How Should The US Respond To Cyber Attacks?

The U.S. Army’s ‘Cyber Center of Excellence’, Fort Gordon in Augusta, Ga., hosted a multi-service ‘NetWar’ to show, and build, cyber Warrior capabilities Tuesday, June 10.
Photo by Staff Sgt. Tracy Smith

The principles of jus ad bellum, the "right to war," and the laws of armed conflict have evolved through centuries of development and survived military innovations like aircraft and tanks. But given cyber warfare’s inherently asymmetric nature and the difficulties in correctly and quickly attributing attacks, do the traditional laws of armed conflict still hold true? Or are we already living in an era where we hold one set of standards for countries that adhere to international law and a different set of standards for those countries that either encourage or ignore their citizens to participate in cyber attacks? Should we hold ISIS to the same set of standards for Monday’s hacking of U.S. CENTCOM’s social media pages as a state-sponsored group that hacks Sony?

The use of cyber militias is nothing new. Russia and China have tacitly encouraged the technique for the last decade deliberately in order to throw off attribution and save money (patriotic hackers who will work for free in their spare time are much cheaper than a military). The continuing questions over who really was behind the Sony hack will only further this behavior in that they encourage nation-states to utilize non-state actors to do their dirty work, knowing they can then be shielded by layers of doubt over identity. It’s hard to retaliate if there’s no return address on the malware or virus dumped onto your computer systems.

Countries like Russia and China utilizing civilian hackers to do their dirty work trigger a dilemma in distinguishing between combatants and non-combatants in a cyber world. Distinction between a lawful and unlawful combatant can be difficult enough in a face-to-face environment; imagine trying to figure it out in a virtual world just based on programming code or behavior. Are you dealing with a civilian hacker utilizing a coffee shop internet protocol address or a military hacker trying to utilize a civilian network? In a world where our networks are so intertwined, how does one distinguish between military networks and civilian networks in a retaliatory attack? Ideally, of course, a targeted attack would just take military resources offline while leaving hospitals and education facilities stable, but since any computer in the proper hands can be used to retaliate, any computer network can therefore be seen as a weapon by an attacking enemy. In the realm of cyber warfare, the distinction between lawful combatant and unlawful combatant and the distinction between a military network and a civilian network may become a luxury.

Cyber warfare can also cloud the principles behind proportionality in a military response. Here, again, Sony can be used as an example. An entity, rumored to be backed by North Korea, hacked a company doing business in America, potentially costing it billions of dollars (and a loss of prestige). If the United States government has a right to retaliate on Sony’s behalf, what could it potentially do to North Korea to have any proportional impact? Sony likely has a greater gross domestic product than North Korea and North Korean civilians are unlikely to have any access to the Internet. But what if China was behind the attack, rather than North Korea, and to retaliate, the United States utilized the same distributed denial of service attacks on China that were rumored to have been used on North Korea? Suddenly the costs are astronomical to China’s economy, dwarfing Sony’s losses, and Chinese hackers launch their own retaliatory attacks. Imagine widespread distributed denial of service attacks in America, where we rely on the Internet for everything from banking to medical records, or what would happen if our power grids were hacked.

One thing that is indisputable is that virtual actions can have tangible, physical results. From the hack on Target last Christmas to the hack on Sony more recently, American companies and citizens are vulnerable. The United States government has been vague on admitting when a cyber attack constitutes an act of war — if it is true that the distributed denial of service attacks were retaliation for the Sony hack, why are we not pressing our Russian and Ukrainian allies more strenuously regarding the Rescator-backed hack on Target last Christmas?

The “International Strategy for Cyberspace” report, commissioned by the White House and released in 2011, will only go so far as to say that, “Consistent with the United Nations Charter, states have an inherent right to self-defense that may be triggered by certain aggressive acts in cyberspace,” but then does not define what those “certain aggressive acts” might be. It’s interesting, in theory, to ponder what self-defense measures could be triggered by a cyber attack, but it might not be theory within the next 10 years; not when technologies are growing exponentially year by year. A retaliatory distributed denial of service attack this year might become a complete shutdown of a power grid within five years.

Conflicts conducted in an entirely virtual realm — albeit with physical results — are a new arena in policy, giving the United States the potential to lead in establishing new doctrines and treaties, but in the meantime, leaving us in a world of nebulous unknowns, a sort of virtual Wild West that is open to exploitation and bad actors. Some of those bad actors will want to exploit our adherence to the rules and principles governing conflict in a physical realm, especially as we try to navigate what is essentially a new world and extrapolate laws and treaties to apply. The principles of jus ad bellum and the laws of armed conflict, then, must necessarily be as fluid and dynamic as the military conflicts and technologies they govern. We shouldn’t get rid of them, but we should be prepared to adapt them for the cyber realm and the conflicts we will face there.

NEC Corp.'s machine with propellers hovers at the company's facility in Abiko near Tokyo, Monday, Aug. 5, 2019. The Japanese electronics maker showed a "flying car," a large drone-like machine with four propellers that hovered steadily for about a minute. (Associated Press/Koji Sasahara

'Agility Prime' sounds like a revolutionary new video streaming service, or a parkour-themed workout regimen, or Transformers-inspired niche porno venture.

But no, it's the name of the Air Force's nascent effort to replace the V-22 Osprey with a militarized flying car — and it's set to take off sooner than you think.

Read More Show Less
In this March 12, 2016, file photo, Marines of the U.S., left, and South Korea, wearing blue headbands on their helmets, take positions after landing on a beach during the joint military combined amphibious exercise, called Ssangyong, part of the Key Resolve and Foal Eagle military exercises, in Pohang, South Korea. (Associated Press/Yonhap/Kim Jun-bum)

Task & Purpose is looking for a dynamic social media editor to join our team.

Our ideal candidate is an enthusiastic self-starter who can handle a variety of tasks without breaking a sweat. He or she will own our brand's social coverage while working full-time alongside our team of journalists and video producers, posting to Facebook, Twitter, Instagram (feed, stories, and IGTV), YouTube, and elsewhere.

Read More Show Less
Photos: IMDB

The only thing Hollywood might love more than a good-looking man named Chris — heavy emphasis on might — is a war film. And in recent years, a primary constant in contemporary war films has been facial hair.

Read More Show Less

Editor's Note: This article originally appeared on Business Insider.

The legendary former Navy SEAL Adm. Bill McRaven said at an event on Wednesday that China's technical and national defense capabilities were quickly approaching — and sometimes surpassing — those of the US, representing what he called a "holy s---" moment for the US.

McRaven, who was the head of Special Operations Command during the 2011 operation on the Al Qaeda leader Osama bin Laden's Pakistan compound, said at the Council on Foreign Relations event that "we need to make sure that the American public knows that now is the time to do something" about China's rapid increases in research and developments in technology that threaten US national security.

Read More Show Less

If the Army's Next Generation Squad Weapon program is supposed to produce the iPhone of lethality, then the service is looking for as many killer apps as possible.

Read More Show Less