Defining Cyberwarfare

October 29, 2012

Computer NukeWhat constitutes an act of war in the digital age?  TheUnited States government is currently engaged in high-level discussion and debate on this issue.  The goal is identification of basic criteria for use in defining cyberwarfare.

The definition of an act of war in the physical environment is flexible and highly dependent on specific circumstances.  Traditionally, physical actions undertaken by governments and resulting in a significant number of deaths have been viewed as acts of war.  The precise scope of the physical harm necessary to classify an action as an act of war is, however, unclear.

Some observers suggest that a definition of cyberwarfare should retain the traditional linkage between the action and substantial harm to people.  This approach would define cyberwarfare as government-sponsored computer actions that result in a substantial number of human deaths.

Others contend that retention of the connection with severe physical harm is too confining.  They note that in the digital environment malicious computer conduct can disrupt or even destroy national economies, for example.  These advocates take the position that actions which have substantial adverse impact on vital national interests should be treated as acts of war, even if they do not result directly in any deaths.

Another important issue is the challenge of handling multiple smaller malicious cyber actions.  Acts of war have traditionally involved single, readily identifiable attacks.  In the computer age, attacks are likely to involve multiple smaller incidents that have substantial cumulative effects.  At what point, if ever, should a series of incidents qualify as an act of war.

As part of its effort to define cyberwarfare, theU.S.government is also attempting to identify appropriate responses to cyber attacks.  One important aspect of this analysis is the issue of whether or not a purely cyber attack should justify a physical, traditional military response.

The U.S. government is also considering the use of pre-emptive cyber and traditional military actions.  The discussion of this topic involves debate over the circumstances under which the United States may be justified in taking aggressive computer-based or traditional military actions in advance of an anticipated cyber attack in order to deter or pre-empt the attack.

Another element of cyberwarfare is the issue of government involvement.  Acts of cyber aggression can be readily conducted by individuals or organizations that are not part of a national government.  In many instances, however, those private parties may be acting with the knowledge and support of national governments.  Are the actions of those parties acts of cyberwarfare?

As the U.S.government, and other governments around the world, attempt to define and develop policies to address cyberwarfare, great caution should be exercised.  The issues associated with cyberwarfare policies have profound legal, social, economic, and political implications.  They also have important implications for the treaty and other international obligations the United Stateshas in place with other countries.  All of these implications must be fully considered as cyberwarfare strategies and procedures are developed.