In a landmark decision the Pentagon, central command for the U.S. Armed Forces, reportedly has ruled that cyber attacks can constitute an act of war.  In an era where foreign powers are increasingly flexing their cyber-muscle, the decision could dramatically affect world diplomacy and raise some serious questions.

I. Cyber Attack - War?

These days your power, water, natural gas are all tied to the internet.  The U.S. Military is highly dependent on the internet for communications, as is the federal government.  If someone cut the U.S. access to the web the nation could see a massive communications blackout.  Worse, if the attacker sabotaged critical networks and/or spread misinformation via internet connections, the nation could essentially be crippled.

In short, the internet offers a sophisticated attacker the means to cripple the U.S., drastically reducing its ability to defend itself against threats.

Of course the U.S. is not going to sit idly by while its networks are under attack.  But in an era in which tech savvy powers like Russia and, particularly, China regular probe and/or attack U.S. government networks, the risk of a full fledged cyber assault becomes a very grave one.

In his seminal 1984 cyberpunk novel Neuromancer, William Gibson envisioned a world at war, in which internet offensives were used as preludes to physical attack.  Today that possibility seems prescient.

II. Pentagon Publishes Cyber Strategy

In the face of a new frontier of warfare, the Pentagon has completed its first formal cyber strategy.  The report will be made public next month with classified portions redacted.

The new strategy will explore alarming scenarios like how the Armed Forces would respond to a cyber attack on U.S. nuclear reactors, subways or pipelines.  

The Wall Street Journal has already leaked the report's most serious conclusion -- cyber attacks can now be considered an act of war.  Unnamed Pentagon officials are cited as saying that the new policy is meant as a warning for foreign adversaries who might consider attacking the U.S.

Comments one anonymous military official, "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."  

III. Crafted in Fire: How World Events Shaped Document

Recent events compelled the Pentagon to begin work on the policy last year.  

One of the highest profile catalysts include the massive loss of military and state department data to Wikileaks, which is suspected to have been executed by a young U.S. Army Specialist, Bradley Manning.

But Mr. Manning's breach arguably wasn't even the most compelling one.  A 2008 infection across U.S. Military systems in Iraq is considered in many circles to have been worse, as it potentially exposed a greater amount of classified data.  That attack is suspected to have been the work of Russian operatives, who pulled it off by connecting a single, infected USB drive to a military laptop.

Other significant events include reported infiltration of the U.S. power grid by cyber spies; the sale of Military USB sticks in Iraqi and Afghani bazaars; and breaches of Lockheed Martin's servers in 2009 and earlier this month.

Also noteworthy was the semi-successful sabotage of Iran's nuclear power facilities, which some argue the U.S. was implicated in.  Even if a U.S. hand were behind the attack, its success would serve a powerful wakeup call to the Pentagon of what a well-placed cyberassault can do.

IV. A Time to Kill

One of the most significant questions raised by the report is when to respond to a cyber-attack with physical force.

According WSJ, the Pentagon is favoring a concept called "equivalence".  This policy is to only respond with physical force if an attack produced similar effects to a physical assault -- e.g. death, damage, destruction, and/or high-level disruption.

Charles Dunlap, a retired Air Force Major General and professor at Duke University law school comments; "A cyber attack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same."

Gen. Dunlap says that the U.S. Military dislikes the term "act of war", which it views as a political term.  It prefers the term "use of force" to describe armed attacks.

A tough question facing the Armed Forces, however, is how to accurately determine where an attack originated.  For example, an attack might be traced to Russia or China, but it's not as easy to determine whether those nations' governments were involved.  Much like the U.S. court system is realizing that an IP address does not identify an individual accurately, the military faces the dilemma of the inherent ambiguity of online routing.

V. Additional Details

According to three unnamed U.S. Department of Defense officials, the report covers 30 pages for the classified form and 12 pages for the declassified version.  

The officials say the report closes by stating that the Laws of Armed Conflict [DOC] — a series of international rules derived from various treaties and international customs, that serve as a blueprint of what nations can and can't do with regards to conflict — apply to the online world, much as they do the physical one.  They say the report closes with a discussion of how nations much cooperate to achieve international cybersecurity.

What exactly the net result of the new rules is remains to be seen.  The U.S. thus far has been viewed as somewhat of a "cyber-weakling" when it comes to responding to serious foreign threats.

The concept of equivalence still leaves questions such as how the U.S. should respond to threats against its businesses' economic prosperity, or foreign attacks that look to silence free speech.  Reportedly Chinese parties have been carrying out both kinds of attacks against parties in the U.S.  But thus far the Chinese government's "cyberwar" against America has yet to escalate into the territory covered in the new rules -- conduct that could provoke a physical counterattack.