By Robin Emmott
TARTU, Estonia (Reuters) - A group of NATO allies are considering a more muscular response to state-sponsored computer hackers that could involve using cyber attacks to bring down enemy networks, officials said.
The United States, Britain, Germany, Norway, Spain, Denmark and the Netherlands are drawing up cyber warfare principles to guide their militaries on what justifies deploying cyber attack weapons more broadly, aiming for agreement by early 2019.
The doctrine could shift NATO's approach from being defensive to confronting hackers that officials say Russia, China and North Korea use to try to undermine Western governments and steal technology.
"There's a change in the (NATO) mindset to accept that computers, just like aircraft and ships, have an offensive capability," said U.S. Navy Commander Michael Widmann at the NATO Cooperative Cyber Defence Centre of Excellence, a research centre affiliated to NATO that is coordinating doctrine writing.
Washington already has cyber weapons, such as computer code to take down websites or shut down IT systems, and in 2011 declared that it would respond to hostile cyber acts.
The United States, and possibly Israel, are widely believed to have been behind "Stuxnet", a computer virus that destroyed nuclear centrifuges in Iran in 2010. Neither has confirmed it.
Some NATO allies believe shutting down an enemy power plant through a cyber attack could be more effective than air strikes.
"I need to do a certain mission and I have an air asset, I also have a cyber asset. What fits best for the me to get the effect I want?" Widmann said.
The 29-nation NATO alliance recognised cyber as a domain of warfare, along with land, air and sea, in 2014, but has not outlined in detail what that entails.
In Europe, the issue of deploying malware is sensitive because democratic governments do not want to be seen to be using the same tactics as an authoritarian regime. Commanders and experts have focused on defending their networks and blocking attempts at malicious manipulation of data.
Senior Baltic and British security officials say they have intelligence showing persistent Russian cyber hacks to try to bring down European energy and telecommunications networks, coupled with Internet disinformation campaigns.
They believe Russia is trying to break Western unity over economic sanctions imposed over Moscow's 2014 annexation of Crimea and its support for separatists in eastern Ukraine.
"They (Russia) are seeking to attack the cohesion of NATO," said a senior British security official, who said the balance between war and peace was becoming blurred in the virtual world. "It looks quite strategic."
Moscow has repeatedly denied any such cyber attacks.
ESTONIAN 'CYBER COMMAND'
The United States, Britain, the Netherlands, Germany and France have "cyber commands" -- special headquarters to combat cyber espionage and hacks of critical infrastructure.
Estonia, which was hit by one of the world's first large-scale cyber attacks a decade ago, aims to open a cyber command next year and make it fully operational by 2020, with offensive cyber weapons.
"You cannot only defend in cyberspace," said Erki Kodar, Estonia's undersecretary for legal and administrative affairs who oversees cyber policy at the defence ministry.
Across the globe this year computer hackers have disrupted multinational firms, ports and public services on an unprecedented scale, raising awareness of the issue.
NATO held its biggest ever cyber exercise this week at a military base in southern Estonia, testing 25 NATO allies against a fictional state-sponsored hacker group seeking to infiltrate NATO air defences and communication networks.
"The fictional scenarios are based on real threats," said Estonian army Lieutenant-Colonel Anders Kuusk, who ran the exercise.
NATO's commanders will not develop cyber weapons but allied defence ministers agreed last month that NATO commanders can request nations to allow them use of their weapons if requested.
(Reporting by Robin Emmott; Editing by Peter Graff)