Print 30 comment(s) - last by mvs.. on Jun 2 at 1:27 AM

It's no game -- the U.S. government says cyberattacks can be an act of war.  (Source: Google Images)

The Chinese army or hired mercenaries are suspected of hacking U.S. businesses, advocacies, government contractors, and even government servers.   (Source: Pic China Mil)
Ruling opens door to responding with force against nations to attack U.S. government systems

In a landmark decision the Pentagon, central command for the U.S. Armed Forces, reportedly has ruled that cyber attacks can constitute an act of war.  In an era where foreign powers are increasingly flexing their cyber-muscle, the decision could dramatically affect world diplomacy and raise some serious questions.

I. Cyber Attack - War?

These days your power, water, natural gas are all tied to the internet.  The U.S. Military is highly dependent on the internet for communications, as is the federal government.  If someone cut the U.S. access to the web the nation could see a massive communications blackout.  Worse, if the attacker sabotaged critical networks and/or spread misinformation via internet connections, the nation could essentially be crippled.

In short, the internet offers a sophisticated attacker the means to cripple the U.S., drastically reducing its ability to defend itself against threats.

Of course the U.S. is not going to sit idly by while its networks are under attack.  But in an era in which tech savvy powers like Russia and, particularly, China regular probe and/or attack U.S. government networks, the risk of a full fledged cyber assault becomes a very grave one.

In his seminal 1984 cyberpunk novel Neuromancer, William Gibson envisioned a world at war, in which internet offensives were used as preludes to physical attack.  Today that possibility seems prescient.

II. Pentagon Publishes Cyber Strategy

In the face of a new frontier of warfare, the Pentagon has completed its first formal cyber strategy.  The report will be made public next month with classified portions redacted.

The new strategy will explore alarming scenarios like how the Armed Forces would respond to a cyber attack on U.S. nuclear reactors, subways or pipelines.  

The Wall Street Journal has already leaked the report's most serious conclusion -- cyber attacks can now be considered an act of war.  Unnamed Pentagon officials are cited as saying that the new policy is meant as a warning for foreign adversaries who might consider attacking the U.S.

Comments one anonymous military official, "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."  

III. Crafted in Fire: How World Events Shaped Document

Recent events compelled the Pentagon to begin work on the policy last year.  

One of the highest profile catalysts include the massive loss of military and state department data to Wikileaks, which is suspected to have been executed by a young U.S. Army Specialist, Bradley Manning.

But Mr. Manning's breach arguably wasn't even the most compelling one.  A 2008 infection across U.S. Military systems in Iraq is considered in many circles to have been worse, as it potentially exposed a greater amount of classified data.  That attack is suspected to have been the work of Russian operatives, who pulled it off by connecting a single, infected USB drive to a military laptop.

Other significant events include reported infiltration of the U.S. power grid by cyber spies; the sale of Military USB sticks in Iraqi and Afghani bazaars; and breaches of Lockheed Martin's servers in 2009 and earlier this month.

Also noteworthy was the semi-successful sabotage of Iran's nuclear power facilities, which some argue the U.S. was implicated in.  Even if a U.S. hand were behind the attack, its success would serve a powerful wakeup call to the Pentagon of what a well-placed cyberassault can do.

IV. A Time to Kill

One of the most significant questions raised by the report is when to respond to a cyber-attack with physical force.

According WSJ, the Pentagon is favoring a concept called "equivalence".  This policy is to only respond with physical force if an attack produced similar effects to a physical assault -- e.g. death, damage, destruction, and/or high-level disruption.

Charles Dunlap, a retired Air Force Major General and professor at Duke University law school comments; "A cyber attack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same."

Gen. Dunlap says that the U.S. Military dislikes the term "act of war", which it views as a political term.  It prefers the term "use of force" to describe armed attacks.

A tough question facing the Armed Forces, however, is how to accurately determine where an attack originated.  For example, an attack might be traced to Russia or China, but it's not as easy to determine whether those nations' governments were involved.  Much like the U.S. court system is realizing that an IP address does not identify an individual accurately, the military faces the dilemma of the inherent ambiguity of online routing.

V. Additional Details

According to three unnamed U.S. Department of Defense officials, the report covers 30 pages for the classified form and 12 pages for the declassified version.  

The officials say the report closes by stating that the Laws of Armed Conflict [DOC] — a series of international rules derived from various treaties and international customs, that serve as a blueprint of what nations can and can't do with regards to conflict — apply to the online world, much as they do the physical one.  They say the report closes with a discussion of how nations much cooperate to achieve international cybersecurity.

What exactly the net result of the new rules is remains to be seen.  The U.S. thus far has been viewed as somewhat of a "cyber-weakling" when it comes to responding to serious foreign threats.

The concept of equivalence still leaves questions such as how the U.S. should respond to threats against its businesses' economic prosperity, or foreign attacks that look to silence free speech.  Reportedly Chinese parties have been carrying out both kinds of attacks against parties in the U.S.  But thus far the Chinese government's "cyberwar" against America has yet to escalate into the territory covered in the new rules -- conduct that could provoke a physical counterattack.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

kind of ironic don't ya think?
By ncage on 5/31/2011 10:33:24 PM , Rating: 2
Its rummored that the first big cyber attack is theorized that the US had a hand in (Stuxnet & the attack on the iranian uranium enrichment centrifuges). We of course know Israel was it it but many people think we helped...

Maybe this is due to the recent attacks to steal technical info from the likes of Lockheed martin.

But the sad truth is its really the fault of the people who secure this private information.

I don't care how freakn secure their network infrastructure is. Whether than have a 20,00 Cisco Firewalls/CSA and whatever sort of defense systems they have. NOTHING and i really NOTHING with this type of information should be connected to the internet or any other machine that has internet access. If you need to work with this data then you need to work in a secured lab that has no sort of connection to the outside world. And i'm not talking so nifty VLAN seperation. I'm talking PHYSICALLY segregated. All the USB ports (if any machines have them) should be filled with epoxy and the machine shouldn't have any type DVD Burners or any thing where someone could easily swipe the data. Unless we learn this vital lesson there there will be data that gets stolen.

By GuinnessKMF on 5/31/2011 10:56:10 PM , Rating: 5
Physical connections are certainly weak points, but they pale in comparison to simple social engineering attacks. The issue isn't that they have an internet connection, it's that people who aren't educated in computers are using them. If you try to tie someone's hands behind their back when they work, they're going to half-ass it or try to find a way around you.

Never underestimate stupidity.

RE: kind of ironic don't ya think?
By chrnochime on 6/1/2011 1:48:33 AM , Rating: 5
Seriously you need to make your comment readable. It would seem that you know your stuff, so couldn't you write in a less headache-inducing manner?

My head hurts from reading things like this:

Whether than have a 20,00 Cisco Firewalls/CSA

and this

And i'm not talking so nifty VLAN seperation.

By FITCamaro on 6/1/2011 7:45:37 AM , Rating: 4
Grammar are overrayted.

RE: kind of ironic don't ya think?
By drycrust3 on 6/1/2011 11:27:45 AM , Rating: 2
Give him some credit:He didn't mention "Windows".

RE: kind of ironic don't ya think?
By Iaiken on 6/1/2011 12:41:17 PM , Rating: 3
The "Windows" should be epoxied shut too?

RE: kind of ironic don't ya think?
By TSS on 6/1/2011 2:12:21 PM , Rating: 2
No we'd better leave those open i heard somewhere that PC's use air cooling.

RE: kind of ironic don't ya think?
By mvs on 6/2/2011 1:27:35 AM , Rating: 2
Yeah, those Politically Correct types are full of hot air.

RE: kind of ironic don't ya think?
By Uncle on 6/1/2011 2:32:42 PM , Rating: 3
"We of course know Israel was it it but many people think we helped..."
What school did you graduate from, everyone knows that their are two Israels in the world, one in the middle east and one in N America.

RE: kind of ironic don't ya think?
By Reclaimer77 on 6/1/2011 7:03:33 PM , Rating: 1
LOL I love how these same people, Obama included, painted Bush as a crazy warmonger and loose cannon. Now we're in ANOTHER war, we violated a sovereign nations borders to assassinate Bin Laden, and the administration just ruled that hacking is a declaration of war.

Not that I disagree with these things, but can you imagine how this would be reported under a Republican administration? Seriously the hypocrisy is amazing!

By bernardl on 6/1/2011 8:05:19 PM , Rating: 2
Not that I disagree with these things, but can you imagine how this would be reported under a Republican administration? Seriously the hypocrisy is amazing!

True, but if it is not an administration thing, then who is behind these moves?


By Lifted on 5/31/2011 10:49:02 PM , Rating: 2
I assume I'm reading this wrong, but is the Pentagon saying that the military can "defend" itself from cyber-attacks by dropping bombs without an the approval of Congress or an order from the President? If not, what is the point of this report?

RE: huh?
By StevoLincolnite on 6/1/2011 12:54:57 AM , Rating: 2
I feel sorry for the 15 year old kid who decides it would be funny to try and hack the governments network if that's the case. lol.

RE: huh?
By AssBall on 6/1/2011 4:12:48 AM , Rating: 2
I wondered about this too, as we have our fair share of domestic douchebags trying to hack stuff.

This sounds like it only gives grounds for a war act though, not certainty of reciprocation.

If some college kid and his friends in say New Zealand hack into, I doubt we are going to immediately start sending tomahawks into Wellington.

RE: huh?
By mcnabney on 6/1/2011 10:55:05 AM , Rating: 2
well, not immediately.

RE: huh?
By UnauthorisedAccess on 6/1/2011 9:28:45 PM , Rating: 2
Can't we take some things off grid?
By stm1185 on 5/31/2011 11:21:14 PM , Rating: 2
We had nuclear power plants before the internet, so why do we have to be susceptible to attacks against our nuclear plants through the internet. Why not just pull the plug, and go back to the old way?

It seems like we have been building systems without thinking about the security risks, but here they come. Maybe we don't need internet connected power plants, or access to DOD files on networks able to be used remotely.

By Jalek on 6/1/2011 2:07:28 AM , Rating: 3
They've been pushing the "smart grid" idea pretty hard.
The government wants to know when you do your laundry and have the capability to turn off your dryer when it's necessary for national security.

By FITCamaro on 6/1/2011 7:45:01 AM , Rating: 2
Of course the U.S. is not going to sit idly by while its networks are under attack.

I'd say that's exactly what we've been doing. I hope this decision changes that.

RE: Ahem
By espaghetti on 6/1/2011 1:06:31 PM , Rating: 2
I wouldn't say we we've been idle.
There are foreign governments that we don't like to overthrow.
Magical lizards to protect and so on.

By icanhascpu on 5/31/2011 9:53:32 PM , Rating: 1
This is a super good idea. Lets spend lives on stopping attacks. Hey got an idea, lets spend ideas on tightening online security, getting the monopolies set in order so our internet infrastructure can maybe enter where the rest of the world is.

The problem is not without, it is within.

RE: Super
By YashBudini on 5/31/11, Rating: -1
RE: Super
By ekv on 6/1/2011 5:17:25 AM , Rating: 2
The president ought to sign an executive order to the effect that any cyber-attack is grounds for war, enables him to bypass the Constitution and declare martial law. Then sign another executive order that makes the first order secret (so even FOIA request can't find out the exact details).

Somebody from the State Dept. could make the rounds of the morning tv shows and talk-up vast conspiracy theories. Then "wait" for a crisis so to take advantage of the EO.

By room200 on 5/31/2011 11:19:03 PM , Rating: 2
This serves as notice to all those who attempt to hack into my computer: I can now bust a cap in yo' ass. LOL

Oh! Great idea!
By frobizzle on 6/1/2011 10:27:22 AM , Rating: 2
So, when we discover and have lots of proof that the cyber-attacks are coming from China or Russia, we are going to send over fleets of troops to launch an attack?

Yeah...the Chinese are already shaking in their boots!

By rbuszka on 6/1/2011 1:15:50 PM , Rating: 2
I wonder if this report is part of an effort to categorize U.S. based cyberattacks against U.S.-located targets as acts of treason. It might have that effect, intended or not.

By kaosstar on 6/1/2011 9:45:52 AM , Rating: 1
We don't have the brainpower to defend ourselves or respond in kind, so we threaten the use of physical force. Sounds about right.

Fcuk the US of A
By gescom on 6/1/11, Rating: -1
RE: Fcuk the US of A
By mcnabney on 6/1/2011 11:06:45 AM , Rating: 2
No, we are just going to bomb you. Happy now?

RE: Fcuk the US of A
By espaghetti on 6/1/2011 1:10:06 PM , Rating: 2
So the rest of the world elected you or did you overthrow it?
I this Kim Jong-il?
Have you been drinking again?

"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki