As the UK begins working on offensive cyber technologies, the US will consider making state-led computer sabotage an “act of war” that may warrant a physical response, according to reports.
The Pentagon’s new definition is expected to be revealed in a strategy paper this month, which finds that the Laws of Armed Conflict also apply to online attacks, according to the Wall Street Journal.
The definition will open the door for the US to respond to a cyber attack with military force, and will prompt debate over what a physical response would look like.
One of the paper’s purposes is to provide a structure to potential military responses to cyber attacks, since it is not covered by the Geneva Convention and lacks agreement among allied nations.
The notion of “equivalence” has gained popularity in the Pentagon, according to the report, where the severity of a response would be guided by whether the impact of a cyberattack was comparable to a traditional attack.
For example, how would the US respond to an attack on its commerce systems that was comparable, in effect, to a naval blockade.
While equivalence could help define an appropriate response to that attack, officials from the US and UK acknowledge that identifying the source of an attack remains a problem.
The leading example of a suspected state-led cyber-offensive technology was the Stuxnet virus, which Iranian officials accused Israel of deploying with US assistance.
Britain's cyber capabilities
The UK for the first time this week admitted to developing offensive cyber capabilities under a program led by the Cabinet Office and the Cyber Security Operations Centre of the UK’s signals intelligence unit, the Government Communications Headquarters.
Outlining the plans, Nick Harvey, the UK’s armed forces minister, referred to the idea of “proportionality” under any response, but insisted "cyber" would form an integral part of its weaponry.
"Cyber will be part of a continuum of tools with which to achieve military effect, both defensive and otherwise, and will be an integral part of our armoury, ” he declared in an opinion piece in The Guardian.
“Top of the list of the UK principles on activity in cyber space is the need for governments to act proportionately and in accordance with national and international law,” he continued, but admitted the problem of identifying the source of an attack.
“Establishing who is behind any attack and its purpose is difficult, particularly where aggressive state-sponsored activity is undertaken through proxies,” he said.
“There are no geographic barriers in cyberspace. An attack could originate from anywhere.”