Behind the Government's Rules of Cyber War

wiredmikey writes "Deciding when malware becomes a weapon of war that warrants a response in the physical world – for example, a missile – has become a necessary part of the discussion of military doctrine. The Pentagon recently outlined (PDF) its working definition of what constitutes cyber-war and when subsequent military strikes against physical targets may be justified as result. The main issue is attribution of cyber attacks. The Department of Defense is working to develop new ways to trace the physical source of an attack and the capability to identify an attacker using behavior-based algorithms. 'If a country is going to fire a missile at someone, it better be sure it has the right target,' said one expert. A widely held misconception in the U.S. government is our offensive capabilities provide defensive advantage by identifying attacker toolkits and methods in foreign networks prior to them hitting our networks. So when do malware and cyber attacks become a weapon or act of war that warrant a real-world military response?"

Causus Belli

[flaming+error]

Constitutionally, an "act of war" is whatever Congress agrees it to be.

Such decisions are not the Executive's to make.

The "right target" is a misconception

[guanxi]

'If a country is going to fire a missile at someone, it better be sure it has the right target,' said one expert.

Not true, unfortunately. How many wars have started based on false information? Off the top of my head:

  * The Spanish-American War: Remember that the Maine sunk by accident
  * The Vietnam War: The Gulf of Tonkin
  * The Iraq War: No WMDs and no connection to Al Queda.