President Joe Biden and leaders from the 30 countries that now make up NATO, the North Atlantic Treaty Organization, agreed at their summit in Brussels "that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack," an assessment that could lead the organization to invoke its mutual self-defense clause -- or Article 5.
Amid the growing cyber threat, Biden on Monday called NATO's Article 5 "a sacred obligation" that is "rock solid and unshakable."
The NATO alliance and its pledge to the common defense of member nations was originally intended to deter armed aggression from the Soviet Union following World War II.
The idea then was the allies could join forces to defend against an air or ground invasion.
Over the past few years, though, NATO has broadened the threat to include cyberattacks -- and recent ones on the U.S. -- emanating Biden has said, from Russia -- have created a new urgency on how to address the problem.
"Cyber threats to the security of the Alliance are becoming more frequent, complex, destructive and coercive," NATO said in April. "NATO will continue to adapt to the evolving cyber threat landscape. NATO and its Allies rely on strong and resilient cyber defences to fulfill the Alliance’s core tasks of collective defence, crisis management and cooperative security. The Alliance needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats and attacks it faces."
In fact, NATO now regularly conducts cyberdefense exercises as well as the more traditional ones involving tanks and troops.
But while a military incursion -- and how the allies should respond -- might be relatively clear, what constitutes a cyberattack serious enough to necessitate a joint response could be less so, especially if, as is often the case, it is difficult to trace its origin, which could range from a "state actor" to a criminal gang.
Here's what you need to know about the key section of the treaty.
What is Article 5?
The key section of the NATO treaty -- of which 30 countries have now signed onto since the organization was formed by 12 founding countries in 1949 -- is Article 5.
Article 5 commits each member state to consider an armed attack against one member state to be an armed attack against them all.
When it comes to security, Article 5 is where the weight of the alliance lies.
Has it been invoked before?
Yes -- but only once.
NATO invoked Article 5 in response to the terrorist attacks of Sept. 11, 2001, committing its support to the U.S.
"I constantly remind Americans that when America was attacked for the first time on its shores since what happened back at the end of World War II, NATO stepped up," Biden said in a meeting with NATO Secretary-General Jens Stoltenberg in Brussels, referencing the terror attacks. "NATO stepped up, and they honored Article 5."
On Sept. 12, 2001, NATO unanimously passed a four-paragraph resolution to reflect its understanding that the threats to global security had changed radically since the alliance was founded.
"Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law," a NATO summit communique said. "We reaffirm that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis. Allies recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack."
"We will make greater use of NATO as a platform for political consultation among Allies, sharing concerns about malicious cyber activities, and exchanging national approaches and responses, as well as considering possible collective responses. If necessary, we will impose costs on those who harm us," the joint communique said.
That aligns with how White House national security adviser Jake Sullivan on Sunday detailed Article 5 would be updated to deal with the growing global threat of cyberattacks.
"This would be on a case-by-case basis," he said. "And the notion is that if someone gets hit by a massive cyberattack, and they need technical or intelligence support from another ally to be able to deal with it, they could invoke Article 5 to be able to get that."
While it's unclear how exactly how severe a cyberattack would need to be to trigger Article 5, NATO leaders have said, "Cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent. This has been recently illustrated by ransomware incidents and other malicious cyber activity targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm."
The communique comes as the U.S. has been hit with several cyberattacks in recent weeks, including the Colonial Pipeline attack that disrupted the U.S. gasoline supply, some believed to have been caused by bad actors in Russia. With the wind of NATO behind him, Biden is expected to break up the cyberattacks in his meeting with Russian President Vladimir Putin on Wednesday.
What has Biden said versus Trump?
Biden, sitting outside NATO headquarters with the secretary-general Monday, called Article 5 a "sacred obligation" and one that is "rock solid and unshakable" to the U.S.
"NATO is critically important for U.S. Interest in and of itself," he said. "If there weren't one, we'd have to invent one. It is--It allows America to conduct its business around the world in a way that never would have occurred were it not for NATO."
Biden's endorsement of NATO stands in stark contrast to his predecessor, former President Donald Trump, who called the alliance "obsolete," which he later backtracked, and once declined to endorse Article 5, which has been a key tenet of the alliance since it was created in 1949.
ABC News' Ben Gittleson and Justin Gomez contributed to this report.