(Cyberwar.news) Since it is still a fairly new realm of warfare, the Pentagon still has not yet determined when a targeted cyber assault on a civilian, government or defense information system constitutes an actual act of war, as well as when the president should direct the military to response in kind.
As reported by Military.com, Acting Assistant Secretary of Defense for Homeland Defense abd Global Security Thomas Atkin told the House Armed Services Committee last week that cyber strikes as acts of war have “not been defined” as of yet, but added: “We’re still working toward that definition.”
In 2011 the Obama administration and the Pentagon made clear that acts like shutting down a U.S. power grid via a cyber attack could indeed qualify as an act of war that would not only bring a similar cyber response but maybe even “a missile down one of your smokestacks,” said a DoD official at the time
That language was not part of the final, published DoD strategy, which said [PDF], “When warranted, the United States will respond to hostile acts in cyberspace as wee would to any other threat to our country. We reserve the right to use all necessary means – diplomatic, informational, military and economic – as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests.”
In recent years U.S. information systems including those of the Pentagon and White House, have been hacked, reportedly by Russia and China. Even so, the Obama administration has not publicly pointed fingers at either nation or detailed what sort of damage was caused and what kinds of attacks were launched, and whether they qualified as acts of war.
Three years ago, however, Joint Chiefs of Staff Chairman Gen. Martin Dempsey laid the responsibility at the feet of lawmakers, who he said ultimately should make the determination.
“It’s called the War Powers Act,” Dempsey said. “And here’s why that’s important. There is an assumption out there, I think, and I would like to disabuse you of it, that a cyber-attack that had destructive effects would be met by a cyber response with destructive attacks. That’s not necessarily the case.”
Adkin said what is also not clearly laid out is when the military would defend or launch an offensive against state or non-state actors who had targeted a U.S. civilian with a cyber attack, which he said was an “act of significant consequence.”
“As regards an act of significant consequence, we don’t necessarily have a clear definition that says this will always meet [the requirement],” he said, “but we evaluate it based on loss of life, physical property, economic impact and our foreign policy.”
Adkin noted that he could not answer a pointed question from Rep. Tulsi Gabbard, D-Hawaii, on whether loss of life resulting from an attack on the nation’s electric grids that cut off power to hospitals would amount to an attack of significant consequence.
“What I would say is, regardless of whether the attack is of significant consequence or not, the Department of Homeland Security would respond, and if they needed assistance from the Department of Defense, they would ask for that … and we would respond [through DHS] to help that critical infrastructure,” Atkin said, adding that National Guard cyber units could be activated as well to support the DHS mission.
- Expert: U.S. Power Grid Now ‘Valid Target’ For Hackers
- FBI, DHS Issue Warning About Increasing Cyber Threat To Nation’s Power Grid After Downplaying It In January
- U.S. Military Developing 7-Day Restoration Plan If Power Grid Destroyed By Cyber Attack