Skip to main content


How 2020 Presidential Candidates Can Guard Against Cyberattacks

The 2016 presidential election witnessed unprecedented Russian cyberattacks and disinformation campaigns designed to disrupt the U.S. electoral system by influencing public opinion. The Russian goal is intended to destabilize the U.S.  through ideological activism, advancing their interest and further their political agenda. Their methods compromised computer systems of candidates and political parties using the exfiltrated data to spread disinformation and influence presidential elections.

On January 6, 2017, the U.S. Director of National Intelligence released a declassified report “Assessing Russian Activities and Intentions in Recent U.S. Elections.” According to the report, Vladimir Putin ordered a massive campaign orchestrating attacks from multiple fronts that involved spreading pro-Trump propaganda on social media to hacking the Democratic National Committee (DNC). Their methods resulted in massive data breaches within the DNC that included access to John Podesta's email f…

When Are Cyber Attacks Acts of War?

All of us know what an act of war is and what it looks like on land, in the air or at sea. Examples are on December 7, 1941, when the Japanese unleashed a devastating surprise attack on the U.S. naval bases and military installations in Hawaii/ That attack killed 2,402 Americans and wounded 1,282 more. It crippled the Pacific fleet, and President Franklin Roosevelt called it “a date which will live in infamy” asking Congress to declare war on the empire of Japan.
Sixty years later, another surprise attack killed almost 3,000 people when al-Qaeda terrorists flew two jetliners into New York’s World Trade Center twin towers on September 11, 2001. That attack killed 2,996 people and injured more than 6,000. The tally includes the deaths at the World Trade Center and surrounding buildings, the Pentagon, passengers and crew members in the four aircraft used in the attack. What also is profound are the deaths of 1,140 additional people, those who worked or lived in lower Manhattan after 9/11 in the years that followed the attack. These people died of cancer due to exposure to toxins at ground zero. It was also reported that 1,400 first responder rescue workers at the scene have since been killed in the aftermath including eleven unborn infants.
Recognizing Acts of War in Cyberspace
We now living a new paradigm of war waged with computers and many devices imaginable tied together on the Internet. Enter the mysterious world of cyberwar that demands the ability to instantly recognize a cyber attack, stand up defenses, identify its perpetrators, declare war and execute retaliation. It takes an enormous amount of time to track and pin the blame on a rogue organization or foreign government. The idea of instant enemy identification is a fantasy in Cyber. The U.S. government among other nations are ill-prepared for such a feat, in particular, the positive identification of who is the enemy. In the age of the Internet devastating attacks against critical infrastructures can be mounted against any nation by state and/or sponsored surrogates leaving the victims of the bombings guessing and possibly decapitated to mount an offensive retaliation.

To illustrate, on August 12, 2012, Shamoon the name of a cyber-espionage malware wiped data from 30,000 computers at Saudi Arabia’s state-owned oil company Aramco. The same malware affected Qatar’s RasGas, and the attackers remained unidentified though Iran was suspected of targeting energy companies in their region. It was thought that Iran was retaliating against the Stuxnet sabotage malware allegedly launched by the U.S. and Israel to cripple Iran’s pursuit of nuclear weapons by damaging some 1,000 uranium enrichment centrifuges.
Moreover, on November 24, 2014, Sony Pictures reported their network was under attack and compromised. Sensitive corporate documents were leaked such as employee salaries, social security numbers, names, addresses to the public. Forensic investigations by the FBI and Cybersecurity firm FireEye were conducted to determine the cause of the breach. The FBI later publicly implicated North Korea as the perpetrator. What is significant among all large-scale breaches that occurred in the retail industry in comparison was the destruction of knocking out computer systems throughout the Sony organization. It brought corporate email down for a week, and crippled other methods as the company were preparing to release several highly anticipated films during the crucial holiday season. The motive for launching a cyberattack was to force Sony to capitulate by showing the movie “The Interview.” This sets a dangerous precedent where others may adopt similar tactics to advance their agendas.
In June 2015, a massive breach was disclosed by the U.S. Office of Personnel Management (“OPM”). The data breach involved the greatest theft of sensitive personal data in history, reportedly affecting 21.5 million individuals. Neither the scope nor scale of the violation, its significance and the inadequate security measures have been fully aired. To the extent of the damage that was exfiltrated included personal identifiable information (PII) such as Social Security numbers, as well as names, dates, and places of birth, addresses, and fingerprints. The hack went far more profound and more damaging than initially was known. The theft of full security clearance related background information was discovered and can be used as blackmail against victims by the perpetrators. The attack originated in China and the motives unclear, but it is thought that that hacker working for the Chinese military intend to compile a database of Americans using the data obtained from the breach.
How much damage, pain and fear must we endure before our government security officials would say,
“Enough, we can’t let this go unanswered!”
The doctrine of Military Retaliation: War in Cyberspace
Currently, there is no internationally accepted definition of when hostile actions in cyberspace are recognized as attacks, let alone acts of war.
Retired Air Force General and law professor Charles Dunlap stated:
“An Act of War is a political phrase not a legal one. A cyberattack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same.”
The thinking among government officials revolves on proof that the cyber attack is the equivalent to that of a conventional attack by using force.
An excellent example of this is shutting down a network of computers damaging commerce, in essence, equivalent to a naval blockade. Another is taking down the electrical grid and other vital infrastructures. This coincides with death, destruction or extreme disruption that requires a military retaliation. Yet positive identification of the attackers remains elusive that is linked to a foreign government. The trigger for military revenge against a foreign adversary remains unclear and ambiguous to apply the laws of armed conflict to a cyber attack.

Cyber War Act of 2016

Indeed, with the pace of cyber attacks escalating against U.S. retailers, banks, political parties and the government itself, congressional legislators are taking action over when to elevate a crippling cyberattack as an act of war.
The U.S. House of Representative and in the Senate have parallel bills that would require the President define when a cyber attack elevates to a conventional armed attack. Apparently, Congress has the authority under the War Powers Act to declare war on adversaries.
Both bills do nothing to compel the U.S. Government other than a procedure call to get the ball rolling. Not having a doctrine of defined acts of war in Cyber is dangerous that law alone cannot explain. My thoughts on both bills are they will die in committee since the subject matter is full of ambiguity.
At what point do we engage in armed retaliation in a cyber attack? It’s the debate Congress and the White House need to undertake soon. In 2011 one military official defined reprisals by
“Putting a missile down one of your smokestacks”.
But what criteria would cross the line into an act of war before a missile is launched? In that year the Pentagon and White House were unanimous on asserting the equivalent of taking down the power grid would justify armed retaliation. The White House as does the Pentagon does have Cybersecurity strategies developed but not a policy nor an act of war doctrine. The problem of what constitutes an act of war in Cyber befuddles all nations across the globe.
It is a complicated dilemma for government officials to consider situations from tracking attacks to their perpetrators, calculating what to reveal about U.S. capabilities, and weighing how to respond if an attack causes significant economic damage but little or no loss of life. The Pentagon reportedly revealed offensive cyber retaliatory capabilities by disclosing the use of cyber weapons to combat the Islamic State.


Another gray area is at what point would the military defend or go on the offense against the state or non-state actors launching a cyber attack on a civilian U.S. target. One of the aftermaths of the Sony breach was an unprecedented Internet outage affecting North Korea, it went into the dark, and no one claimed responsibility.
Consider the loss of life scenario where an attacker takes out a power grid that downs an area of a city where hospitals or individuals not in hospitals depend on life support systems. How significant must a death toll be to enact a military response? Consider the frequent systemic cyber attacks on the financial industry, how many financial firms must be knocked out to sustain an act of significant consequence and when does it cross over into an act of war?
The U.S. Department of Homeland Security (DHS) is tasked to respond to such incidence domestically, but at what point would they ask for a military response? The DHS is defensive in its posture with an emphasis on domestic security and prevention rather than offensive capabilities the military complex has in place.
With hundreds of meetings, speeches, articles, and conferences on the subject, there’s still no precise definition of what an act of war is in Cyber. That ambiguity is leading to confusion about how to respond to digital assaults on governments, companies, and individuals.
The military implications are profound, these definitions are essential for deterrence, the collaboration between government and private industries, and understanding advancements in Cyberspace. As always, technology has outpaced our laws, our ability to formulate effective policies, theories and strategies.