U.S. Rules of the Road for Cyber Warfare Issued

Wednesday, June 22, 2011



President Obama has issued executive orders that define new ground rules for the Pentagon regarding operations in cyberspace.

The directives are intended to govern the extent to which the military can conduct cyber offensive operations, including espionage, attacks on critical infrastructure, and the use of malware to infect foreign computer networks.

The orders also outline the circumstances in which an attack against U.S. computer networks could be considered an act of war and potentially elicit a military response.

Amid growing concerns over state-sponsored attacks reportedly emanating from China, Iran, Russia and other nations, western governments have begun to seriously step-up the cyber offensive rhetoric in recent months.

"I've often said that there's a strong likelihood that the next Pearl Harbor that we confront could very well be a cyberattack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems," incoming Pentagon chief Leon Panetta said.

The measure of a cyber attack and the corresponding response would be determined by evaluating the level of death, damage, destruction or high-level disruption caused by an attack. Under this strategy, a sizable event could prompt a significant military response given the level of damage incurred.

"You don't have to bomb them anymore. That's the new world... It's a decisive weapon, but it's not a super weapon. It's not a nuclear bomb," said the Center for Strategic and International Studies' James Lewis.

The new directives may serve to counter critics who assert that the United States is falling behind the likes of China when it comes to developing cyber defensive and offensive capabilities.

"We've had 50 years in which we haven't really had to rethink what might happen in a war here. We need to think very hard about an actual strategy about how to win a war in which cyber weapons are prominently featured," former Homeland Security official Stewart Baker.

One of the biggest obstacles to standardization of military response to cyber-based attacks is in reliably determining attribution. In many cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors.

"In the realm of the Internet (cyber realm), you will fail miserably if you think that you can pinpoint an opponent via an IP address or even collection of addresses, a signature, a comment in an application and so forth," wrote security expert J. Oquendo.

Other experts agree that attribution is the major stumbling block to establishing parameters for a cyber offensive.

"The U.S. military is setting itself up for failure because attribution is difficult, and it's easy to spoof your identity thereby falsely implicating the wrong government or group. A military attack could be misplaced, as a result, but at the same time not responding will now be seen as a sign of weakness," said Jay Bavisi, president of EC-Council.

Source:  http://www.signonsandiego.com/news/2011/jun/22/pentagon-gets-cyberwar-guidelines/

Possibly Related Articles:
Government Military Headlines Obama Pentagon National Security Cyber Warfare Cyber Offense Attribution
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.