Does the US really think to leverage preemptive cyber attacks as a deterrent?
By Pierluigi Paganini, Editor-in-Chief
There are a great number of activities in cyber space, whereby governments are secretly conducting a huge quantity of cyber operations,and every day we read about malicious code used to steal sensible information or about cyber attacks that targeted critical infrastructures. The principal questions raised by so fervent activities are the rules of engagement and proportionality of the defense, which is the operative limit of countries that discover an attack against its networks? Is it thinkable to assume the introduction of machines in the decision-making process of defense?
Recently many cases have highlighted an intense cyber espionage activity against US Governments and private industries having the principal intent to steal sensible information, the principal suspect is of course the China due the characteristic techniques adopted by the hackers. Obviously this is just the tip of the iceberg and same US are also very active in the cyberspace, but recently the Obama administration’s finding that the president has the power to order a preemptive cyber attacks to discourage those who violate the networks of the country, in particular to Chinese government which remains unresponsive to U.S. efforts to mitigate the cyber offensives originated from the country.
Last Sunday The New York Times published and interesting article on the possibility that President Obama could order a strike to respond to imminent cyber threats against national critical infrastructures.
The measure is limited to Homeland security menaced by threats that affect assets critical for the country and does not cover attacks on private industry like cyber espionage.
“New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.”
The alert level is increased after the recent attacks to media agencies, continuous intrusions appear originated from countries and security experts are convinced that they are state-sponsored operations due the means and methods adopted.
The discussion on a possible preemptive attacks is in my opinion a provocation, it’s clear that that both US and China are pursuing their cyber strategies and are respectively conscious of the cyber capabilities of their adversaries, the declarations are a public admission of failure of diplomatic efforts spent by the governments, nothing more.
It’s clear that US could increase pressure on China requiring for example major purchases of Chinese goods go through national security reviews, according to the Council on Foreign Relations (CFR), but is very different from the organization of a cyber attacks for demonstrative purpose.
Is Obama’s administration really willing to give up so prolific commercial relationship?
“Adam Segal wrote in a blog post that China has responded by saying through thePeople’s Daily that the administration’s position could trigger a worldwide arms race.”
The U.S. threat of a pre-emptive strike difficultly will discourage foreign governments, contrary it could increase risk overall, many other governments could be interested to induce to think that the attacks come from China or from other hostile nations, in these case the preemptively attack could be addressed against the wrong targets due the difficulty to localize the real identity of the attackers.
We must also consider that governments will continue to operate secretly in cyber space also on the offensive front, that statements of a pre-emptive attack are only a warning to the world that is intended to alert on the cyber capabilities of the country.
Why take the paternity of a pre-emptive strike when nations attack today in absolute silence?
Cyber weaponry is the most complex arms race under way, US government has promoted the born of a new Cyber Command, and many other governments are spending similar effort, declaration of preemptive cyber attack are useless but while a lot of words are spent on what constitutes reasonable and proportionate use of cyber force, cyber arms all over the world are sharpening their weapons.
A cyber war is much more subtle and dangerous than preemptive cyber attack!
(Sources: CDM, CFR and US DoD)