Can a cyber-attack really be considered an 'act of war'?
Summary: While cyber-attacks could be -- criminologically speaking -- seen an act of war, the response should not be disproportionate or militarised.
The limelight as firmly shone on the Pentagon's decision to classify severe cyber-attacks as an act of war.
Considering the recent social engineering attacks which led to compromised government Gmail accounts, the two are now seemingly connected. One has to wonder whether an attack on cloud-based government email could also be considered one-sided warfare.
Declaring an action as an 'act of war' is entirely subjective, and should be proportional to not only political belief, but public opinion also.
If every known Gmail account was hacked, copied and sent back to the originating source -- say China, for instance, as they have been accused already (and have been caught once before) -- then perhaps that breach could be considered an act of extreme espionage.
The Iranian Stuxnet worm incident, for example, could however be considered an act of war, from U.S. government involvement directly attacking an Iranian nuclear reactor.
To understand whether an act of war equates directly or equally to an act of terrorism, firstly we need to determine exactly what an act of war is. Is it 'simply enough' terrorist attack, or does it require state involvement?
Potentially, the worst case scenario is the U.S. could become embroiled in a war with a country of origin, for which it had no state collusion in the cyber-attack which brought the tanks rocking up on the shores in retaliation.
Nevertheless, while the Pentagon may consider a serious cyber-attack an 'act of war', retaliation does not necessarily have to be a direct consequence.
A short digression: 'Terrorism' as a blanket term
The September 11th terrorist attack was considered an act of war, for which the Allies led into Afghanistan and eventually Iraq, and arguably violated Pakistani sovereignty when the U.S. assassinated Osama bin Laden.Yet in the case of the Lockerbie bombing, there have been issues of state collusion. Colonel Gaddafi himself was reported, by a defected minister, to have authorised the bombing of Pan Am flight 103.
Why we haven't invaded Libya under the premise that this could have been an 'act of war', I do not know.
Oh, wait.
Terrorism is action based, not actor based. The definition of terrorism is entirely subjective, with over 100 academic definitions and another 80 or so taken into laws of various countries.
The British definition, for example, is different to that of the United States; one of many reasons why Wikileaks can be classified as a terrorist organisation in the U.S. but not necessarily in Britain.
Can a state commit an act of terrorism?
In short, yes it can. But it depends entirely on the act of terrorism itself.State terrorism is not necessarily abiding by the same realms that a conspiracy theorist may believe. Some believe that the September 11th terrorist attacks were orchestrated or at least played a part in by the U.S. government, for example.
The official account says that it did not. A series of intelligence failures led to a wide-ranging set of vulnerabilities which was ultimately exploited by terrorists. This reflexive account can be ported far and wide, from the Internet being a force for good, but equally a portal for predators to abuse.
State terrorism therefore is related directly to the action, along with the subjective perceptions that go along with it.
Objectively speaking, the London bombings could be seen as retaliatory actions against the Western movement in Afghanistan states. It falls down to, as the cliché may go, "one man's terrorist is another man's freedom fighter". It is above all else, true.
State terrorism theory dictates that a U.S. drone strike in a foreign land which kills a series of suspected militia members, but also the same number of civilians, is directly proportional to a civilian suicide bomber detonating their vest of explosives at an army checkpoint.
We, as Westerners, would deplore such "an act of terrorism". However, the remaining civilian population would equally denounce the U.S. drone strike on their population, calling that an act of terrorism in its own right.
So how do we stop cyber-attacks?
We can't, and we won't be able to stop every single attack there is. There is no single reason for why terrorists destroyed the World Trade Center in 2001. However, had that not happened, it would have happened elsewhere.Terrorists do not necessarily want to harm the ideals, values, morals and beliefs of the Western world. Nor, as the case appears to be, do terrorists want to definitively 'spread terror'. It is merely a by-product of normal people in an abnormal world.
Cyber-attacks can only be carried out if there are vulnerabilities. Westerners have a preoccupation with risk and vulnerability, and vulnerabilities can only be absolved often once an exploit has been found.
But as no system, government or state is entirely secure, along with an ever burgeoning fascination with the macabre and the 'psychology of the terrorist' by the media, no wonder we are all half terrified to death most of the time.
The greatest danger is the United States or any other country acting without hesitation, against a country which has no direct or indirect involvement with a cyber-attack. Citizens of a country which have carried out an attack may lead to finding internal intelligence failings, but does not mean that country is to blame.
Responsibility should logically be shared for both states allowing the attack to occur.
And in what form should the retaliation take? Should it be a giant denial-of-service attack by the U.S. military -- a warfare campaign without fatalities -- or a Stuxnet variant to set a nuclear programme back a decade or two?
Punishment needs to be escapable; otherwise it is disproportionate and unfair. War, on the most part, is not escapable, which is why the cyber-warfare strategy needs to be handled by computers, and computers alone, without the need for tanks, soldiers and unmanned drone strikes.
Related content:
- Counting consequences: Why Wikileaks cannot be a 'terrorist organisation'
- Should a targeted country strike back at the cyber attackers?
- Analysis: Is Wikileaks' Assange actually a terrorist?
- 10 things you should know about the Pentagon's new cyberwarfare strategy
- Special Report: Stuxnet may be the Hiroshima of our time
- How 'National Unfriend Day' can prevent terrorism
- Controversial counter-terror policy in UK education networks
- Virus attack hits Vista machines, cripples university network
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Depends on the outcome.
RE: Can a cyber-attack really be considered an 'act of war'?
It's two of the same thing. The 'terrorists' (or what we see as terrorists) could be acting politically, whereas the U.S. could react militarily.
Ever heard of Just War theory
Reacting politically? Define the difference
The problem is that you don't understand there is no difference:
If I use a missle to destroy a power grid, you call it a military action, yet if I use a computer to destroy a power grid, you call it a political action.
Whats the difference? both grids are destroyed, people and infrastructure have no power and people die.
Define why they're different, especially if the military in another country is the one that hacked into the grid network to begin with.
RE: Can a cyber-attack really be considered an 'act of war'?
You are wandering further and further into the weeds. "Act of war" is carefully defined in international law. You should know this, since you are studying criminology. See http://en.wikipedia.org/wiki/Casus_belli for more details.
relativistic ineptitude heralding inconclusive unproven dissimilitudes!!
disgusting.
:(
.
RE: Can a cyber-attack really be considered an 'act of war'?
Using a computer to destroy a power grid could be an act of terrorism, just as Wikileaks could be classified as a terrorist organisation. It's so very subjective and variable across the board, that it runs the risk of state's using it as a political weapon.
Remember, states can commit acts of terrorism and hide behind the shroud of government and 'national security'.
Just War Principals
Let's dig a little deeper into the Just War Principals
1. A just war can only be waged as a last resort. OK, we probably have no disagreements on this one.
2. A war is just only if it is waged by a legitimate authority. Now this appears to be the principal you have issue with. Manning and Assange does not speak carry any legitimate authoritity to engage in acts of war. Leaking information on the whereabouts of Osama Bin Laden could have had a disasterous consequence. Is that an act of terrorism? Perhaps. But Manning being judged by the Uniform Military Code of Justice is "Just".
3. A just war can only be fought to redress a wrong suffered. OK, another grey area for you. shutting down a water pipeline may result in death. Removing the individuals responsible for the shutdown is "Just".
4. A war can only be just if it is fought with a reasonable chance of success. Probably no major disagreement here.
You haven't told me the difference, Zac
RE: Can a cyber-attack really be considered an 'act of war'?
Not quite. In order for acts of terrorism to be effective, they have to be very public. Otherwise there is no terror in it. Your country had adequate illustration of that principle with the North Ireland problems. Would the IRA have planted bombs to kill people if nobody knew who was doing it? I don't think so!
We have seen the same with the overwhelming majority of terrorist groups. Only a few have been so clueless as to resort to anonymous terror.
Even in the case of the assassination of Litvinenko, though the Russian government officially denies involvement, the sophisticated way it was done proves high-level government involvement -- and everyone knows this.
Finally, there is nothing 'subjective' about using a computer to destroy a power grid. Unfortunately, this is not the first time your posts have shown that they do not teach the difference between 'subjective' and 'objective' very well at your university:(
RE: Can a cyber-attack really be considered an 'act of war'?
To me the word "act of war" should be objectively defined by the intentions and consequences of the action. If the intention of the action is to attack the United States and the consequences is the loss of US property or life then it is an act of war.
Political activism may have the same intention (attacking the United States) but the consequence of it is never the loss of life or property. The goal of political activism should be to start a debate to get policy changed, not to force change through violence. When it becomes the latter it is no longer political activism, it is an act of war.
RE: Can a cyber-attack really be considered an 'act of war'?
There's no definitive "this is an act of war" anymore, and hasn't been for a long time.
Depends on the attempt
RE: Can a cyber-attack really be considered an 'act of war'?
RE: Can a cyber-attack really be considered an 'act of war'?
RE: Can a cyber-attack really be considered an 'act of war'?
Your kidding right
One of Osama's claims if we converted to mulism's then he would have no reason to attack the US.
RE: Can a cyber-attack really be considered an 'act of war'?
Message has been deleted.
RE: Can a cyber-attack really be considered an 'act of war'?
I disagree. If organizations intentionally do us serious harm, then we should either make a determined, disproportionate response; or make no response at all. That is, "destroy the enemy's offensive capability", or prepare for the next attack.
Your recommendations are rational (good facts, good reasoning), but they seem inapplicable in a world where rough people equate "good & reasonable" with "weak".
USA needed to clearly state that severe cyber-attacks are acts of war. This puts all weapons on the table in full view of evil actors. Severe options are a strong deterrent, even when USA's best response will be aggressive retaliation via cyber weapons. I believe the "deterrent effect" is the sole reason for this formal announcement.