In response, U.S. Central Command quietly began deploying proactive expert U.S. military hackers, known as "hunt forward" teams, to operate "outside the United States against our adversaries, before they could do harm to us," as the group's head, Gen. Paul Nakasone, explained at the Reagan National Defense Forum in December.
Some military analysts believe that a greater motivation behind NATO's Article 5 policy shift is to set legal groundwork for allies to work together proactively in a way that is difficult without invoking collective defense mandates under Article 5 – particularly given some NATO members' reticence about intelligence-sharing.
A potential model for such operations was on display in 2018, when U.S. Cyber Command launched its first known cyber response to Russia for election meddling.
In the run-up to the 2018 midterm vote, U.S. military cyber operators "popped up" on the screens of workers at the Internet Research Agency (IRA), a Russian state-sponsored troll farm that carried out damaging online influence operations during the U.S. election.
"They just showed up on the system and said hello," says Mr. Harknett, now a professor of political science at the University of Cincinnati and co-author of the forthcoming, "Cyber Persistence Theory: Redefining National Security in Cyber Space."
They also blocked the IRA's internet access, a move calculated to put the Russians on the defensive and sow confusion.
"They had to be thinking, 'Americans couldn't have done all this work just to show up on our screens and say hi.
How did they get in?' "
The response among NATO adversaries to such operations remains to be seen, says Mr. Soesanto.
"By the Russians, on Russian soil, it could definitely be perceived as escalatory."
At the same time, what U.S. Cyber Command did "was temporarily shut down IRA, but it didn't stop them.
Yet the impact of these operations may be less obvious, Mr. Harknett says.
" 'Hunting forward' means you actually have to be in the networks of your adversaries to understand malware development and the vulnerabilities they seek to exploit," he notes."
"A lot of criticism has been made that this is being aggressive, going on the offensive, that it could escalate."
But often, "they don't even know we were in there."
Deliberations about the efficacy, politics, and ethics of offensive cyberweapons are likely to be more challenging for the alliance than 20th-century discussions "about tanks rolling across the border, in which case we know how to respond and what to do," said Ambassador Smith.
"And there are still tough conversations to be had."