DoD Cyber Strategy Defines How Officials Discern Cyber Incidents from
Armed Attacks By Cheryl Pellerin DoD News
DoD Cyber Strategy Defines
How Officials Discern Cyber Incidents from Armed Attacks
By Cheryl Pellerin, DoD News,
Defense Media Activity.
Washington D.C. — (DOD
News) — July 15, 2016 — When assessing whether a cyber incident constitutes
an armed attack on the nation, Defense Department leaders take the incidents
case by case and consider a range of factors, the deputy assistant secretary of
defense for cyber policy told a House panel this week.
Aaron Hughes testified during a July 13 hearing titled,
“Digital Acts of War” before the subcommittees on information technology and
national security of the House Committee on Oversight and Reform.
Uniformed and civilian cyber and military intelligence specialists monitor Army
Other witnesses included Chris Painter, coordinator for cyber issues at the
Case by Case
“When determining whether a cyber incident constitutes an
armed attack, the U.S. government considers a broad range of factors, including
the nature and extent of injury or death to persons and the destruction of or
damage to property,” Hughes said.
“Cyber incidents are reviewed on a case-by-case basis,” he
added, “… and the national security leadership and the president will make a
determination if it's an armed attack.”
If a cyber incident were found to be equivalent to an armed
attack, Hughes said the nation would use a whole-of-government approach to
responding and deterring future malicious activities in cyberspace.
“The United States has been clear,” Painter said, “that it
believes that cyber activities may in certain circumstances constitute an armed
attack that triggers our inherent right to self-defense as recognized by Article
51 of the U.N. Charter.”
But even if the cyber incident is below that threshold, he
added, “we still have a number of ways to respond. It could be kinetic. It could
be through cyber means. It could be through economic means and sanctions. It
could be through diplomacy. It could be through indictments and law enforcement
Defense, Offense, Deterrence
Since the updated DoD Cyber Strategy was signed in April
2015, Hughes said, “the department has devoted considerable resources to
implementing its goals and objectives.”
When Defense Secretary Ash Carter signed the strategy, Hughes
added, he directed the department to focus on three primary missions in
cyberspace -- defending DoD networks, defending the nation against consequential
cyberattacks and providing integrated cyber capabilities to support military
operations and contingency plans.
DoD also supports a whole-of-government cyber deterrence
strategy, he said, and deterrence is a key part of the cyber strategy.
The strategy describes DoD contributions to a broader
national set of capabilities to deter adversaries from conducting cyberattacks.
The document also says the department assumes that
cyberattacks on U.S. interests will be achieved through “the totality of U.S.
actions, including declaratory policy, substantial indications and warning
capabilities, defensive posture, effective response procedures, and the overall
resiliency of U.S. networks and systems.”
States have not sought to define precisely or state
conclusively what situations would constitute armed attacks in other domains,”
Painter said, “and there is no reason cyberspace should be different.”
“In fact, he added, “strategic ambiguity could very well
deter most states from getting close to the threshold of an armed attack.”
Working with Partners
The United States and the department face diverse and
persistent threats in cyberspace from state and non-state actors that can’t be
defeated through the efforts of any single organization, Hughes told the panel.
The DoD Cyber Strategy directs that the department work with
its interagency partners, the private sector and allied and partner nations to
deter and if necessary defeat cyberattacks of significant consequence on the
U.S. homeland and U.S. interests.
Painter said that, unlike in previous years, today there is a
very strong interagency process in place to share cyber information.
“All of the different interagency colleagues do talk about
these threats, talk about possible responses, and in the end it's up to the
national security staff and the president,” he said.
An increasingly wired and interconnected world has brought
prosperity and economic gain to the United States while the nation’s dependence
on these systems has left it vulnerable to evolving threats posed by malicious
cyber activity, Hughes said.
DoD maintains and uses robust and unique cyber capabilities
to defend its networks and the nation, but that isn’t enough, he added.
“Securing our systems and networks is everyone's
responsibility and requires close collaboration with other federal departments,
our allies and partners internationally and the private sector to improve our
nation's cybersecurity posture, and to ensure that DoD has the ability to
operate in any environment at any time,” Hughes said.
(Follow Cheryl Pellerin on Twitter: @PellerinDoDNews)