Pentagon Concludes Cyber Attack Can Be Act of War

The Wall Street Journal reporting on un-classifed portions of a report anticipated for release next month (I can’t find a Google News account, welcome link in the comments).  I concentrate on robots, not cyber, so I leave it to others to comment, but I do recall that this report and its conclusions have been discussed a fair amount in academic circles, and as far as I know this will not surprise people following those discussions.  Though this is not my speciality, I wanted to flag it for people’s attention.

The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.

The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country’s military.

In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.

Update:  Columbia Law School’s Matthew Waxman has a new article coming out in Yale International Law Journal on this topic, Cyber Attacks and the Use of Force: Back to Article 2(4).  It explains a lot of the background to this issue as well as giving a good legal and policy analysis.  Here is the abstract:

Cyber-attacks — efforts to alter, disrupt, or destroy computer systems, networks, or the information or programs on them — pose difficult interpretive issues with respect to the U.N. Charter, including when, if ever, such activities constitute prohibited “force” or an “armed attack” justifying military force in self-defense. In exploring these issues, and by drawing on lessons from Cold War legal debates about the U.N. Charter, this Article makes two overarching arguments. First, strategy is a major driver of legal evolution. Whereas most scholarship and commentary on cyber-attacks has focused on how international law might be interpreted or amended to take account of new technologies and threats, this Article focuses on the dynamic interplay of law and strategy — strategy generates reappraisal and revision of law, while law itself shapes strategy — and the moves and countermoves among actors with varying interests, capabilities, and vulnerabilities. Second, this Article argues that it will be difficult to achieve international agreement on legal interpretation and to enforce it with respect to cyber-attacks. The current trajectory of U.S. interpretation — which emphasizes the effects of cyber-attacks in analyzing whether they cross the U.N. Charter’s legal thresholds — is a reasonable effort to overcome translation problems of a Charter built for a different era of conflict. However, certain features of cyber-activities make international legal regulation very difficult, and major actors have divergent strategic interests that will pull their preferred doctrinal interpretations and aspirations in different directions, impeding formation of a stable international consensus. The prescription is not to abandon interpretive or multilateral legal efforts to regulate cyber-attacks, but to recognize the likely limits of these efforts and to consider the implications of legal proposals or negotiations in the context of broader security strategy.