The Pentagon published an outline of its cyber-warfare strategy for the first time ever on Thursday. The document reveals the conditions under which it will hack enemy nations. At least officially.
Secretary Ashton Carter, speaking at Stanford University, named China, Russia, Iran, and North Korea as the U.S.'s greatest threats in computer security.
Traditionally America's leaders have avoided publicly singling out countries, but the secretary went further than that on Thursday, outlining a hierarchy of responses.
The Pentagon feels that routine intrusions into U.S. companies should be fended off by the businesses themselves without government involvement. In the case of more sophisticated attacks on industry, the Department of Homeland Security will step in to help.
The most serious attacks, which officials confirmed making up about two per cent of assaults – should be met with a national response led by the US Cyber Command, based alongside the NSA in Maryland.
But what's a "serious attack?"
Carter defined a 'major cyberattack' as “something that threatens significant loss of life, destruction of property or lasting economic damage.” The US may retaliate in any way it seems fit - cyber attacks, covert operations or conventional military actions like airstrikes.
The latest strategy document published by the US Department of Defense has more detail in it than a similar copy released in 2011.
“As a matter of principle, the United States will seek to exhaust all network defense and law enforcement options to mitigate any potential cyber-risk to the US homeland or US interests before conducting a cyberspace operation,” the document details.
The policy paperwork details that “there may be times when the president or the secretary of defense may determine that it would be appropriate for the US military to conduct cyberoperations to disrupt an adversary’s military related networks or infrastructure so that the US military can protect US interests in an area of operations. For example, the United States military might use cyberoperations to terminate an ongoing conflict on US terms, or to disrupt an adversary’s military systems to prevent the use of force against US interests.”
It's mostly about deterrence
Basically the pentagon is carefully laying out the conditions under which it will open fire from its cyber weapons – without admitting the existence of things like Stuxnet, the super-worm used to destroy Iran's nuclear labs in 2010.
The new-found openness is engineered to act as a deterrent against those who wish to harm the US through computer hacking. It also sets rules to ensure there are no accidental wars from countries not knowing each others boundaries.
There is no Geneva Convention or similar internationale document outlining the rules of cyberwarfare.
Right now, our country is trying its hardest to deter China and its allies. "Deterrence is partially a function of perception. It works by convincing a potential adversary that it will suffer unacceptable costs if it conducts an attack on the United States," the new policy states.
Five "strategic goals" for its cyberspace missions:
Build and maintain ready forces and capabilities to conduct cyberspace operations
Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions
Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence
Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages
Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability
During his address, Carter admitted that the Pentagon had been a victim of cyber-attacks over recent months.
“The sensors that guard DoD’s unclassified networks detected Russian hackers accessing one of our networks,” he said, adding that the assault used “an old vulnerability in one of our legacy networks that hadn’t been patched.” The DoD responded by alerting a “crack team of incident responders” who had “quickly kicked them off the network.”
“While it’s worrisome they achieved some unauthorized access to our unclassified network, we quickly identified the compromise and had a team of incident responders hunting down the intruders within 24 hours,” Carter said in an official news release.