Print 30 comment(s) - last by mvs.. on Jun 2 at 1:27 AM

It's no game -- the U.S. government says cyberattacks can be an act of war.  (Source: Google Images)

The Chinese army or hired mercenaries are suspected of hacking U.S. businesses, advocacies, government contractors, and even government servers.   (Source: Pic China Mil)
Ruling opens door to responding with force against nations to attack U.S. government systems

In a landmark decision the Pentagon, central command for the U.S. Armed Forces, reportedly has ruled that cyber attacks can constitute an act of war.  In an era where foreign powers are increasingly flexing their cyber-muscle, the decision could dramatically affect world diplomacy and raise some serious questions.

I. Cyber Attack - War?

These days your power, water, natural gas are all tied to the internet.  The U.S. Military is highly dependent on the internet for communications, as is the federal government.  If someone cut the U.S. access to the web the nation could see a massive communications blackout.  Worse, if the attacker sabotaged critical networks and/or spread misinformation via internet connections, the nation could essentially be crippled.

In short, the internet offers a sophisticated attacker the means to cripple the U.S., drastically reducing its ability to defend itself against threats.

Of course the U.S. is not going to sit idly by while its networks are under attack.  But in an era in which tech savvy powers like Russia and, particularly, China regular probe and/or attack U.S. government networks, the risk of a full fledged cyber assault becomes a very grave one.

In his seminal 1984 cyberpunk novel Neuromancer, William Gibson envisioned a world at war, in which internet offensives were used as preludes to physical attack.  Today that possibility seems prescient.

II. Pentagon Publishes Cyber Strategy

In the face of a new frontier of warfare, the Pentagon has completed its first formal cyber strategy.  The report will be made public next month with classified portions redacted.

The new strategy will explore alarming scenarios like how the Armed Forces would respond to a cyber attack on U.S. nuclear reactors, subways or pipelines.  

The Wall Street Journal has already leaked the report's most serious conclusion -- cyber attacks can now be considered an act of war.  Unnamed Pentagon officials are cited as saying that the new policy is meant as a warning for foreign adversaries who might consider attacking the U.S.

Comments one anonymous military official, "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."  

III. Crafted in Fire: How World Events Shaped Document

Recent events compelled the Pentagon to begin work on the policy last year.  

One of the highest profile catalysts include the massive loss of military and state department data to Wikileaks, which is suspected to have been executed by a young U.S. Army Specialist, Bradley Manning.

But Mr. Manning's breach arguably wasn't even the most compelling one.  A 2008 infection across U.S. Military systems in Iraq is considered in many circles to have been worse, as it potentially exposed a greater amount of classified data.  That attack is suspected to have been the work of Russian operatives, who pulled it off by connecting a single, infected USB drive to a military laptop.

Other significant events include reported infiltration of the U.S. power grid by cyber spies; the sale of Military USB sticks in Iraqi and Afghani bazaars; and breaches of Lockheed Martin's servers in 2009 and earlier this month.

Also noteworthy was the semi-successful sabotage of Iran's nuclear power facilities, which some argue the U.S. was implicated in.  Even if a U.S. hand were behind the attack, its success would serve a powerful wakeup call to the Pentagon of what a well-placed cyberassault can do.

IV. A Time to Kill

One of the most significant questions raised by the report is when to respond to a cyber-attack with physical force.

According WSJ, the Pentagon is favoring a concept called "equivalence".  This policy is to only respond with physical force if an attack produced similar effects to a physical assault -- e.g. death, damage, destruction, and/or high-level disruption.

Charles Dunlap, a retired Air Force Major General and professor at Duke University law school comments; "A cyber attack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same."

Gen. Dunlap says that the U.S. Military dislikes the term "act of war", which it views as a political term.  It prefers the term "use of force" to describe armed attacks.

A tough question facing the Armed Forces, however, is how to accurately determine where an attack originated.  For example, an attack might be traced to Russia or China, but it's not as easy to determine whether those nations' governments were involved.  Much like the U.S. court system is realizing that an IP address does not identify an individual accurately, the military faces the dilemma of the inherent ambiguity of online routing.

V. Additional Details

According to three unnamed U.S. Department of Defense officials, the report covers 30 pages for the classified form and 12 pages for the declassified version.  

The officials say the report closes by stating that the Laws of Armed Conflict [DOC] — a series of international rules derived from various treaties and international customs, that serve as a blueprint of what nations can and can't do with regards to conflict — apply to the online world, much as they do the physical one.  They say the report closes with a discussion of how nations much cooperate to achieve international cybersecurity.

What exactly the net result of the new rules is remains to be seen.  The U.S. thus far has been viewed as somewhat of a "cyber-weakling" when it comes to responding to serious foreign threats.

The concept of equivalence still leaves questions such as how the U.S. should respond to threats against its businesses' economic prosperity, or foreign attacks that look to silence free speech.  Reportedly Chinese parties have been carrying out both kinds of attacks against parties in the U.S.  But thus far the Chinese government's "cyberwar" against America has yet to escalate into the territory covered in the new rules -- conduct that could provoke a physical counterattack.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

kind of ironic don't ya think?
By ncage on 5/31/2011 10:33:24 PM , Rating: 2
Its rummored that the first big cyber attack is theorized that the US had a hand in (Stuxnet & the attack on the iranian uranium enrichment centrifuges). We of course know Israel was it it but many people think we helped...

Maybe this is due to the recent attacks to steal technical info from the likes of Lockheed martin.

But the sad truth is its really the fault of the people who secure this private information.

I don't care how freakn secure their network infrastructure is. Whether than have a 20,00 Cisco Firewalls/CSA and whatever sort of defense systems they have. NOTHING and i really NOTHING with this type of information should be connected to the internet or any other machine that has internet access. If you need to work with this data then you need to work in a secured lab that has no sort of connection to the outside world. And i'm not talking so nifty VLAN seperation. I'm talking PHYSICALLY segregated. All the USB ports (if any machines have them) should be filled with epoxy and the machine shouldn't have any type DVD Burners or any thing where someone could easily swipe the data. Unless we learn this vital lesson there there will be data that gets stolen.

By GuinnessKMF on 5/31/2011 10:56:10 PM , Rating: 5
Physical connections are certainly weak points, but they pale in comparison to simple social engineering attacks. The issue isn't that they have an internet connection, it's that people who aren't educated in computers are using them. If you try to tie someone's hands behind their back when they work, they're going to half-ass it or try to find a way around you.

Never underestimate stupidity.

RE: kind of ironic don't ya think?
By chrnochime on 6/1/2011 1:48:33 AM , Rating: 5
Seriously you need to make your comment readable. It would seem that you know your stuff, so couldn't you write in a less headache-inducing manner?

My head hurts from reading things like this:

Whether than have a 20,00 Cisco Firewalls/CSA

and this

And i'm not talking so nifty VLAN seperation.

By FITCamaro on 6/1/2011 7:45:37 AM , Rating: 4
Grammar are overrayted.

RE: kind of ironic don't ya think?
By drycrust3 on 6/1/2011 11:27:45 AM , Rating: 2
Give him some credit:He didn't mention "Windows".

RE: kind of ironic don't ya think?
By Iaiken on 6/1/2011 12:41:17 PM , Rating: 3
The "Windows" should be epoxied shut too?

RE: kind of ironic don't ya think?
By TSS on 6/1/2011 2:12:21 PM , Rating: 2
No we'd better leave those open i heard somewhere that PC's use air cooling.

RE: kind of ironic don't ya think?
By mvs on 6/2/2011 1:27:35 AM , Rating: 2
Yeah, those Politically Correct types are full of hot air.

RE: kind of ironic don't ya think?
By Uncle on 6/1/2011 2:32:42 PM , Rating: 3
"We of course know Israel was it it but many people think we helped..."
What school did you graduate from, everyone knows that their are two Israels in the world, one in the middle east and one in N America.

RE: kind of ironic don't ya think?
By Reclaimer77 on 6/1/2011 7:03:33 PM , Rating: 1
LOL I love how these same people, Obama included, painted Bush as a crazy warmonger and loose cannon. Now we're in ANOTHER war, we violated a sovereign nations borders to assassinate Bin Laden, and the administration just ruled that hacking is a declaration of war.

Not that I disagree with these things, but can you imagine how this would be reported under a Republican administration? Seriously the hypocrisy is amazing!

By bernardl on 6/1/2011 8:05:19 PM , Rating: 2
Not that I disagree with these things, but can you imagine how this would be reported under a Republican administration? Seriously the hypocrisy is amazing!

True, but if it is not an administration thing, then who is behind these moves?


"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki