• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Get Your Cyber War On

    According to an article in The Wall Street Journal, “The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.” Since the military has been using computers since World War II, it is pretty remarkable that they are just now getting around to figuring this out.

    As defined by the Constitution, it is the government’s job to “provide for the common defense.” Why would the rules in cyberspace be any different?

    Of course, not everybody thinks America should defend itself in the event of an act of cyberwar. There are two arguments against self-defense from cyber Pearl Harbors—and they are both pretty stupid.

    One holds that we are already attacked all the time in cyberspace. That’s true. The Department of Defense gets assaulted every day—sometimes in a “Wow! I can’t believe that!” kind of way. In 2008, an unnamed foreign intelligence agency conducted a cyber attack on a U.S. military command with malicious software dubbed “agent.btz.”

    The issue of when a malicious act rises to “act of war” is a question of proportionality—like the real Pearl Harbor—we’ll know when we see it. A computer virus modeled on “stuxnet,” for example, which strikes SCADA (computer command and control systems) could direct something really bad—like making infrastructure melt down, shut down, explode or crash—perhaps killing or injuring thousands.

    It is probably worth letting the world know that if a state or an organized non-state group tried something like that, the U.S. would come after them like it was the next 9/11. Murdering American innocents, whether it is with a bomb or a botnet (a form of malicious software) should never be thought of as a free lunch. A physical attack in response to a cyberattack that reaps catastrophic destruction is clearly proportional.

    A second wrongheaded reason why some say a cyber attack can’t lead to war is the “attribution problem.” Since cyber attacks can be rooted around the Internet all over the world before they hit their targets, some claim we’ll never know whom to attack. I disagree.

    Sorting out evil actors online is difficult, but it can be done. Computer forensics (the science and technology of tracking down online malicious actors) has advanced every bit as much as the enemy’s ability to write new malware. Even non-governments can do this. For example, the U.S. Cyber Consequences Unit (US-CCU), an independent research institute, conducted an analysis of the Russian attacks on Georgia. The US-CCU concluded cyber strikes were done by non-government entities with the assistance of organized crime and foreknowledge of the war and encouragement from the Russian government. Furthermore, cyber forensics is not the only tool available to track down cyber enemies. A range of information-gathering tools from open source intelligence to old-fashioned spies can be used to hunt down malicious actors—just like any other threat.

    More often than not, the failure to deal decisively with cyber threats comes more out of fear or indifference than lack of knowledge.

    As a new paper from Heritage cyber-expert Paul Rosenzweig makes clear, it makes no sense to think of cyber conflict as just our electrons fighting their electrons. If someone comes after America in a way that threatens the common defense, then that entity should expect to reap U.S. wrath with all the tools we can muster. That’s not to say that every cyber attack merits a declaration of war, but we should always be willing to use all the instruments of national power appropriately and proportionally to secure our rightful place in cyberspace.

    Posted in Security [slideshow_deploy]

    6 Responses to Get Your Cyber War On

    1. George Colgrove, VA says:

      One of the largest problems we have with cyber security is the system you are currently reading this article on. When 90+% of the world uses one operating system, it is no wonder why we cant keep our data secure. Why we are not using more customizable and inexpensive linix systems amazes me. We could eliminate much of the hacking that goes on by simply moving away from Microsoft. That and the back door the federal government has in every companies internal systems is creating a nightmare in cyber security.

      But then what would tens of thousands of overpaid and over numbered federal workers do?

      If everyone had their own custom system without the federal backdoor, then we would not need to spend billions fighting a so called cyberwar. In every case goverment is a solution desperately in search of a problem. If it cannot find a problem – it makes them.

      I personally feel the loose and bloated security protocols in the federal goverment and the fact that almost half of the federal workforce has some degree of high level access to senisitive data is prooving to be a far greater security risk than the cyber connections. WikiLeaks among others have a constant flow of sensitive material from the federal workforce on a daily basis. Since Wikileaks major dump last year, very little has been done to restrict access to experinced people with working knowledge of the subject matter. More clearances are pouring out of the clogged system and we are racking up 10's of billions of dollars trying to manage it all with NO success. No, all we have heard of as of late is that Obama wanted phychological reviews of every federal wworker to see if they are likely candidates for leakage. Recently the CIA has admitted the system is not working and needs to be overhauled and quickly. But what does that mean? And how much will it cost?

    2. Pingback: PA Pundits - International

    3. Leon Lundquist, Dura says:

      We are lucky enough to have Civilization, it supports the Free Access to Information! Just like with all criminals, Cyber Criminals are at once at war with Civilization Itself. These damned Progressive Sorcerers! The whole Wiki-leaks fiasco run deep into the Foggy Bottom of the Intelligence Services at the State Department. Our own Government 'reorganized' our Security data base so that a Private could leak Secrets! Call that a fix? An improvement? Not at all! It was Cyber Warfare, but this is the subject of Internal Warfare with our Domestic Enemy (Progressive Communists.) It looks to me like Secretary of State Hillary Clinton is a Domestic Enemy! (She says she is a Wilsonian Progressive, horrors! Wilson was dispicable!)

      I suppose the 'solution' to our cyber problems will be another Patriot Act, only this time it will render anybody anywhere subject to a Government Computer audit, so the real terror will come from our reaction. Our computers will be like Airline Passengers, "Bend Over!"

    4. Pingback: Replanteando la ciberguerra | Heritage Libertad

    5. Pingback: New Poll Shows America Must Wake Up to the Cyber Threat | The Foundry

    6. The Higher ED CIO says:

      Today's news of China's cyber warfare software demonstration ought to be enough to support DOD efforts to get more serious.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.