A US strategy for fighting cyberattacks

[Commentary] The Pentagon is developing a new cyberwarfare strategy that calls for the use of military force — including conventional weapons — in response to certain kinds of damaging online attacks on U.S. institutions. That's fine in theory; if foreign agents launch a cyberattack on, say, the nation's electrical grid, it may be both reasonable and proportionate to fire missiles at, say, the attacker's energy supplies. But as recent hacks and phishing attacks on Google's Gmail service and on defense contractor Lockheed Martin indicate, the theory may not translate well to the murky, messy reality of what's happening online.

It's no surprise that the United States would reserve the right to use force against those who threaten it through the Internet. That's standard operating procedure for governments around the world in response to any new type of attack. The Obama administration stated its position simply in the International Strategy for Cyberspace policy paper released May 17, which declared that the United States "will respond to hostile acts in cyberspace as we would to any other threat to our country." But what constitutes an act of cyberwarfare? When would a military response be appropriate? And what are the rules of engagement? These are questions that U.S. administrations and defense officials have been struggling to answer for more than a decade. Last month the White House sent Congress a broad cybersecurity proposal that would have the government designate which companies control critical infrastructure, identify the ones subject to the greatest threats and declare which risks they must guard against. It would not, however, have the government tell them how to ward off cyberattacks or take control of critical facilities in the event of a cyberwar. Instead, it would require those companies to have cybersecurity plans that passed muster with independent evaluators. It's a modest but important step in response to a glaring cybersecurity gap that Congress should move quickly to fill.