Doctrine to Establish Rules of Engagement Against Cyber Attacks
Doctrine to Establish Rules
of Engagement Against Cyber Attacks
By Donna Miles,
American Forces Press Service.
Baltimore, Maryland -- (AFPS)
-- October 20, 2011 – New doctrine under review by the Joint Staff will lay out
rules of engagement against an attack in cyberspace, the commander of U.S. Cyber
Command said today.
The doctrine, once adopted, will help to define conditions in which the military
can go on the offensive against cyber threats and what specific actions it can
take, Army Gen. Keith B. Alexander told reporters at an International Systems
Security Association conference here.
It will support the Defense Department’s strategy for operating in cyberspace,
released in July, and President Barack Obama’s international cyberspace strategy,
the general added.
Once the doctrine is approved, Cyber Command will put out guidance to its cyber
warriors spelling out, “Here is how we operate in cyberspace,” and tailor its
training accordingly, Alexander said. In the meantime, the laws of land warfare
and law of armed conflict apply to cyberspace, he said. The challenge, he
explained, is how to translate laws that govern physical space to cyberspace –
now a fifth domain of conflict.
“That is what the Defense Department and others are working right now: to come
up with the standing rules of engagement and those different parts,” he said.
Among issues the Defense Department is considering, Alexander said, is what
constitutes a war in cyberspace.
The United States also must determine what represents a reasonable and
proportional response to a cyber attack, he said. The law of armed conflict
authorizes a reasonable, proportional defense against a physical attack from
another country. Extending that logic to cyberspace, Alexander said, it remains
unclear if it includes authority to shut down a computer network, even if it’s
been taken over by a malicious cyber attacker intent on destruction.
If it does, also left unanswered so far is who would have that authority: the
FBI, the National Security Agency, the military, the Internet service provider
or another entity.
“That is something policymakers are going to have to tell us: ‘Here is what you
are authorized to do,’” Alexander said.
The way doctrine, laws, policy and standing rules of engagement address these
and other issues will shape how the military trains its cyber warriors, the
general said. Current training focuses predominantly on ways to secure DOD
networks, Alexander said, but he added that he expects that training to broaden
to include more “full-spectrum” operations against threats.
Cyber Command will “train our force to the standard and ensure that we do it
exactly right,” he said.
Alexander emphasized the importance of that capability against a growing array
of ever-more-dangerous cyber threats.
“I think that nation states, non-nation state actors and hacker groups are
creating tools that are increasingly more persistent and threatening, and we
have to be ready for that,” he said. “So the security frameworks we are putting
in place are forward-looking, based on what we are seeing.”
Army Gen. Keith B. Alexander
Special Report: Cyber Security
Special Report: Cybersecurity
See also :
The Pentagon's Cyberstrategy One Year Later : defending Against Next Cyberattack
by William J.
Lynn III, U.S. Deputy Secretary of Defense, in Foreign Affairs,
September 28. 2011. More destructive cyberweapons are being created every day,
and an increasingly sophisticated technology black market virtually guarantees
that they will eventually land in the hands of the United States' enemies.
Robust defenses are no longer a luxury, they are a necessity.
Defending a New Domain : The Pentagon's Cyberstrategy, by
Lynn III, U.S. Deputy Secretary of Defense, and Nicholas Thompson, in
Foreign Affairs, September 28. 2011. Deputy Secretary of Defense William
Lynn discusses the various new strategies used by the Pentagon to identify
information technology threats, combat cyber warfare, and protect U.S.