The Wall Street Journal reporting on un-classifed portions of a report anticipated for release next month (I can’t find a Google News account, welcome link in the comments). I concentrate on robots, not cyber, so I leave it to others to comment, but I do recall that this report and its conclusions have been discussed a fair amount in academic circles, and as far as I know this will not surprise people following those discussions. Though this is not my speciality, I wanted to flag it for people’s attention.
The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.
The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country’s military.
In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.
Update: Columbia Law School’s Matthew Waxman has a new article coming out in Yale International Law Journal on this topic, Cyber Attacks and the Use of Force: Back to Article 2(4). It explains a lot of the background to this issue as well as giving a good legal and policy analysis. Here is the abstract:
Cyber-attacks — efforts to alter, disrupt, or destroy computer systems, networks, or the information or programs on them — pose difficult interpretive issues with respect to the U.N. Charter, including when, if ever, such activities constitute prohibited “force” or an “armed attack” justifying military force in self-defense. In exploring these issues, and by drawing on lessons from Cold War legal debates about the U.N. Charter, this Article makes two overarching arguments. First, strategy is a major driver of legal evolution. Whereas most scholarship and commentary on cyber-attacks has focused on how international law might be interpreted or amended to take account of new technologies and threats, this Article focuses on the dynamic interplay of law and strategy — strategy generates reappraisal and revision of law, while law itself shapes strategy — and the moves and countermoves among actors with varying interests, capabilities, and vulnerabilities. Second, this Article argues that it will be difficult to achieve international agreement on legal interpretation and to enforce it with respect to cyber-attacks. The current trajectory of U.S. interpretation — which emphasizes the effects of cyber-attacks in analyzing whether they cross the U.N. Charter’s legal thresholds — is a reasonable effort to overcome translation problems of a Charter built for a different era of conflict. However, certain features of cyber-activities make international legal regulation very difficult, and major actors have divergent strategic interests that will pull their preferred doctrinal interpretations and aspirations in different directions, impeding formation of a stable international consensus. The prescription is not to abandon interpretive or multilateral legal efforts to regulate cyber-attacks, but to recognize the likely limits of these efforts and to consider the implications of legal proposals or negotiations in the context of broader security strategy.
TomHynes says:
http://www.prisonplanet.com/computer-expert-us-was-behind-stuxnet-virus.html
Did the U.S. engage in an act of war against Iran?
May 30, 2011, 11:20 pmPT says:
TomHynes
From everything I’ve read about stuxnet, it looks more Israeli than anything else.
May 30, 2011, 11:30 pmLessinSf says:
Either way, the U.S. has just justified Iran putting a missle down our, or the Israelis’ smokestacks. Not that they needed justification. We have violated their sovereignty many times before.
May 31, 2011, 12:20 amptt says:
No, no, it says right in the first sentence: coming from another country. As for Israel, I’m sure they’re exempt, too.
May 31, 2011, 12:40 amKen Arromdee says:
It’s like the argument that if we kill enemy leaders like bin Laden, the enemy will then try to kill our leaders. To which the answer is “the enemy would try to do that anyway”.
The idea that the US has somehow given Iran a new excuse to go to war is ludicrous. Iran would go to war with us anyway without having to come up with an excuse. The only thing that stops them is that they don’t think they could win.
May 31, 2011, 12:58 amGil says:
Isn’t then intent to do harm is the only pre-requisite? It reminds of the story of the woman who got charged with attempted murder when she tried poison her husband via using fly spray in the sandwiches for his lunch. He inevitably spat out a piece instead of eating the sandwiches. However the judge said it was desire to commit murder regardless of how feeble the method.
May 31, 2011, 1:31 amDBL2 says:
The makers of the Stuxnet virus should be awarded the Nobel Peace Prize. With the loss of zero lives, infliction of zero harm to civilians and without any harm to any innocents, they succeeded in delaying the Iranian regime’s illegal drive towards the development of nuclear weapons by several years at least. What other initiative – diplomatic or military – can say the same?
May 31, 2011, 2:29 amElbabe says:
This seems like one of those things that should have been a policy a long time ago. Full on cyber offensives have been a part of war for several years now, the Russian attack on Georgia being the best example.
May 31, 2011, 2:47 amPhil says:
Apparently, then, the Stuxnet worm we (allegedly) unleashed on Iran’s nuclear reactors was an act of war, but the missiles we are shooting into Libya are not otherwise the President would have asked for a declaration of war, or the more sissy version, an AUMF. I see there is no shortage of double standards in the Pentagon and White House. I propose the following rule: if we consider their actions an act of war, then when we do the same it is also an act of war and the people’s representatives need to authorize it.
May 31, 2011, 3:17 amPassing By says:
You write with such firmness and authority that I’m sure you’ve got excellent evidence to support this statement. Please share it with the rest of us.
May 31, 2011, 8:04 amNorthern Dave says:
http://www.dailymail.co.uk/news/article-1388033/Is-second-missile-crisis-Iran-build-mid-range-rocket-bases-Venezuela.html?ito=feeds-newsxml
May 31, 2011, 8:34 amNorthern Dave says:
I do have a question as to limits. I can see that if you have a Pearl-Harbouresque attack on all American power plants, say, or a Battlestar Galactica-esque attack on all military software one could reasonably argue it was an act of war (the second for obvious reasons and the former due to the ensuing deaths and damage). I have trouble seeing the argument with launching ICBM’s because Chinese intelligence/or Bob the overbright but bored high-schooler who has routed his attack through Bulgaria is trying to hack VP Biden’s home computer….Where’s the natural limit?
May 31, 2011, 8:39 amZoe Brain says:
It is rumoured that such a policy has been in place in the commercial sector for some years.
A large firm gets hit with a cyber-attack, and an extortion demand, from an extra-territorial entity. OK, it was usually some Russian Hackers. Pay $10 million or suffer $100 million or more in damage.
Instead of paying the $10 million demanded, they pay an agent in Russia $200,000 to make the problem go away. They don’t want to know how. Palms are duly greased, through cut-outs and middlemen, and finally some 9x18mm pistol bullets are expended, and the problem duly goes away.
So it is rumoured. I know one UK firm where just spam was costing them $20 million a year, till they contacted their agent in Russia to fix it.
May 31, 2011, 8:41 amHouston Lawyer says:
My question is how do you determine in real time where the hack is originating from or does it matter? If the offending computer farm is the originator of the attack or just a surrogate, do you bomb the computers or go for what you believe is the ultimate source? Do you bomb some other strategic asset to compel the government where the hack originates to find him and take him out?
May 31, 2011, 9:50 amGMason says:
It was a kinetic action, not an act of war. The Commander in Chief can take any military action as long as it is kinetic and not fall under the War Powers Act. The same must apply to other nations, no?
May 31, 2011, 11:33 amArthur Kirkland says:
Authority to determine that which constitutes an act of war appears to be assigned to civilian authorities; unless the assignment was delegated by those entitled to make the relevant determination, why are military personnel considering this issue?
May 31, 2011, 12:35 pmantiquus says:
Of course, “strategy” is outside of the political process. Anything that irritates the pentagon, DHS, state police, local police, etc. will eventually end up as “illegal” at the corresponding level. Especially if it could be embarrassing, ranging from email hacks to welfare fraud, both of which are administrative faux pas.
May 31, 2011, 12:45 pmSigivald says:
The only surprise here is that anyone’s surprised by this; if taking out the power grid with manual sabotage or missiles would be an act of war (as they can easily be; that’s an attack more effective than many small military actions that would be unquestioned causus belli), doing so via computer attacks is theoretically identical.
(I do find it amusing that the fiction of the UN mattering is still maintained so nearly universally…
The UN is a joke and its “requirements” in the Charter continue to be absolutely irrelevant to War in the Clausewitzian sense.)
May 31, 2011, 1:42 pmDennis says:
It’s an interesting analysis, but The Pentagon doesn’t get to decide when we are at war. The people who inhabit the five sided building (Sorry, couldn’t resist.) don’t get to decide that, either. Other than reacting within preset Rules of Engagement, they do as they’re told by civilians.
The Pentagon analyzes stuff, and plans for stuff that hopefully will never happen, and spends boatloads of money.
May 31, 2011, 1:52 pmDennis says:
It’s the same question in the 3-D world. Theoretically some mope firing a .22 rifle across the boarder is an act of war. In reality, it’s decided based on political calculations.
I suppose there could be some preset responses for medium level attacks, something like “take out a power station, we launch a cruise missile,” but the trigger will still be political.
I don’t see anything really new, here. The overall message is still, “Piss us off badly enough and it’s on.” That was settled practice when Pharaoh was a Second Lieutenant.
May 31, 2011, 2:00 pmThe PJ Tatler » Since when does not having an opinion stop a blogger from blogging? says:
[...] some type of cyber warfare against a sitting federal official. That kind of action, by the way, the Pentagon may now consider as an act of war against the US, with all the military implications that go along with [...]
May 31, 2011, 3:59 pmInstapundit » Blog Archive » PENTAGON: Cyber-Attack Can Be Act Of War…. says:
[...] PENTAGON: Cyber-Attack Can Be Act Of War. [...]
May 31, 2011, 6:34 pmBill says:
Didn’t they do something a few decades ago? What was it…? Oh yeah, stormed our embassy and took hostages. We’re already at war with them.
May 31, 2011, 8:09 pmleeada says:
Sounds like another excuse for the new imperialist president(who replaced the old imperialist president), to define yet another class of enemy, that he can declare as such at will, and kill with a hellfire missile anywhere in the world he chooses. An enemy who can be an american citizen or not, as the president is above the law, the law no longer having anything to with constitutions, or legislatures, but simple fiat by executives. Whatever the pres wants , he gets, and hysterically enough that is a point of view that rules on VC
June 1, 2011, 1:22 am