DoD Report: Cyber Attacks Could Elicit Military Response

Wednesday, November 16, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

The Pentagon has produced a twelve page report that reiterates earlier assertions that the United States reserves the right to respond with military force to any "significant cyber attacks directed against the U.S. economy, government or military".

The report was mandated as part of the 2011 Defense Authorization Act, and provides the strongest language to date regarding the prospect that a coordinated cyber attack could elicit a traditional military reprisal.

"When warranted, we will respond to hostile attacks in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means - diplomatic, informational, military and economic - to defend our nation, our allies, our partners and our interests," the report stated.

Earlier this year, the Department of Defense had concluded that the Laws of Armed Conflict, which govern the level of appropriate military action in the face of naked aggression by a foreign power, should also extend to the cyberspace field of operations.

This most recent report underscores the fact that the Pentagon takes the threat of cyber aggression most seriously, and is in no way limiting the range of responses available to the military under the direction of the Commander and Chief.

"If directed by the president, DoD will conduct offensive cyber operations in a manner consistent with the policy principles and legal regimes that the department follows for kinetic capabilities, including the law of armed conflict," the report continued.

The measure of a cyber attack and the corresponding response would be determined by evaluating the level of "death, damage, destruction or high-level disruption" caused by an attack. Under this strategy, a sizable event could prompt a significant military response given the level of damage incurred.

In July of this year, the Department of Defense released a document that provided an outline for military-based cyber operations titled Strategy for Operating in Cyberspace (pdf) that contains five specific strategic initiatives:

  • Strategic Initiative 1: Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential.
  • Strategic Initiative 2: Employ new defense operating concepts to protect DoD networks and systems.
  • Strategic Initiative 3: Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy.
  • Strategic Initiative 4: Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity.
  • Strategic Initiative 5: Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.

The release of the report follows on the heels of news that The North Atlantic Treaty Organization (NATO) is in the process of drafting an international law manual which will address concerns surrounding the prospect of cyber warfare, and how member states can best cooperate to mitigate mounting threats to network security.

One of the biggest obstacles to standardization of military response to cyber-based attacks is in reliably determining attribution. In many cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors.

Source:  http://www.reuters.com/article/2011/11/16/us-usa-defense-cybersecurity-idUSTRE7AF02Y20111116

Possibly Related Articles:
18290
Network->General
Military DoD Cyberwar Cyber Security Attacks Headlines report Pentagon 2011 Defense Authorization Act
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.