– Pentagon: All options on table in cyber-attack (AFP, May 31, 2011):
The Pentagon said Tuesday that it would consider all options if the United States were hit by a cyber-attack as it develops the first military guidelines for the age of Internet warfare.
President Barack Obama’s administration has been formalizing rules on cyberspace amid growing concern about the reach of hackers. Major defense contractor Lockheed Martin said it repelled a major cyber-assault a week ago.
The White House on May 16 unveiled an international strategy on cyber-security which said the United States “will respond to hostile acts in cyberspace as we would to any other threat to our country.”
“We reserve the right to use all necessary means — diplomatic, informational, military, and economic — as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners and our interests,” the strategy said.
Pentagon spokesman Colonel Dave Lapan said Tuesday that the White House policy did not rule out a military response to a cyber-attack.
“A response to a cyber incident or attack on the US would not necessarily be a cyber response,” Lapan told reporters. “All appropriate options would be on the table if we were attacked, be it cyber.”
Lapan said that the Pentagon was drawing up an accompanying cyber defense strategy which would be ready in two to three weeks.
The Wall Street Journal, citing three officials who said they had seen the document, reported Tuesday that the strategy would classify major cyber-attacks as acts of war, paving the way for possible military retaliation.
The newspaper said that the strategy was intended in part as a warning to foes that may try to sabotage the US electricity grid, subways or pipelines.
“If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” it quoted a military official as saying.
The newspaper said the Pentagon would likely decide whether to respond militarily to cyber-attacks based on the notion of “equivalence” — whether the attack was comparable in damage to a conventional military strike.
Such a decision would also depend on whether the precise source of the attack could be determined.
The US military suffered its worst cyber-attack in 2008. Deputy Secretary of Defense William Lynn said that a malicious flash drive — likely from a foreign spy agency — spread and commandeered computers at US Central Command, which runs the war in Afghanistan.
The attack served as a wakeup call, with the Pentagon setting up a Cyber Command and worked on guidelines for a new type of conflict.
In cyber-warfare, aggressors are often mysterious and hence would not fear immediate retaliation — a key theoretical framework in traditional warfare.
Wesley Clark, the retired US general who led NATO’s campaign in Kosovo, said the announcement of guidelines for cyber-conflict would serve as a deterrent to those who would consider such an attack.
“It may be that the best response is not to use force, but what this policy will say is that an attack is an attack and could be met by force. It is a matter first of deterrence,” Clark told CNN.
While stepping up defenses, some believe the United States may also be pursuing cyber war. Iran has accused the United States and Israel of last year launching Stuxnet, a worm that reportedly wreaked havoc on computers in the Islamic republic’s controversial nuclear program.
The United States and Israel both declined to comment on Stuxnet.