That's a very important question.
There is growing concern within NATO about the consequences of cyber‑attacks, because we know that cyber‑attacks can be significant. Indeed, under NATO's growing position, a large‑scale cyber‑attack within a country against its facilities or critical infrastructure could be considered an attack against one of the members of the organization.
Furthermore, article 5 of the North Atlantic Treaty does not provide that all members of the alliance will automatically enter into a military confrontation against the state that has perpetrated the threat. Rather, it provides that each member will be responsible for taking whatever means are deemed appropriate to assist the state that is the victim of a cyber‑attack.
The main problem with cyber‑attacks and NATO is attribution, as my colleagues Dr. Nora Cuppens and Dr. Frédéric Cuppens mentioned. That means being able to prove beyond a shadow of a doubt that a major cyber‑attack was perpetrated by the Kremlin, for example, in Canada, by the government, and not by hackers who act autonomously or independently on Russian territory. This is not an easy thing to prove.
It could have the effect of causing member states to debate whether that's really the case, and therefore loses much of its relevance.