Analysis of Threat Perceptions

In 2007, Estonia faced a series of cyberattacks on its cyber infrastructure, which caused widespread damage to the country’s economy, politics, and security. However, despite this series of cyberattacks, the North Atlantic Treaty Organization (NATO) did not apply Article 5 of the North Atlantic Treaty due to lack of consensus on applying Article 5 in the Estonian case. Although various approaches have been developed by scholars, there is no common application of international law in the United Nations Charter regarding cyber threats or attacks. Moreover, while there has been no common definition of "cyber terrorism" by the international community, some scholars regard "cyberattacks" as acts of war. There is a paucity of literature dealing with the application of international law on cyber threats. A new Strategic Concept was adopted in 2010. Its most important development was to identify the significance of cyber threats to all NATO member bodies.

When updating its own technology, the organization needs to be ready to defend itself against all kinds of asymmetrical warfare, whether from within or beyond its operational range. However, the terms of Article 5 of the North Atlantic Treaty were imprecise as to whether cyberattacks can be regarded as a form of threat; for this reason, NATO accepted the case‑by‑case concept on cyber threats/attacks in terms of the application of Article 5 by the Wales Summit in 2014. Despite the fact that the Charter of the United Nations has not been revised, if its articles are broadly evaluated, cyberattacks would be accepted as a threat or use of force against the territorial integrity of a state.

The main purpose of this book is to analyze and evaluate what has been carried out regarding NATO’s operational arrangements and its cyber defense approach and, secondly, to explain this through the lens of Game Theory. Furthermore, it will demonstrate why the web is paramount to NATO’s system‑driven operations, and why it requires a cyber defense arrangement. In particular, the research presented here will analyze Türkiye in this regard. The cyberattack on Estonia in 2007 will be used by way of a case study to explain the development of threat perceptions, risks, international law, cybersecurity policies and application of Game Theory.