Doctrine to Establish Rules of Engagement Against Cyber Attacks

BALTIMORE, Oct. 20, 2011 — New doc­trine under review by the Joint Staff will lay out rules of engage­ment against an attack in cyber­space, the com­man­der of U.S. Cyber Com­mand said today.

The doc­trine, once adopt­ed, will help to define con­di­tions in which the mil­i­tary can go on the offen­sive against cyber threats and what spe­cif­ic actions it can take, Army Gen. Kei­th B. Alexan­der told reporters at an Inter­na­tion­al Sys­tems Secu­ri­ty Asso­ci­a­tion con­fer­ence here. 

It will sup­port the Defense Department’s strat­e­gy for oper­at­ing in cyber­space, released in July, and Pres­i­dent Barack Obama’s inter­na­tion­al cyber­space strat­e­gy, the gen­er­al added. 

Once the doc­trine is approved, Cyber Com­mand will put out guid­ance to its cyber war­riors spelling out, “Here is how we oper­ate in cyber­space,” and tai­lor its train­ing accord­ing­ly, Alexan­der said. In the mean­time, the laws of land war­fare and law of armed con­flict apply to cyber­space, he said. The chal­lenge, he explained, is how to trans­late laws that gov­ern phys­i­cal space to cyber­space � now a fifth domain of conflict. 

“That is what the Defense Depart­ment and oth­ers are work­ing right now: to come up with the stand­ing rules of engage­ment and those dif­fer­ent parts,” he said. 

Among issues the Defense Depart­ment is con­sid­er­ing, Alexan­der said, is what con­sti­tutes a war in cyberspace. 

The Unit­ed States also must deter­mine what rep­re­sents a rea­son­able and pro­por­tion­al response to a cyber attack, he said. The law of armed con­flict autho­rizes a rea­son­able, pro­por­tion­al defense against a phys­i­cal attack from anoth­er coun­try. Extend­ing that log­ic to cyber­space, Alexan­der said, it remains unclear if it includes author­i­ty to shut down a com­put­er net­work, even if it’s been tak­en over by a mali­cious cyber attack­er intent on destruction. 

If it does, also left unan­swered so far is who would have that author­i­ty: the FBI, the Nation­al Secu­ri­ty Agency, the mil­i­tary, the Inter­net ser­vice provider or anoth­er entity. 

“That is some­thing pol­i­cy­mak­ers are going to have to tell us: ‘Here is what you are autho­rized to do,’ ” Alexan­der said. 

The way doc­trine, laws, pol­i­cy and stand­ing rules of engage­ment address these and oth­er issues will shape how the mil­i­tary trains its cyber war­riors, the gen­er­al said. Cur­rent train­ing focus­es pre­dom­i­nant­ly on ways to secure DOD net­works, Alexan­der said, but he added that he expects that train­ing to broad­en to include more “full-spec­trum” oper­a­tions against threats. 

Cyber Com­mand will “train our force to the stan­dard and ensure that we do it exact­ly right,” he said. 

Alexan­der empha­sized the impor­tance of that capa­bil­i­ty against a grow­ing array of ever-more-dan­ger­ous cyber threats. 

“I think that nation states, non-nation state actors and hack­er groups are cre­at­ing tools that are increas­ing­ly more per­sis­tent and threat­en­ing, and we have to be ready for that,” he said. “So the secu­ri­ty frame­works we are putting in place are for­ward-look­ing, based on what we are seeing.” 

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefence.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →