Those lying on the beach in August this year didn’t need to pick up a spy thriller at the airport to be reminded of how defence and security are changing in the UK. Courtesy of Russia’s Main

Intelligence Directorate the GU (sometimes known by their old abbreviation, the GRU) the newspapers gave fascinating daily insight into the operational detail of Russian intelligence

activities. The Salisbury attack in the UK was followed by cyber attacks on UK installations and a close proximity cyber operation against the OPCW in Holland. At times, Russia’s ridiculous

denials and the almost comically inept missteps of her intelligence officers during the operations gave the appearance of farce. But the unusual level of granular information that ended up

in the US. In July, Special counsel Robert Mueller released a remarkably detailed indictment of 12 G.U. agents operating in the U.S. who appear to have significantly meddled in the 2016

Presidential election by hacking Democratic National Committee computers. The details are revelatory not because they reveal sophisticated computer hacking, but rather because, as in the UK

and Holland, the cyber techniques employed were so simple, relying on human fallibility not exotic computing capability. Taken together, the scale of Russian operations is worrying, but

perhaps even more so is the failure of the UK and the NATO members more broadly to prevent such pervasive, low-tech attacks. For a long period from the mid-1970s, Russian intelligence was

all but unable to operate in the UK. This is clearly no longer the case. The press seems to have not questioned the briefings they received. It is extraordinary that twelve years after the

assassination of Alexander Litvinenko in London, a similar operation could be allowed to happen again on UK soil. It is easy to laugh at the ineptitude of the GU, but the fact that the

Russian state is so keen to undertake widespread operations abroad – and the fact that the UK and its allies cannot prevent these attacks – should be sobering. That the UK released the

identities of the perpetrators and the mechanics of their operations after the event should be little comfort. The NATO members have done quite well so far in organising coordinated

responses to cyber attacks. But the variety of attacks and the technological lack of sophistication raise troubling questions for NATO. NATO members are clear that cyberattacks constitute a

significant threat to the alliance, but it remains unclear on the standards for defining those threats. Cyber warfare has clearly become part of Russia’s Gerasimov Doctrine, commonly

referred to as hybrid warfare. In 2014 NATO members agreed that a cyber attack on one member could be considered an attack on the entire alliance, potentially triggering Article V. The issue

is that low level cyber attacks and other forms of hybrid war make it hard to pinpoint the aggressor or indeed to neatly define the nature of the attack. As NATO secretary general Jens

Stoltenberg put it “We live in a…completely different security environment with a more blurred line between peace and war.” The severity and frequency of attacks against individual NATO

members is currently open to debate. There are few standards beyond the actual reporting of an incident – and even within some countries, different agencies use different methods of

classifying cyber incidents. Not only does this create an issue for communicating the threat to the public and politicians, but NATO itself is trying to define strategy whilst simultaneously

trying to define the threat itself. If something doesn’t shift soon, NATO will end up either turning a blind eye to cyber attacks, or else stumbling into conflict.