NATO rattles cybersabers—but experts have doubts

The Western world's central military alliance last week took a hard line against cyberwarfare, saying that a cyberattack against any one of its members could draw a military response from the whole group. But experts say such a retaliation is easier for the North Atlantic Treaty Organization to talk about than to actually pull off.

One of several major stumbling blocks ahead of any NATO military response to cyberwarfare is that an actual attack is hard to prove. In 2007, a cyberattack crippled NATO member Estonia's private and public computer networks, and even though that attack was traced to servers in Russia, it's never been proven that the Kremlin was behind it.

Cyber crime hacker
Rwasserman | iStock /360 | Getty Images

Just as Russia's government-controlled news media and unwilling Western allies have questioned U.S. claims about recent Russian incursions into Ukraine, so too could a cyberattack be dismissed—especially in a murky digital world where evidence is even less concrete than satellite images of tanks crossing a border.

"The problem with ambiguity is that it allows reluctant NATO members to say, 'No I'm not persuaded by that,'" said Martin Libicki, a senior management scientist at Rand Corp. and the author of "Cyberdeterrence and Cyberwar."

But even if a NATO member can prove that it suffered a cyberattack, the exact standard by which a digital offensive would lead to retaliation is unclear.

Read MoreRussia linked to cyber attack on Ukraine PM

In a Friday communique from its summit last week in Wales, NATO leaders wrote that the alliance would consider whether a cyberattack triggered "the invocation of Article 5" on a case-by-case basis. The rule in question is NATO's primary defensive principle that "an armed attack against one or more of them ... shall be considered an attack against them all."

While NATO has previously stressed cybersecurity—after the 2007 attacks against Estonia, and then continuing through to the June 2014 endorsement of a new cyberdefense policy—last week's announcement marks the first time that the retaliatory principle of Article 5 had been confirmed as a possibility in cyberwarfare.

Three reasons why cyber attacks keep happening
Three reasons why cyber attacks keep happening   

But the assurances of a military response tied to Article 5 are not easily converted to the digital world, Libicki said.

"In most categories of war, you have to defeat the other guy shooting back, but in the cyberworld you can do a lot just by building up your defenses," he said. "When you put cyberwarfare into the template of conventional warfare, you end up drawing a lot of conclusions that don't make sense."

But Dave Merkel, CTO of cybersecurity firm FireEye, said he isn't surprised by Friday's announcement, given the severe damage that can be caused by a cyberattack. Still, he said, governments may find it difficult to attribute the origin of a digital offensive.

Read MoreNATO: Russia 'attacking' Ukraine as rift widens

While both Libicki and Merkel agreed that many NATO members could determine the origin of an attack, those governments may not be eager to reveal their intelligence and technological capabilities.

Yet even nongovernmental firms are sometimes able to positively identify cyberattacks: In 2013, Mandiant (since acquired by FireEye) released a report detailing a wide body of evidence that a Chinese government group had conducted a widespread cyber-espionage campaign. China denies engaging in cyber-espionage.

NATO's biggest problem with enforcing a hard line against cyberattacks may simply be the wide proliferation of such warfare.

A single hacker can launch hundreds of varied attacks in a short period of time, meaning that governments may find it nearly impossible to identify, attribute and respond to cyberstrikes in a timely manner, Merkel said.

—By CNBC's Everett Rosenfeld