The Pentagon Now Considers Cyber Attacks Acts of War

By Veronique Greenwood | June 1, 2011 11:50 am

pentagon

What’s the News: Cyber attacks undertaken by another nation can be considered an act of war, according to a new Pentagon policy to be released in the next month. If you mess with the US online, the Pentagon has decided, it may retaliate offline, in the form of bombs, missiles, and other very real attacks. One military official sums it up thusly to the Wall Street Journal, which broke the story: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.” How exactly this stance will be put into practice, though, isn’t clear.

What’s the Context:

  • This document is the Pentagon’s first attempt to codify a policy on cyber attacks. It’s in response to several prominent hacks in the last few years: three years ago, US military computers were infiltrated by a virus hiding in a thumb drive; in 2010 Iranian nuclear centrifuges were knocked out of commission by the Stuxnet virus, which seems to have originated in Israel; and just this weekend, major military contractor Lockheed Martin admitted that its systems had breached, though it said no information had been compromised.
  • It’s an update to the laws of armed conflict, a set of rules governing warfare that are pulled together from various treaties (similar to the way case law is developed).  Officials say that the US’s response will be in proportion to the damage caused by an online attack: to justify use of force, they will have to show that the effect is the equivalent of what could be done with more conventional weapons of war. If, for instance, a foreign power builds a virus that causes fatal crashes in train systems across the country, the US’s reaction would in theory be the same as if the attack had been accomplished with bombs.
  • The military has also developed a list of cyber-weapons and the situations in which they can be used, the Washington Post reported yesterday. The list has been in use for several months by various security agencies and specifies when a tailored computer virus needs the president’s approval and when it doesn’t.

Not So Fast:

  • It’s all well and good to say that if another nation launches a cyber attack against the United States that causes serious mayhem, the US will retaliate. But how will the government know where the attack truly originated—it’s not hard to fudge IP addresses, after all—and whether a country’s government, as opposed to a disgruntled hacker, was behind it? As the WSJ notes, previous cyber attacks, such as the one that struck Georgia during its 2008 war with Russia, have been hard to trace to their sources.

The Future Holds: Unclassified sections of the Pentagon’s policy–about 12 pages out the the 30-page document–will be available next month. Stay tuned for further discussion on its implications.

Image credit: randomduck/flickr

CATEGORIZED UNDER: Technology
  • Jay Fox

    Proof of origin for any attack will be next to impossible. Just because an attack was launched from a certain location doesn’t mean the code was written there.

    Once they find out the attack was conceived by some bored kid in his mother’s basement, are they going to flatten the house?

  • dm

    SACRILEGE

    clubconspiracy.com/forum/f29/judgment-day-may-21-2011-a-13663.html

  • Joshua

    I wonder what the Pentagon would call it if another nation’s military invaded our sovereign territory to assassinate one of their enemies….

  • Aleksandar Kuktin

    In the light of practical untraceability of a cyberattack, this is a classical case of what you call a “excuse to start a war”.

  • DanIel

    American culture of fear…

  • Wayne A. Schneider

    I always thought it was up to Congress to decide what constitutes an Actt of War. The Pentagon does not have the Constitutional authority to retaliate on its own say-so.

  • Jeff

    Calling this an excuse to start a war or a result of a culture of fear is incredibly judgemental with zero justification.

    This is simply a matter of having the paperwork in place to allow for an appropriate response in the event (however unlikely) of the realization of what is a real possibility.

    The only reason this is news is that it involves the ‘cyber sphere,’ a realm that has traditionally been underexposed to the regulations of legal systems.

  • Jockaira

    Joshua,

    The recent attack to apprehend a wanted criminal terrorist in Pakistan was assuredly a violation of sovereignty, however these facts should be taken in consideration.

    1. The mission team was in Pakistan only for the time required to accomplish the mission.

    2. No Pakistani citizen was killed or injured, and no Pakistani property was damaged.

    3. The Pakistani government had shown inability or intrasigience in helping to apprehend the criminal who, by the seized evidence, was still engaging in hostile acts of war against the US.

    The US took primary actions not against the nation of Pakistan, but against a criminal apparently sheltered and protected by Pakistani anti-governmental elements. If anything, the incursion was a “friendly” violation of sovereignty to help Pakistan meet its moral and legal duties to the rest of the world community.

  • amphiox

    I wonder what the Pentagon would call it if another nation’s military invaded our sovereign territory to assassinate one of their enemies….

    They could call it the same thing they called the shelling and sinking of the French Mediterranean fleet by the Allies in WWII immediately after France’s surrender to Germany.

    Whether something is or is not an act of war, and whether it is or is not a justifiable action, are two utterly separate questions.

  • Barry Johnstone.

    GWBs Secretary of Defence, Donald Rumsfeld privatised war, making it a money-making venture in the process, so what else could America expect. America’s addiction to war (as is other powers addiction) is and must be a direct threat to any peace. There is NO justification at all for any war of any sort!

  • Aj

    By the Constitution, it is my understanding that only Congress has the authority to declare an act of war. The President and the Pentagon do not have any say in declaring war. Please correct me if I am wrong.

  • http://discovermagazine.com Iain

    Typical American hostility. Exported terrorism for years, now it’s coming back to them and they will openly kill people for their own failed foreign policies.
    Firs american invasion of Nicaragua 1779.

  • Jockaira

    AJ,

    Correct. Only Congress has the power to declare war. In the War Powers Resolution of 1973 Congress granted authority to the President, who commands all the military forces of the US, to conduct war-like acts for a period not exceeding 60 days without a legal declaration of war or specific authorization of Congress. The President must notify Congress within 48 hours of the commencement of any such action. In order for the President to exceed those 60 days, he must get permission from Congress. If he exceeds those 60 days without that permission, he then is in violation of his legal authority. This Resolution was enacted to limit the President’s military power but recognized that rapid military response without lengthy Congressional debate might be pragmatically necessary for national security.

    IAIN,

    The present governmental authority of the United States is the Constitution which was adopted by the US on September 17, 1789. That invasion of Nicaragua in 1779 was apparently done by another government.

  • Michael Berry

    As much as I think we can all agree that the last thing we need are more reasons to go to war, I don’t think this is America trying to be hostile. I get the impression that this was just put in place as a way of laying the groundwork for future large-scale cyber attacks, as well as to deter any countries who may be considering (or already implementing) cyber warfare.

    Keep it in perspective. They’re not talking about dropping a thermonuclear bomb on a hacker from Russia for breaking into Gizmodo’s website or forcing FOXNews.com to display nothing but pornography. They’re talking about heavy duty acts of war; things like taking out our power grid or attacking major financial or governmental institutions.

    Although these kinds of attacks could only have occurred through the use of bombs and missiles 50 years ago, that’s not the case now. All that’s required now is a heavy knowledge of cyber security, access to a computer and motive–no bombs or missiles needed so the financial cost is much less, thus it’s only going to become even more of a threat as the years go by.

    We need to be ready to retaliate against these serious cyber attacks. So many facets of our country are run by computers that a decision like this was inevitable. In the future, wars will be fought remotely, just as much (if not more) than on the ground.

  • Aleksandar Kuktin

    @ Jeff (#7): given the historical record, cracks are not only not unlikely, they are a regular occurrence. Which is a problem because then the US asserts it has a right to attack (retaliate) on any one of those. And they happen regularly. And can’t be reliably traced to the flesh-and-bone individuals who conducted them.

    The main bone I have to pick, however, is that most or all of those cracks happen because of either negligence or stupidity.

    The database dump of Infinigard by LulzSec (assuming the database was not a honeypot) is proof of this.
    http://www.theregister.co.uk/2011/06/06/lulzsec_fbi_affiliates_hack/
    http://www.unveillance.com/latest-news/unveillance-official-statement/
    http://www.thetechherald.com/article.php/201123/7236/Unveillance-faces-troubled-waters-in-the-wake-of-LulzSec-visit
    About 60% of passwords were crackable, presumably within 24 hours. A study of the Torpig botnet found a similar fraction of crackable passwords in the botnet victims (general population?).
    http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf
    LulzSec did not disclose how many of those passwords were reused (and I have not attempted to find out myself). In Torpig’s case, the fraction was 30% of all users.

    All in all, I am driven to conclude the US security scene is no different that the general population… Who gave them the keys??? THAT is the place Pentagon should address, rather then kill others in a futile attempt to protect the US.

    War is never good for commerce and USA relies of foreign exchange for its livelihood. How exactly is USA planning to stay afloat if all its trade partners turn their back is beyond me (since you can’t extort and neocollonize forever).

  • AmandaK

    A guy named Reza Kahlili was undercover in Iran for the CIA and he has talked to many different people about their plans and what he’s been through. I think that people need to prepare for something like this NOW. So many people are unaware. But he’s going to be on EMPact America on Wednesday the 29th to talk about what he went through and what Iran’s plans are and whatnot. Here’s the link for people to check it out: http://www.blogtalkradio.com/empact-radio/2011/06/29/pvp55–reza-kahlili-author-of-a-time-to-betray

NEW ON DISCOVER
OPEN
CITIZEN SCIENCE
ADVERTISEMENT

Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!

80beats

80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.
ADVERTISEMENT

See More

ADVERTISEMENT
Collapse bottom bar
+

Login to your Account

X
E-mail address:
Password:
Remember me
Forgot your password?
No problem. Click here to have it e-mailed to you.

Not Registered Yet?

Register now for FREE. Registration only takes a few minutes to complete. Register now »