The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.
The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country’s military.
In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.
Recent attacks on the Pentagon’s own systems—as well as the sabotaging of Iran’s nuclear program via the Stuxnet computer worm—have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks.
One idea gaining momentum at the Pentagon is the notion of “equivalence.” If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a “use of force” consideration, which could merit retaliation.
