Cyberwar

On Thursday, a group of American senators said that the Pentagon's latest report on cyberdefense policy, which was released last week, failed to adequately address Congressional concerns.

In a letter sent to US Secretary of Defense Leon Panetta, Senators Carl Levin, a Michigan Democrat, and John McCain, an Arizona Republican, called this incomplete policy "a significant gap in our national security that must be addressed."

They added that the Pentagon needs to further explain what would constitute an act of war in cyberspace, as well as clarify the rules of engagement for commanders in cyberspace. This is just the most recent chapter in the ongoing evolution of the nature of war in cyberspace.

Last week, US Deputy Secretary of Defense William Lynn spoke at the National Defense University in Washington.

During his address, he revealed that a cyberattack against the Pentagon in March 2011 resulted in the unauthorized access of 24,000 secret American military documents, which the US government presumes was orchestrated by a foreign government.

"The technology has surpassed our legal and political framework and we are trying to catch up," Lynn said.

A multibillion dollar industry

This push into cyberdefense policy is not new territory for the American government.

In early 2009 then US Defense Secretary Robert Gates announced in an interview that he would quadruple the number of IT professionals in uniform and said that the Pentagon planned to invest heavily in improved cyberdefense capabilities.

For IT security, the US military wants to spend $12 billion (8.4 billion euros) in 2014 – 50 percent more than in 2009.

Other countries are following suit: At the end of May, British Defense Minister Nick Harvey outlined a new program for the development of offensive cyberweapons. Similarly, China announced its offensive cyber-capability as well.

Defense contractor Lockheed Martin has already been working on cyberdefense systems to sell to the government, while Boeing has been rapidly acquiring smaller cybersecurity companies as well. In Europe, aerospace and defense group EADS wants to expand into developing digital weapons for EU governments.

So far, the gold standard of offensive cyberweapons has been the Stuxnet worm, which was believed to have been developed covertly by the American and Israeli military. The highly sophisticated computer virus was designed to sabotage Iran's uranium enrichment plant at Natanz.

"If Stuxnet infected something, it means a revolution in terms of what we need to think about in terms of risk - because everything around us is controlled by such systems," said Mikko Hypponen, a computer security analyst at F-Secure in Helsinki.

"We have vulnerable infrastructure," he told Deutsche Welle. "Go to any factory, any plant, a chemical plant or a plant in the food industry. Take a look around - everything is controlled by computers. "

Legal basis of cyberwar

Just as many companies and militaries are pushing the technological limits of cyberspace, so too are attorneys exploring the frontier of legal cyberwar theory.

A group of 15 legal experts from a dozen countries is currently working on a "Handbook of International Law for use in Cyberwar."

However, one of the major problems with cyberconflict, experts say, is that it's often impossible to know with complete certainty where an attack originated from, or what the equivalent and proportional response should be.

"Whenever the level of an armed attack is reached - for example, the equivalent of an invasion with tanks or a naval blockade - international law allows the country immediately to respond unilaterally and militarily to stop this threat," said Thomas Wingfield, a law professor at the George C. Marshall European Center for Security Studies in southern Germany.

Author: Matthias von Hein / cjf
Editor: Sam Edmonds