Today’s Wall Street Journal reports that the Pentagon will say that cyberattacks from foreign countries are acts of war. As someone in the business I have a few questions.
First, with botnets being widespread within the United States, how will the Pentagon determine with sufficient reliability that an attack will have been originated from outside the U.S?
How will they determine that the attack would have been originated by a foreign government? This is a difficult distinction to make. By way of example, some time ago, Cambridge researchers uncovered an attack originating from China on The Office of His Holiness the Dalai Lama in California. Was the government of China responsible? Maybe. Is it not more likely we would see asymmetric attacks?
Just because you believe a government has committed an act of war, does it mean one goes to war? In the U.S. that power is reserved. Only Congress can declare war. However, in practice, it is the president who initially engages in armed conflict.
Once at war, how would we respond? Clausewitz and Sun Tsu tell us that one only goes to war to effect a change, and with the confidence to win. Would we therefore bomb to the stone age attackers?
I would like to believe that before we make any firm statements that we have clear answers to the above questions, lest a cyber Casus Belli lead to a repeat of Viet Nam or Iraq.