A US Department of Defense report has outlined how the American military plans to respond to foreign hacker attacks. We’re talking all-out retaliation, both in cyberspace, and in real life.
The 12-page document sent to Congress was made public on Tuesday. Legislators had wanted the Pentagon to deliver the report on new cyber-warfare policy by March 1 this year, but the top brass were a few months late.
"When warranted, we will respond to hostile attacks in cyberspace as we would to any other threat to our country," the report said as cited by Reuters. "We reserve the right to use all necessary means – diplomatic, informational, military and economic – to defend our nation, our allies, our partners and our interests."
The warrant for such an operation would come from the President, and he will decide what “use of force” in cyberspace will constitute. Stand-alone operations would not trigger a Congressional notification requirement under the War Powers Resolution, reports the Washington Post.
The biggest problem with reacting to a hacker attack is identifying the guilty. A number of security experts and intelligence have pointed to Chinese and Russians as the key perpetrators of cyber-attacks on American computers. However no accusations have been officially pressed against those governments.
The Pentagon plans to tackle the issue by employing behavior and cyber forensics experts, who would point to the individuals responsible.
The report also points out the need for an automated response to internet hostilities, which raised the alarm with some cyber security experts.
“The question is, how, and to what extent, are they thinking about automated responses?” Herbert Lin, a cyber expert at the US National Academy of Sciences, told the Washington Post. Such responses, he said, “are fraught with danger. Without people in the loop, you’re much more likely to do unintended stuff.”
One can only wonder what US officials would say if, say, Iran authorized its Revolutionary Guard to strike in retaliation to a Stuxnet worm cyber-attack. The virus crippled Iranian uranium enrichment facilities last year and is believed to have been created by highly skilled hackers. Some reports pointed to Israel and the US as being behind the malware.