Though Stoltenberg insisted doing so would depend heavily on the severity of the attacks, he said to establishment of cyberspace as a military zone meant NATO would react to attacks there the same as attacks in air, sea, land, or space.
In theory, this would mean that NATO member nations could invoke Article 4 of the alliance, obliging meetings to discuss mutual military defense if a member nation is “attacked,” simply on the grounds of them being hacked.
Of particular concern in the case of cyberattacks is how rarely it is readily apparent who the culprit it. The US tends to blame China or Russia in the media for cyberattacks against American targets, but rarely offers any evidence to defend those assertions.
If this is to be the alliance-wide standard,every NATO member nation, all of whom are hit with cyberattacks by governments and private citizens countless times a day, could manufacture a pretext for a new alliance-wide war against the target of their choice.
Though Stoltenberg tried to limit this to the most severe attacks, it isn’t clear in practice what that actually means. The US, for instance, seems to have cyber attacks presented as the “worst ever” multiple times every year.
Though wars against China and Russia are largely impractical for the alliance, because those nations have substantial nuclear deterrents, this could seemingly be the easy way for the US or some other member nation to shoehorn the alliance into a war in Libya or elsewhere, simply by trying to pin the next cyberattack on some faction there. Since evidence isn’t offered most of the time anyhow, there is likely to be little argument after presenting any conceivable culprit.