Cybersecurity: how preemptive cyberwar is entering the nation's arsenal
In addition to authorizing the use of cyberweapons, the White House is preparing an executive order to beef up cybersecurity for critical infrastructure, such as the electric grid, refineries, and telecommunications.
(Page 2 of 3)
"This legal review of cyberweapons has been far too slow, too lawyer-and-State Department-ridden," says Stewart Baker, a former assistant secretary at the Department of Homeland Security and now a partner at Steptoe & Johnson, a Washington law firm. "What we've needed is a faster process that allows us to actually come up with a strategy for actually winning a cyberconflict. But this is clearly a step in the right direction. It's clear that cyberweapons are going to be used. If so, then we need to be better at using them than our adversaries."Skip to next paragraph
Subscribe Today to the Monitor
Defending the nation from cyberattack was a priority reflected in the formal establishment of US Cyber Command in 2009. But whether cyberweapons truly fit into and complied with international legal norms and structures such as the International Law of Armed Conflict, which sets humanitarian norms during war – has been a question mark.
Debate over US cyberweapons policy for DOD was in full swing in early 2009. As in the past, when critical military policy questions were at stake, the Pentagon threw the problem over to the Defense Science Board and the Defense Policy Board to analyze and develop a cyberwar-fighting policy structure, cyberexperts told the Monitor.
"If we have the capability of using something that will disrupt, degrade, or deny an enemy at less than lethal force, we have an ethical conundrum," says Sam Liles, a professor of cyberforensics at Purdue University. "Should we use this – if cyber gives us that capability? Perhaps we're morally and ethically required to use it. On the other hand, if that weapon can be turned around and used against us, perhaps we shouldn't use it. That's what the policy discussion has been about."
Such a policy debate was made more urgent by the furor surrounding Stuxnet, the world's first publicly known cyberweapon, which was utilized by the US to sabotage Iran's nuclear fuel-refining facilities. It also accelerated debate about the wisdom of releasing such weapons, especially since they can be reverse-engineered and used against the US.
By last fall, the process had reached a series of conclusions after a lengthy internal debate. The result: DOD had a first cut, an organized structure that includes rules for engagement and a decisionmaking process for using cyberweapons, says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington.
The new cyberarms policy reflects a push by powerful military figures as well, including Gen. Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, which is a sub-unified command under the US Strategic Command. But with this step, it's likely that the US Cyber Command will be propelled to equal footing alongside other commands, Dr. Lewis says.