A cyberattack on the United States could result in a physical military retaliation under a revised Pentagon strategy.
The move probably won’t mean modern-day David Lightmans should expect to see tanks outside their doors, but it could mean some decisive responses: in the words of an unnamed official speaking to the Wall Street Journal, “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”
The key to the change, which follows a review of online security in a military context, is that for the first time it will be possible for the US to deem a cyberattack as an act of war — a status that allows a military response.
The report, which is currently confidential but may be published in part later on, puts up for debate the issue of which attacks should justify a response. One suggestion is that the threshold should be whether an attack causes a similar level of disruption or destruction as a traditional military offensive.
The other main issue that remains unsettled is the requirement of proof that a foreign government was involved or implicated in an attack. That could be anywhere from requiring conclusive evidence, to simply assuming that once an attack reaches a particular level of sophistication it is fair to conclude the government must have played a role.
The US military is also looking to update international agreements on rules of military engagement to cover online activity.
The decision and the timing of the announcement appears to be unconnected to the revelation that defense contractor Lockheed Martin was recently attacked by hackers seeking to exploit a flaw in the system used to allow employees to access the network from external machines. That doesn’t appear to have caused any harm, but did require a reset of all passwords and the introduction of additional security measures.