White House official talks about Iran's cyber attacks on Albania

The White House's Deputy Adviser for Cyberetic and Developing Technology, Anne Neuberger, told the Voice of America in an interview that this strategy includes expanding the coalition that holds those carrying out such responsible attacks and a quick response to consequences.

Neuberger said any place of NATO must understand that it poses dangers for all allies if it does not apply the right cyber security practices.

Voice of America: The US administration imposed sanctions on Iran for the cyber attack on Albania, but this did not prevent Tehran from launching a second attack. What else can we do to restrain them, and how are we helping Albania?

Anne Neuberger: Prevention of cyber attacks is a very new area and is based on the teachings and access we use in other areas, such as air and sea attacks, as building coalitions between countries regarding what constitutes responsible behavior in cyberspace and what constitutes irresponsible behavior. Many countries have signed with the United Nations voluntarily in 2015 and 2019, regulations of bringing states into peacetime. One of them is not to hit vital services for people. But for the standards to be implemented, a coalition as wide as possible must agree to place those parties who do not respect these rules accountable, and when possible impose consequences. So this is why when we saw the Iranian attack on Albania, which cut off the services of the Albanian government for its citizens, we and other countries denounced it for putting Iran to account, to make it clear that Iran was behind it, and to impose consequences. The Albanian government took measures, in the United States we imposed sanctions. And we did this as part of strengthening cyber prevention measures. This prevention will not be realised by one or two cases. It will be realized if we repeatedly react much faster than in the past. And to achieve these strategic goals of implementing international cyber standards, if we react repeatedly, as a country community, we believe we can prevent cyber attacks.

Voice of America: The truth is, while you are trying to create these international cyber-rules, there is no consensus on the UN Security Council, as Russia and China are part of it. There are several UN frames that cannot be implemented. So, under these circumstances, how can it move forward?

Anne Neuberger: Russia is one of the countries that signed the government expert group norms in 2015 and 2019. So we believe that the key is that countries that have agreed to these standards, to implement them. And we believe, that whenever there are places that don't apply, we denounce and continue to expand the coalition so that as many countries join him, and therefore react faster and consolidate efforts to impose consequences. We believe it will take some time, but these are the steady steps we are taking together with partners and allies.

Voice of America: Beyond Western allies, is there an agreement on the need to do so for the rest of the world?

Anne Neuberger: We believe it is, because in many ways, the weakest countries are the ones most vulnerable to cyber attacks on their government systems, cyber attacks on companies or theft of intellectual property. So we believe it's in the interest of all countries, big or small, because we're all digitized. It's obvious that some of us have more digitalization than others, but we're all digitized, so there's risk for our citizens whether critical services are interrupted or whether the functions of governments are interrupted in times of crisis. ”

Voice of America: Groups linked to Iran infiltrated various systems in Albania, even in the prime minister's email. Are you concerned that Iran may have gained access to NATO's sensitive data? We have recently heard that hundreds of NATO documents may also have been stolen in Portugal.

Anne Neuberger: Clearly, it is necessary to have good cyber security practices among all NATO members. Any NATO member should understand that it poses dangers for all allies if they fail to implement the proper cyber security practices. This is one of the reasons we have worked very closely in NATO's context, as far as cyber security is concerned, and to create the response skills to cyber incidents in NATO, to strengthen NATO's cyber skills, because, as I mentioned earlier, it is clear that more work must be done. You mentioned two examples that highlight the need for such a thing. I think there is now a much deeper awareness of NATO and an awareness to unite allies to take joint cyber security measures for important information.

Voice of America: As NATO allies, Albania and Portugal are technically protected according to the collective defence principle. Can you explain what the administration's view of NATO's principle is that an attack on a country is an attack on everyone in terms of cyber war? At what point does a cyberattack deserve a counterattack? Is there a criterion? Is there a red line?

Anne Neuberger: This is an area where politics is developing. It's a very new field. You have seen NATO policy that one or several cyberattacks can be raised to the level of an armed attack. Clearly, the threshold is too high for a cyberattack that can be considered at that level. The work we are doing in NATO is primarily focused on the stability of cyber security. There will be a NATO conference on cyber defence in Rome that will focus on the standards NATO members have for their critical systems, the establishment of a response to such incidents, so that if an ally is attacked, there will be a NATO capacity for countries to join and practically offer support and that as an alliance, use it to implement international norms. But this is an area we're still working on to further it.