Mike Rounds
May 8, 2016
http://www.wsj.com/articles/defining-a-cyber-act-of-war-1462738124
The federal government has a fundamental responsibility to provide for the nation’s defense. Until recently, the government has fulfilled that role almost exclusively through nuclear deterrence and conventional military forces. But a new type of warfare—in cyberspace—is emerging as a top threat to America.
In recent years, foreign actors have used sophisticated technologies to acquire the personal files of millions of federal employees, to gain access to the private information of multibillion-dollar U.S. businesses, and to tap into the control center of the Bowman Avenue Dam in New York, among many other known cyberattacks.
Yet Washington has no clear policy for responding to a cyberattack. If an attack against the U.S. occurs through conventional military means, the policies are clear. These guidelines must be broadened to include the cyber domain.
Current U.S. policies permit the Defense Department to respond to a cyberattack against military forces and infrastructure. But the U.S. doesn’t have a clear policy governing the Pentagon’s response to a similar attack against critical civilian infrastructure.
If an attack occurs today, would the U.S. be able to respond in a timely manner? In the cyberworld, an attack can occur in mere milliseconds, requiring an appropriate response in real time. That might not be possible if explicit policies are not in place.
During a Feb. 9 Senate Armed Services Committee hearing, I asked Lt. Gen. Vincent Stewart, director of the Defense Intelligence Agency, whether it would be helpful to have a definition of what constitutes an act of war in cyberspace. He replied that if the military had a “much fuller definition of the range of things that occur in cyber space, and then start thinking about the threshold where an attack is catastrophic enough or destructive enough that we define it as an act of war, I think that would be extremely helpful.”
It is now time to arrive at this definition. On Monday I am introducing the Cyber Act of War Act of 2016, which would require the administration to define what constitutes an act of war in cyberspace. The administration would be required to consider the ways in which the effects of a cyberattack may be equivalent to the effects of an attack using conventional weapons, as well as the intangible effects of significant scope, intensity or duration.
America needs a clear and concise definition of when an attack in cyber space constitutes an act of war. The executive branch needs such a definition so it can fully formulate policies governing, for example, when it might be appropriate for the U.S. to undertake offensive operations against a cyber adversary.
The Cyber Act of War Act is a step toward removing dangerous ambiguity and arriving at a sensible policy. By clearly defining what constitutes a cyber act of war, the nation will be better able to respond to a cyberattack and better deter bad actors from attempting an attack on the U.S. in the first place. Recent events have shown how urgently action is needed.
Mr. Rounds, a Republican, is a U.S. senator from South Dakota.
No comments:
Post a Comment