Get Task & Purpose in your inbox
When Does A Cyber Attack Constitute An Act Of War? We Still Don’t Know
Editor’s Note: This article by Bryant Jordan originally appeared on Military.com, the premier source of information for the military and veteran community.
Pentagon leaders are still working to determine when, exactly, a cyber attack against the United States would constitute an act of war, and when, exactly, the Defense Department would respond to a cyber attack on civilian infrastructure, a senior Defense Department official told lawmakers on Wednesday.
A cyber strike as an act of war "has not been defined," Acting Assistant Secretary of Defense for Homeland Defense and Global Security Thomas Atkin told the House Armed Services Committee. "We're still working toward that definition."
The White House and Pentagon let it be known in 2011 that acts such as shutting down the U.S. power grid via a cyber attack could be seen as an act of war that would bring not only a cyber-response but perhaps "a missile down one of your smokestacks," a DoD official said at the time.
That bit of colorful language was not included in the final, published strategy, which did state that: "When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means -- diplomatic, informational, military, and economic -- as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests."
In recent years, the United States, including Pentagon and White House computer systems, have been hacked, reportedly by China and Russia.
Yet the United States has not — at least publicly — declared exactly what kinds of attacks and what level of damage would trip the threshold into an act of war. Three years ago, Joint Chiefs of Staff Chairman Gen. Martin Dempsey told reporters that Congress should ultimately make such a call.
"It's called the War Powers Act," Dempsey said. "And here's why that's important. There is an assumption out there, I think, and I would like to disabuse you of it, that a cyber-attack that had destructive effects would be met by a cyber response with destructive attacks. That's not necessarily the case."
Also not clearly defined, Atkin told lawmakers, is when the military would defend or go on the offense against state or non-state actors launching a cyber-attack on a civilian U.S. target, which he referred to as an "act of significant consequence."
"As regards an act of significant consequence, we don't necessarily have a clear definition that says this will always meet [the requirement]," he said, "but we evaluate it based on loss of life, physical property, economic impact and our foreign policy."
Atkin said he could not answer a hypothetical posed by Rep. Tulsi Gabbard, a Democrat from Hawaii, on whether loss of life resulting from an attack on the electrical grid cutting off power to hospitals would constitute an attack of significant consequence.
"What I would say is, regardless of whether the attack is of significant consequence or not, the Department of Homeland Security would respond, and if they needed assistance from the Department of Defense, they would ask for that … and we would respond [through DHS] to help that critical infrastructure," Atkin said.
He also said that Army National Guard cyber troops receive the same type of training as the active-duty force and could be activated under state authority.
"We recently completed coordination, train, advise and assist policy guidance within the department to allow National Guard troops to use Department of Defense resources to respond to a cyber event under state authority, and we're continuing to work other policies" toward the same end, he said.
This article originally appeared on Military.com.
More from Military.com:
A U.S. soldier died on Friday while in Syria supporting Operation Inherent Resolve, the Defense Department announced on Saturday.
A word that could once not be mentioned in court — torture — was front and center on Friday as a military tribunal prepares to take on the long-delayed trial of Khalid Shaikh Mohammed, the confessed chief plotter of the 9/11 attacks, and four other defendants.
"I know torture's a dirty word," defense attorney Walter Ruiz told the tribunal. "I'll tell you what, judge, I'm not going to sanitize this for their concerns."
The suspect in the death of 21-year-old U.S. Marine Cpl. Tyler Wallingford, who was fatally shot in the barracks of the U.S. Marine Corps Air Station Beaufort more than nine months ago, was found guilty in military court of involuntary manslaughter earlier this month and sentenced to more than five years.
A 19-year-old Army private who died during basic training earlier this month was posthumously promoted to private first class, just before friends and family gathered for a memorial service to honor his life on Jan. 16.