Sunday, March 12, 2017
'Cyber attacks are an act of war': Pentagon to announce new rules of engagement against state sponsored hackers
America may retaliate with military force against countries that sabotage its computers, according to the Pentagon’s first ever strategy on how to fight escalating cyber attacks.
Anxious to contend with growing internet incursions linked to Russia and China, U.S. military chiefs have reportedly agreed that the most serious sabotage attempts should constitute an act of war.
The document – due to be published next month but whose contents were leaked to the Wall Street Journal – is designed to tackle a changing world in which computer hackers could cripple America’s financial markets or public transport systems.
Defence: The Pentagon will reclassify cyber attacks as an aggressive act if it causes the equivalent loss of life or damage to infrastructure as a conventional military attack
‘If you shut down our power grid, maybe we will put a missile down one of your smokestacks,’ a military official told the Journal.
Officials said America wants to warn hostile countries that they cannot get away with cyber warfare with impunity.
Instead, the U.S. argues that the existing international rules of armed conflict will apply in cyberspace.
Consequently, its level of retaliation for a cyber attack would be in proportion to the same amount of ‘death, damage, destruction or high-level disruption’ caused by a conventional military attack.
For example, an attack on the transport system that closed down as much commerce as would a naval blockade could be considered an act of war, said James Lewis, a cyber security expert who has advised the Obama administration.
The 30-page Pentagon document will also stress the importance of finding a consensus in this area with allies such as Britain.
Last month, Chancellor George Osborne revealed that foreign intelligence agencies were trying to break into the Treasury computer system to steal information or spread viruses at the rate of more than one attack a day.
Whitehall has announced that an extra £500million will be spent on bolstering cyber security.
Last year, it emerged that MI5 and U.S. intelligence had warned hundreds of British and American companies two years earlier about the threat from Chinese government-backed hackers.
The U.S. has suffered a growing number of cyber attacks.
Only this weekend, Lockheed Martin, a key defence contractor and the American government’s main IT provider, said it had repelled a ‘significant and tenacious’ assault on its computer systems.
America is not always the victim in such attacks, say experts. The U.S. and Israel were blamed for the development of the 2009 Stuxnet virus, a computer worm that targets industrial software, which sabotaged Iran’s nuclear programme.
The move comes as the Chinese army last week announced the formation of an 'On-line Blue Army' of cyber experts to help 'defend' military and civilian infrastructure against outside attack.
Threat: The Pentagon said it is ready to retaliate against cyber attacks
The Wall Street Journal, citing three officials who had seen the document, said the the strategy would maintain that the existing international rules of armed conflict - embodied in treaties and customs - would apply in cyberspace.
It said the Pentagon would likely decide whether to respond militarily to cyber attacks based on the notion of 'equivalence' - whether the attack was comparable in damage to a conventional military strike.
Such a decision would also depend on whether the precise source of the attack could be determined.
One of the problems with cyber attacks is that it is so difficult to trace their origin.
Unlike traditional military attacks, the code used can be routed through several different countries making a point of origin hard to detect.
Despite this, the level of training, hardware and scale used in some of the attacks could only be achieved through government level backing.
Threat: many of the cyber attacks in recent years have been traced to China, with heavy suspicion falling on the PLA
The idea of a cyber attack goes back to the very earliest days of the modern computer.
One of the first rumoured computer based operations involved the CIA attacking a Soviet gas pipeline.
In 1982 the agency allegedly sent a 'logic bomb' to interrupt the workings of a Siberian gas pipeline, causing it malfunction and explode.
As well as individual logic bombs, teams of hackers can pin point a specific military or civilian institution, probing for weakness and planting 'back doors' that allow for further attacks.
The decision to formalise the rules of cyber war comes after the Stuxnet attack last year ravaged Iran's nuclear program.
That attack was blamed on the United States and Israel, both of which declined to comment on it.
It also follows a major cyber attack on the US military in 2008 that served as a wake-up call and prompted major changes in how the Pentagon handles digital threats, including the formation of a new cyber military command.