Pentagon Declares That Cyber-Attacks Can Constitute an Act of War, Deserving an Armed Response

081203-N-2147L-390 NORFOLK, Va. (Dec. 3, 2008) Sailors on the watch-floor of the Navy Cyber Defense Operations Command monitor, analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks. (U.S. Navy photo by Mass Communications Specialist 1st Class Corey Lewis/Released) MC1 Corey Lewis

On the heels of a cyber attack that breached defense contractor Lockheed Martin’s network defenses last week, the Pentagon is opening the door to new means of dealing with cyber attacks perpetrated by foreign nations. In a new, formal 30-page cyber strategy document–unclassified portions of which will be made public next month–the Pentagon has deemed that cyber attacks can constitute acts of war, and that responses can include traditional military retaliation.

The question now is: what constitutes a cyber attack from a foreign land? Pinning the blame for digital skullduggery on a foreign government (or anyone else for that matter) is often difficult to do with any degree of certainty. The Pentagon is of the opinion that the largest and most sophisticated attacks require state resources, and as such leave a fingerprint of government complicity if not outright support.

But the idea that conventional forces might be launched in retaliation for a cyber attack also conjures thoughts of Bond villian-esque plots to thrust the world into chaos. Could some teenager in Estonia with a knack for coding unwittingly (or wittingly) provoke an armed conflict? And even if a cyber attack was unquestioningly perpetrated on behalf of a foreign state, how does one weigh the appropriate military response?

These are the tough questions that will have to be hashed out in coming months and years as cyber warfare takes a place next to conventional might on the global battlefield. We’ll learn more about the DoD’s philosophy here when the unclassified portion of the document is released, but we do know that the document will push for an international doctrine among America’s allies that dictates appropriate responses to cyber threats.

One popular idea is a doctrine of “equivalence.” If a cyber attack produces death, damage, or some kind of economic or commercial disruption equivalent to what might be wrought by a military attack, it could be considered an act of war and a candidate for military retaliation. As one military official told the WSJ: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

It sounds a bit subjective, but so these things go. The current international system of meting out retaliation and justifying military action is based on a patchwork system of international treaties, some dating back decades, as well as a code of (somewhat)mutually agreed upon international practices and methods. The DoD is heading into uncharted territory from an international framework standpoint, as nothing exists in these earlier treaties and agreements that applies to the digital perils of the 21st century.

That leaves a lot of room for uncertainty, but what is absolutely certain is the role cyber warfare will play in global conflicts going forward. The British Ministry of Defense announced just this week that it is placing cyber attacks on equal standing with other military conflicts, and that “cyber troops” will deploy with conventional forces in the field and elsewhere to defend critical networks. In that sense, the age of the true cyber warrior is just getting underway.

[Wall Street Journal, BBC]