The US would be within its legal rights to launch a pre-emptive cyber attack, a “secret legal review” has concluded according to the New York Times.
US military forces could legally launch an attack on digital infrastructure located in a foreign country if it found evidence of a threat against its own systems, the review reportedly decided.
If true, the conclusion is a major step towards establishing the “rules of engagement” for so-called cyber warfare, a topic of considerable debate in international circles.
State actors, including the US, are evidently already using information security attacks for the benefit of their national interests. There has yet to be a major diplomatic dispute over a cyber attack, but the international community is keen to establish norms of acceptable behaviour so nation states can protect their interests in ‘cyberspace’ without fear of triggering wider conflict.
In October last year, US defence secretary Leon Panetta announced that the Department of Defence was explicitly working on these rules of engagement.
“The new rules will make clear that the Department has a responsibility not only to defend DOD’s networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace,” Panetta said at the time. “These new rules will make the Department more agile and provide us with the ability to confront major threats quickly.”
In September 2011, a group of UN member states including China and Russia proposed a code of conduct for ‘cyberspace’. It included a requirement that members “cooperate in … curbing dissemination of information which incites terrorism, secessionism, extremism or undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment – in other words, censoring dissent.
The London Conference on Cyberspace in November that year was arguably an exercise in building consensus against that proposal.
In the UK, a committee of MPs last year recommended that the UK takes a more aggressive stance in cyberspace. It said that there are a number of ways in which cyber attacks could benefit UK national interests, including ‘active defence’ against potential attackers, intelligence gathering and interfering with enemy military operations.
However, an enquiry for the Defence Select Committee earlier this year heard that building cyber weapons, like the Stuxnet worm that attacked Iranian nuclear power plants, is not easy.
“If you really want to knock out the enemy’s air defence system [for example], you are going to have to design something very specifically for that purpose,” Professor Sir David Omand, a former civil servant and now security academic, told the enquiry.