NATO has invested heavily in cyber defense since 2016, but most of its members remain focused on protecting national networks rather than taking the initiative.  

Starting in 2020, the alliance found itself in an unbalanced position: threat sharing is improving, but offense and contesting NATO’s very active adversaries in cyberspace is the responsibility of only a few. This gap matters because cyberspace is a domain of constant contact, where passivity cedes advantage.  

Five years on, little has changed: NATO’s cyber posture remains weak, anchored in passive defense, while a handful of states shoulder the burden of offensive operations in cyberspace. 

NATO recognizes cyberspace as an operational domain, but its members diverge sharply in practice. Most allies focus on network defense — fielding incident response teams and resilience frameworks built around “protection” and “security”. Few explicitly mention offensive action. Only a few, like the United States, the United Kingdom, and Canada, “counter,” “contest,” and “deliver effects” through military-led offensive cyber forces. The result is an uneven posture: many defend, but few fight. 

A handful of members have inched toward a more active cyber posture but still stop short of persistently disrupting adversaries. The Netherlands, for instance, recognizes the constant nature of foreign interference yet confines its response to intelligence sharing and coordination — an upgrade from wartime-only operations but still reactive. Russian-backed groups exploit this hesitation. Like it or not, NATO is already in a cyber conflict — it’s just refusing to admit it. 

Offense matters. Cyberspace is always shifting — every patch, update, and new application alters the terrain. Waiting to respond cedes initiative to the adversary. Offensive operations can disrupt ransomware infrastructure, dismantle command-and-control nodes, and prevent adversaries from crawling around in allied networks, causing damage. Until this offensive capability is embraced, NATO will continue to surrender the initiative to its opponents. 

Get the Latest
Sign up to receive regular emails and stay informed about CEPA's work.

Let’s be clear. Aversion to offensive cyber operations is political, not technical. Many allies treat offense as legally or ethically off-limits, embedding a defensive bias in doctrine and mission.   

NATO’s official stance is to encourage member states to pursue the alliance’s interests in cyberspace, making the alliance’s cyber warfare a voluntary activity. As a result, few step forward while others free ride. The result: a politically cautious alliance that relies on the offense of a few to defend the many. And considering the onslaught of cyber-attacks NATO states are subject to, this approach clearly isn’t working. 

By staying passive, many NATO states invite adversaries to push harder. As Michael Fischerkeller, Emily Goldman, and Richard Harknett argue in their 2022 book Cyber Persistence Theory, cyberspace is a domain of constant contact — probes never stop, exploiters never rest.  

Deterrence isn’t a strategy that actually works in the cyber domain: attacks fall short of the threshold of war, attribution is murky, and consequences rarely follow. When allies are limited to passive defense and resilience, that in itself signals a lack of political will. Hackers keep trying because offense pays. What is the point of intelligence agencies collecting threat information if militaries cannot swiftly act on it? 

This imbalance has real consequences. NATO’s cyber posture relies on a few states to carry the fight, while others settle into a defense that in truth offers only the illusion of safety. Smaller allies may think this is enough, but it really isn’t. It both fails to provide an adequate defense and fails the broader alliance. Size is no excuse; in cyberspace, even small states can pack a punch.  

It’s time to clear the obstacles: outdated laws, rigid organizations, and thin resources. Cyber conflict between NATO and its adversaries is already here. Attacks occur daily.  

The absence of effective counter-action allows adversaries to erode NATO members’ sources of strategic power. They exploit the seams between member postures.  

This is a path to potentially enormous costs and continuing defeat in the cyber-sphere. NATO needs to do this better, at scale, and require all its members to participate. 

Emily Otto is a non-resident fellow at CEPA. She is an Alperovitch PhD Fellow at Johns Hopkins School of Advanced International Studies, after transitioning from military service, where she spent a decade working in threat intelligence and cyber operations. 

Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions expressed on Europe’s Edge are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis. CEPA maintains a strict intellectual independence policy across all its projects and publications.

War Without End

Russia’s Shadow Warfare

Read More

CEPA Forum 2025

Explore CEPA’s flagship event.

Learn More
Europe's Edge
CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America.
Read More