Pentagon has concluded that the laws of armed conflict can be widened to embrace cyberwarfare
The new strategy would adapt the existing right of self-defence contained in the UN charter by bringing cyberweapons under the definition of armed attacks. Photograph: Jim Young/Reuters
The US government is rewriting its military rule book to make cyber-attacks a possible act of war, giving commanders the option of launching retaliatory military strikes against hackers backed by hostile foreign powers.
The Pentagon has concluded that the laws of armed conflict can be widened to embrace cyberwarfare in order to allow the US to respond with the use of force against aggressive assaults on its computer and IT infrastructure.
The move, to be unveiled in a US department of defence strategy document next month, is a significant step towards the militarisation of cyberspace, with huge implications for international law.
Pentagon officials disclosed the decision to the Wall Street Journal, saying it was designed to send a warning to any hacker threatening US security by attacking its nuclear reactors, pipelines or public networks such as mass transport systems. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," an official said.
The new strategy would adapt the existing right of self-defence contained in the UN charter by bringing cyberweapons under the definition of armed attacks.
Joel Reidenberg, a professor at Fordham University in New York who teaches IT law, said the policy was an important recognition that new forms of warfare could harm Americans, "and that the US will protect its citizens in their 21st-century activities."
Sami Saydjari, a former Pentagon cyber expert who now runs a consultancy called Cyber Defense Agency, said the rule change was a logical and reasonable next step. "The US is vulnerable to sabotage in defence, power, telecommunications, banking. An attack on any one of those essential infrastructures could be as damaging as any kinetic attack on US soil."But other cyber specialists warned the new provision would be extremely hard to implement and could escalate the militarisation of the internet.
Jody Westby, co-author of the UN publication The Quest for Cyber Peace, said attacks were difficult to track and trace back to their origins, often making it impossible to determine who is behind them.
She called for more diplomatic efforts to increase co-operation between governments rather than widening military options. "Sabre-rattling like this in the cyber age could backfire on the US, as it could spark further cyber-attacks on US infrastructure that could be massively destructive for American civilians."
The Obama administration signalled its intentions two weeks ago when the White House released its vision for the future of cyberspace. "When warranted, the US will respond to hostile acts in cyberspace as we would to any other threat to our country," it said, adding that such responses included "all necessary means" including military ones.
The US is considered especially prone to cyber-attacks because millions of computers in America have been infected and because its military networks are so highly computerised.
Alan Paller, research director at the Sans Institute, which trains computer security professionals, said military and defence computers in the US had come under attack from foreign states at least since 2003, with losses including key technical data for the $300bn F35 fighter.
"The military knows its systems are under constant and increasingly sophisticated attacks," he said.
US analysts have their sights particularly on China and Russia as potential sources of state-sponsored cyberwarfare. A congressional panel has warned that China had the capability of hitting federal networks connected via the internet, such as the national electricity grid, in a way that "could paralyse the US".But tRussia was blamed in 2008 for a computer attack on the US Central Command which oversees the wars in Afghanistan and Iraq. Russia was also implicated in more localised cyber attacks on Georgia and Estonia.
The US has also been implicated in cyber sabotage. It has been suggested that Stuxnet, the computer worm unleashed last year against Iran, was the work of the Israeli government, backed by Washington. Westby pointed out that the US has not denied the claim. "It seems we're happy to launch our own cyber-attacks when it suits us. That's hardly good diplomacy."