military alliance with its fellows.

But not every alliance country is Finland, as the case of member state number 32 makes clear. Sweden too is a democracy which ranks at the top of just about every global ranking, from wealth to personal freedom and personal contentment. It is, as Shakespeare once said of England, the envy of less happier lands. Its entry is being blocked by two NATO members — Turkey and Hungary — run by illiberal rulers using their veto power to punish a likely future ally for past slights. Sweden is no more a paragon of virtue than any other country, and can no doubt be very irritating in some of its positions, but there seems more than a hint of malice in this process.

The issue of Swedish membership is a case study of the problems inherent in a military alliance relying on consensus. It is inevitable that in such a huge organization there will be enormous cultural width, differing perceptions, call it weltanschauung or political views, as well as old and new cleavages. Several NATO countries have relatively large far-left and far-right parties, demanding everything from the rejection of the market economy to an illusionary condition of ethnic homogeneity, free from any foreign influence or influx.

Both the far-left and the far-right oppose NATO in most cases. Even 30-plus years after communism’s collapse, many citizens in former occupied states harbor a romantic view of what totalitarian socialism is and how it was to live under those conditions. They understand that such values, including an absolute hostility to liberal democracy, are among the defining features of the Russian Federation. And they admire that.

These anti-NATO sentiments will migrate into the military establishments of those countries, even on a minor scale, since the armed forces reflect the populations they are drawn from. And of course these societal fissures present opportunities for adversarial states to undermine the most important pillar of NATO democracies – the population’s trust and confidence in their political leadership.

We know this because we can see it. Russian troll factories have in recent years actively supported far-right groups to catalyze splits in targeted societies, with material designed to stoke anti-immigration, anti-government, and anti-NATO sentiment. The Russians know they have sympathizers within the European Union and NATO countries. The Kremlin’s agents present themselves as an alternative to colonialism, capitalism, and American influence — a narrative that might seem laughably false, but is packaged as a plausible explanation for those already leaning in an authoritarian direction.

The difference between this anti-NATO undercurrent and official policy surfaced very clearly as the full-scale war in Ukraine got underway. Several countries have faced a discrepancy between domestic popular support, or lack thereof, for sending arms to Ukraine and the official government position. Public backing for NATO commitments could erode, often stemming from a wider socio-historical context.

A commentary about support for Russia in Slovakia from the Polish Institute for Central Europe suggested: “An intuitive explanation may be that this is a generation that no longer had experience of communism or the occupation of Czechoslovakia by Soviet troops. After all, the last Red Army soldier left the country in 1991. This is also a generation that was born in a free country and does not associate Russia with danger.” (There have since been polling indications that pro-Ukrainian sentiment has risen.)

Are the Russians really the baddies, to use the British comedy act Mitchell and Webb’s term for bad guys, or are the Russians merely misunderstood? Russian disinformation campaigns present Russia as the defender of timeless European values, including family values, but suggest the West cynically portrays it as a genocidal dictatorship to malign its essential purity. For disaffected voters in the West, this can be an appealing message since it echoes their anger with their own governments and with the US, which they blame for their problems.

It would be profoundly naïve to dismiss or downgrade the significant insider threat within NATO among voters who have intellectually defected from free market economics and open liberal democratic norms. This segment of the population seeks an alternative to rule by so-called economic elites, even when their governments do not. Russia seeks to lure them though cognitive warfare and disinformation. That Russia is itself the ultimate corrupt crony-state run by illegitimate, thieving elites doesn’t matter, because this tale is clouded by illusion, confusion, and disillusion.

NATO needs to think about this, and think hard. Last time I looked at the ongoing work at NATO Science & Technology, not even one paper out of hundreds addressed insider threats.

The topic is uncomfortable, and politically sensitive, but that doesn’t remove the fact that NATO has an insider threat problem that warrants attention.

Jan Kallberg, Ph.D., LL.M., is an Assistant Professor in the Department of Mathematical Sciences at the United States Military Academy. He is a Non-resident Senior Fellow with the Transatlantic Defense and Security program at the Center for European Policy Analysis (CEPA). Follow him at and @Cyberdefensecom.

The views expressed are those of the author and do not reflect the official policy or position of the United States Military Academy or the Department of Defense.

Offensive Cyber in Outer Space

The most cost-effective and simplistic cyber attack in outer space with the intent to bring down a targeted space asset is likely to use space junk that still has fuel and respond to communications – and use them to ram or force targeted space assets out of orbit.  The benefits for the attacker – hard to attribute, low costs, and if the attacker has no use of the space terrain then benefit from anti-access/area denial through space debris created by a collision.

The life span of a satellite is between five and 30 years, and even afterward it can still be orbiting with enough propellant to move through space and with functional communications which could be reactivated. Space contains thousands of satellites, both active and inactive, launched by numerous organizations and countries, hosting 5,000+ space-borne transponders communicating with Earth. Every transmission is a potential inlet for a cyber attack. Older satellites share technological similarities, providing opportunities to cyber-exploit industrial systems for control and processing. Supervisory control and data acquisition (SCADA) systems within our municipalities, facilities, infrastructure, and factories are designed and built on older technology and hardware, sometimes designed decades ago, and the software is seldom updated. These SCADA systems are considered a strategic vulnerability and have drawn growing attention from the US cyberdefense and homeland security communities in recent years as critical infrastructure is now a top priority. The lack of up to date security features within utilities and other critical infrastructure is mirrored in outer space. Satellites may be based on hardware and technology from the 1980/1990s for one straightforward reason—they are unlikely to be upgraded after they have been launched into space.

Terrestrial cyber attacks are a single exploit on thousands, if not millions, of identical systems, and the exploit will be eliminated afterward by updates or upgrades. The difference between satellites and terrestrial cyber exploits is that a satellite is in many cases custom made or in relatively small series, whereas the computing design is proprietary. Cyber attacks in space exploit a single system, or a limited group of systems, within a larger group of satellites. These spaceborne assets have a variety of operating systems, embedded software, and designs from disparate technological legacies. As more nations engage in launching satellites with a variety of technical sophistication, the risk for hijacking and manipulation through covert activity increases. A satellite’s onboard computer (OBC) can allow reconfiguration and software updates, which increase its vulnerability to cyber attacks. A vulnerable satellite that will be orbiting for the next ten years can be preset by a cyber perpetrator for unauthorized usage when needed.

Even with the most-advanced digital forensics tools, tracing a cyber attack is complicated on terrestrial computer systems, which are physically accessible. Space-borne systems do not allow physical access, thus, lack of access to the computer system nullifies several options for forensic evidence gathering. The only trace from the perpetrator is the actual transmissions and wireless attempts to penetrate the system. If these transmissions are not captured, the trace is lost.

If the adversary is skilled, it is more likely the attribution investigation will end with a set of spoofed innocent actors whose digital identities have been exploited in the attack rather than attribution to the real perpetrator. A strong suspicion would impact interstate relations, but full attribution and traceability are needed to create a case for reprisal and retaliation. Attribution can be graduated, and the level varies as to what would be accepted as an “attributed” attack. The national leadership can accept a lower level of tangible attribution, based on earlier intelligence reports and adversarial modus operandi than the international community might demand, but it is restrained in taking action. China has had a growing interest in building cyber warfare capabilities and is one of several nations that would have a sincere interest in degrading US space assets. Currently, nation-states are restrained by the political and economic repercussions of an attributed attack, but covert cyber war targeting US space assets removes the restraint of attribution.

A cyber attack resulting in a space collision would lack attribution and thus would be attractive to our covert adversaries. A collision between a suddenly moving foreign satellite and a mission-critical US satellite is neither a coincidence nor an accident. Even if there is no collision, a satellite on a potential collision course would force the targeted satellite to move and adjust position – and could eventually run out of fuel – and during these adjustments have degraded service levels.

 However, without attribution, it does not matter that this is so obvious. Other forms of direct and indirect attack would be traceable to an attacker, which could result in military, economic, and political repercussions. In criminology, we know that the major consideration of a perpetrator for premeditated acts is the risk of getting caught. The size of any repercussions if caught is secondary. If a cyber attack can destroy or disable US satellites with no attribution or traceability, it is likely to be considered by those who are openly adversaries and certainly by those who are covert. From a cyber warfare perspective, this creates an opportunity for a third party to hack and hijack a satellite with the express purpose of colliding with a mission-critical US satellite.

The attack could be either a direct collision or an indirect attack using the debris cloud from another collision. The hijacked ramming satellite can come from any country or international organization. The easiest way to perpetuate this attack would be to hijack satellites from countries less technically advanced or from less-protected or outdated systems.

Post-mission disposal (PMD), the UN-initiated international effort to remove satellites after their productive life spans, would require satellites to be removed from space within 25 years after their mission ends. Naturally, it could happen earlier than 25 years, but it can also be a drawn-out process, as there are currently no tangible sanctions for noncompliance. If a satellite has a lifespan of 10–20 years, the additional 25-year allowance would increase the total number of years when the satellite can be remotely commanded to 35–45 years. Satellites launched in 1977, 1987, and 1997 are already technically outdated and several technology generations behind. The time between launch and end of the operation for a satellite is the foundation for its cyber vulnerability. It is a sound financial decision to use a satellite to the full extent of its lifespan. However, the question becomes Is it worth the risks? We must keep in mind technical leaps made since early space launches and what vulnerabilities could be embedded when space is populated by 25- to 45-year-old assets that can still navigate. Since technology today develops so quickly, PMD, in reality, increases the risk of cyber attack by hijacked satellites because it prolongs the time a satellite can be remotely commanded by radio signals exploiting obsolete and outdated communication equipment.

In a future near-peer conflict, one of the potential adversary’s goals is early in a conflict separate the Joint Force in spaces, time, and functions (TRADOC Pamphlet 525-3-1). Cyber attacks in outer space are no longer science fiction; it is a valid concern.

Jan Kallberg, PhD