The Pentagon has decided to treat Internet-borne attacks on the United States as acts of war. The change is motivated in part by a brewing leet arms race with China and Russia. Essentially the U.S. is playing catch-up in what someone from the 1990s would call “cyberspace” and the military is buying time by creating, it hopes, a deterrent.
Here are some problems with that plan:
First, you have to be able to figure out (and prove, hopefully) what country attacked you. China, Russia and Israel (with alleged U.S. collaboration) have all been accused of carrying out high-profile attacks on foreign targets, but none has been proved to originate within any of the accused governments.
And who’s to say that the actions of an individual or group should be just cause for fellow citizens to suffer retribution? The U.S. has a history of wild overreaction in this arena. Take the case of the British UFO enthusiast who faces 60 years in prison for scouring Pentagon computers for alien info.
Also, this new policy makes us more open to Gulf of Tonkin-style incidents in which the U.S. could justify military action or war based on difficult-to-corroborate claims of attempted attack (paging WikiLeaks). And if you threaten to bomb people who cyberattack you, you may have to back that up at some point.
Please share your own concerns (or endorsement of the new policy) in the comments section below.
The Pentagon seems to be worried that attackers may cause real damage by attacking the power grid or nuclear power plants. That’s a scary thought, but it’s also a bit Hollywood. Of course you have to be prepared, but missiles are no substitute for adequate Internet security.
This new way of thinking has not yet been formally released by the Pentagon, and there are lingering questions that need answering. In the excerpt below, The Wall Street Journal probes the legal issues of digital warfare and conventional retaliation. —PZS
Wall Street Journal via Engadget:
The Rules of Armed Conflict that guide traditional wars are derived from a series of international treaties, such as the Geneva Conventions, as well as practices that the U.S. and other nations consider customary international law. But cyber warfare isn’t covered by existing treaties. So military officials say they want to seek a consensus among allies about how to proceed.
“Act of war” is a political phrase, not a legal term, said Charles Dunlap, a retired Air Force Major General and professor at Duke University law school. Gen. Dunlap argues cyber attacks that have a violent effect are the legal equivalent of armed attacks, or what the military calls a “use of force.”
“A cyber attack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same,” Gen. Dunlap said Monday. The U.S. would need to show that the cyber weapon used had an effect that was the equivalent of a conventional attack.
Kenny Louie (CC-BY)