Manhattan Computer Services

The rash of cyber attacks across the country recently have prompted some strong words from the United States government. The US Department of Defense has ruled that any attack on computer networks or sabotage of information systems stemming from other countries officially constitute an act of war and can be responded to with traditional military force.

What this does is basically open up military strikes against nations that knowingly allow cyber attacks against the United States in order to prevent all the damage that could occur due to the attacks. This decision by the Pentagon is designed to give a physical threat to nations in a world where cyber attacks are becoming the new norm.

In addition to the threat, this decision also gives the United States Military more options to use in retaliation to cyber attacks aside from trying to defend against them and retaliating by waging our own cyber attacks.

However, the government isn’t treating every single cyber attack as an act of war. Popular examples of attacks that would receive this kind of treatment include shutting down or disrupting safety systems in US nuclear reactors or shutting down parts of the United States power grid.

These types of attacks are examples of how a cyber attack could have extreme repercussions on non-cyber targets. These attacks cross the same lines that the United States military would be able to with a military strike.

This report from the Pentagon, which is the first one specifically dealing with cyber strategy, includes references to attacks on the Pentagon’s computer networks, as well as a reference to the Stuxnet computer worm that targeted nuclear power systems in Iran. Many analysts believe that the Stuxnet worm is complicated enough that only an entire nation would have the resources to develop it instead of a single person or group of hackers.

As with any government document or issue, this one has its fair share of controversy both inside and outside the military. Many officials in the military have noted that the report leaves open the notion of whether or not the United States can ever fully identify where an attack originated.

Other defense analysts have also pointed to the concept of “equivalence”. What that means is that an attack should be met with an equal but overwhelming force as a way to determine how broad a retaliatory strike should be in response to a cyber attack.

Despite all that, this statement from the Pentagon shows two major shifts in the thinking of the United States military in terms of information warfare. The first shift is that the Pentagon recognizes that they’ve been slow to create a comprehensive information security posture to protect American military networks as well as civilian networks. The second thing is that the Department of Defense is taking threats and attacks against American information security very seriously.