NATO allies rethink cyber posture amid growing attacks

NATO Assistant Secretary General for Cyber and Digital Transformation Jean-Charles Ellermann-Kingombe and Gen. Karol Molenda, Commander of the Polish Cyber Command, shared their insights on the development of cyber warfare during a panel moderated by Aleksander Olech at Defence24 Days, the largest security conference in Central and Eastern Europe, held in Warsaw on 6–7 May.

Jean-Charles Ellermann-Kingombe explained that cyber now permeates all domains, as virtually every piece of military equipment depends on digital systems. He also stressed the dual nature of cyber operations, which can both support and prevent kinetic activities, serving simultaneously as a sword and shield in modern warfare.

Notably, Ellermann-Kingombe said that cyberattacks could, in theory, trigger Article 5 on their own if their scale and impact were severe enough. This reflects the fact that cyber operations increasingly produce physical consequences by disrupting the functioning of critical systems, a point also stressed by Molenda. In response, NATO is working to move beyond resilience alone and focus more strongly on affecting the attacker’s calculus and imposing costs, which can be achieved in various ways. As the Assistant Secretary General explained, there is now an “ongoing discussion” within NATO on how to adjust its cyber defence posture to better deter and respond to the surge in attacks.

Asked whether Poland conducts offensive cyber operations, Gen. Karol Molenda did not provide a direct confirmation, pointing to the classified nature of such activities. He did, however, acknowledge that Poland possesses offensive cyber capabilities, including dedicated teams and operators prepared to carry out such operations, should a political decision be made. Meanwhile, Poland is actively stress-testing its own cyber and critical infrastructure, and these inspections often uncover traces of past or ongoing hostile activity.

Cyber lessons from Ukraine's digital battlefield

The two speakers also drew lessons from Ukraine’s digital battlefield. For Ellermann-Kingombe, the decisive factor is the ability to rapidly process vast amounts of data and use digital and AI tools to shorten decision-making cycles. In his view, future battlefield advantage will increasingly depend on reducing the time between the detection and exploitation of a vulnerability, a window that can now last only minutes. Molenda echoed this logic, framing the challenge as one of “adapt or die.” “If you are not in the race, you will lose,” he said, referring to the military adoption of AI. Both panellists therefore stressed that allied militaries must ensure that emerging technologies do not become tools used primarily by their adversaries.

The rise of the cyber domain within NATO

The conversation closely aligns with the broader rise of the cyber domain in NATO’s operational thinking. At the 2016 NATO Summit in Warsaw, the Alliance officially recognized cyberspace as a domain of operations. In 2024, Allies decided to establish the NATO Integrated Cyber Defence Centre (NICC) at SHAPE in Belgium to increase joint situational awareness, resilience, and defence in the cyber domain.

The growing importance of cyber defence reflects the mounting threat posed by Russian cyberattacks, which have become one of Moscow’s key tools in its hybrid war against the West in recent years. In 2025 alone, Poland registered 682,000 reports of cyber incidents, a 144% increase compared with the previous year, pointing to the urgent need to better secure this particularly exposed domain.