Fraud Prevention

NATO Cybersecurity Push Promises Lessons For Payments And Commerce

The business of payments and commerce is not war — despite all that tough motivational talk that insists otherwise, almost always from people who’ve never suffered through combat — but war, and the preparation for it, has a way of influencing business. Just look at the logistical lessons learned during World War II that were applied to post-war industry, or even the development of the internet and how U.S. defense plans for communication in the nuclear age influenced that.

Or, more recently, consider all the digital expertise and innovation brought to the market by entrepreneurial veterans of the Israeli military and spy services.

Now comes news that NATO, the U.S.-led alliance that is facing perhaps its biggest existential crisis since its founding some three generations ago, is beefing up its capabilities to counter cyber hackers and mount its own digital offensives. If history is even a rough guide to the future, you can bet that some of the case studies, technology and techniques gained from what promises to be a major operational effort will make their way into the payments and commerce mainstream — which, of course, has its own daily issues with data breaches, hackers, fraud and authentication.

Prepping the Battlefield

That’s the likely future.

Here’s the factual present: According to a report this week in Reuters, “a new NATO military command center to deter computer hackers should be fully staffed in 2023 and able to mount its own cyberattacks, (though) the alliance is still grappling with ground rules for doing so.” The general idea is to bring together what the news agency called the “cyber capabilities” of alliance members to build better protections against real and potential enemies — mainly Russia, China, North Korea and assorted non-state terrorist and criminal groups doing their own attacks or acting according to the wishes of countries — to shore up cyber defenses and prepare for limited or full-scale cyber war.

It would be a cliché were it not true: Bad generals and statesmen tend to fight the last war. That’s one reason, most reputable scholars agree, that World War I was not the months-long, mildly painful conflict that many of the best and brightest in Europe at the time had expected, but a four-year murderous meat grinder that shocked the psyche of early 20th-century humankind — some countries lost the biggest part of an entire generation of young men, after all — and all but made Word War II inevitable. No one with enough power and pull could foresee how machine guns and other technology developed during that continent’s eight decades or so of relative peace had made tactics and strategies with roots in Napoleonic times tragically obsolete.

Hoping not to repeat such a mistake, the countries of the world — from the small Baltic states to rising China — have for years now been preparing for the next war under the assumption that one of its main traits (perhaps its primary trait, depending on the thinking about nuclear bombs) will be cyberattacks.

As documented in such recent books as Fred Kaplan’s “Dark Territory: The Secret History of Cyber War,” the use of computer software and networks for offensive action has a longer history than most people might expect, one that predates even the famous 1983 nuclear war cautionary film “War Games," which apparently scared President Reagan and inspired him to work harder toward an arms reduction agreement with the Soviets, according to Kaplan and other sources.

Always Cyberwar

In a very real sense, cyberwar is going on now, with what you might call digital reconnaissance patrols and probing attacks. It can perhaps be thought of as global, life-or-death versions of the hacking attacks that payments and commerce companies deal with every day.

Sometimes it comes down to tricking U.S. defense officials with a tweet, as cybersecurity experts said Russia did in 2017. And sometimes the issue is spotting weaknesses in the overall digital defense. Just a few days ago, in fact, The Washington Post reported that “all of the U.S. military’s newly developed weapons systems suffer from ‘mission-critical cyber vulnerabilities,’ a review of government security audits conducted from 2012 to 2017 found, suggesting military agencies have rushed to computerize new weapons systems without prioritizing cybersecurity.”

Certainly there are echoes of that in the payments and commerce worlds — simple attempts at fakery that offer massive ROI, or a rushed effort that seems to defeat the overall purpose — and one can imagine all the articles and whitepapers written for a business audience that will follow the boosting of the NATO cyber operations (along with the expertise that those military and contracting professionals involved in that effort will soon enough bring to private industry).

The larger meaning — the main reminder — of this newly announced NATO effort is that cyberwar will not involve only military forces, installations or infrastructure. Total war and the threat of total war are nothing new, as anyone with even a passing knowledge of history — or anyone who recalls the tensions of the Cold War (duck and cover!) – already knows. The only question is what kind of total war would result from large-scale cyberattacks. Long-term power outages? Unsafe water systems? The breakdown of payments? Cities might remain standing, but digital codes deployed for virtual combat might end up bringing more destruction than artillery barrages or strategic bombing.

None of this is to say that the sky is falling — maybe it is, maybe it’s not. Nor can anyone with any real sense predict the next war or wars with absolute certainty — that is, not only the combatants, but the forms of combat, its duration and its aftermath. But you can be sure that this NATO cybersecurity effort, no matter how it develops, will have impacts for decades to come, and not only for various militaries, governments and associated defense industries.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.