The federal government has a fundamental responsibility to provide for the nation’s defense. Until recently, the government has fulfilled that role almost exclusively through nuclear deterrence and conventional military forces. But a new type of warfare—in cyberspace—is emerging as a top threat to America.
In recent years, foreign actors have used sophisticated technologies to acquire the personal files of millions of federal employees, to gain access to the private information of multibillion-dollar U.S. businesses, and to tap into the control center of the Bowman Avenue Dam in New York, among many other known cyberattacks.
Yet Washington has no clear policy for responding to a cyberattack. If an attack against the U.S. occurs through conventional military means, the policies are clear. These guidelines must be broadened to include the cyber domain.
Current U.S. policies permit the Defense Department to respond to a cyberattack against military forces and infrastructure. But the U.S. doesn’t have a clear policy governing the Pentagon’s response to a similar attack against critical civilian infrastructure.
If an attack occurs today, would the U.S. be able to respond in a timely manner? In the cyberworld, an attack can occur in mere milliseconds, requiring an appropriate response in real time. That might not be possible if explicit policies are not in place.
During a Feb. 9 Senate Armed Services Committee hearing, I asked Lt. Gen. Vincent Stewart, director of the Defense Intelligence Agency, whether it would be helpful to have a definition of what constitutes an act of war in cyberspace. He replied that if the military had a “much fuller definition of the range of things that occur in cyber space, and then start thinking about the threshold where an attack is catastrophic enough or destructive enough that we define it as an act of war, I think that would be extremely helpful.” CONTINUE AT SITE