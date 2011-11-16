* U.S. will respond to hostile attacks 'when warranted'
* Cyberspace action would follow established legal policy
By David Alexander
WASHINGTON, Nov 15 The United States reserves
the right to retaliate with military force against a
cyberattack and is working to sharpen its ability to track down
the source of any attack, the Pentagon said in a report made
public on Tuesday.
The 12-page report to Congress, which was mandated by the
2011 Defense Authorization Act, was one of the clearest
statements to date of U.S. cybersecurity policy and the role of
the military in the event of an attack on U.S. assets through
cyberspace.
"When warranted, we will respond to hostile attacks in
cyberspace as we would to any other threat to our country," the
report said. "We reserve the right to use all necessary means -
diplomatic, informational, military and economic - to defend
our nation, our allies, our partners and our interests."
Cyberspace is a particularly challenging domain for the
Pentagon. Defense Department employees operate more than 15,000
computer networks with 7 million computers at hundreds of
locations around the world. Their networks are probed millions
of times a day and penetrations have caused the loss of
thousands of files.
The report said the Defense Department was attempting to
deter aggression in cyberspace by developing effective defenses
that prevent adversaries from achieving their objectives and by
finding ways to make attackers pay a price for their actions.
"Should the 'deny objectives' element of deterrence not
prove adequate," the report said, "DoD (Department of Defense)
maintains, and is further developing, the ability to respond
militarily in cyberspace and in other domains."
FINDING THE ATTACKERS
Key to a military response is being able to quickly
identify the source of an attack, particularly challenging due
to the anonymous nature of the Internet, the report said.
In an effort to crack that problem, the Pentagon is
supporting research focusing on tracing the physical source of
an attack and using behavior-based algorithms to assess the
likely identity of an attacker, the report said.
U.S. security agencies also are developing a cadre of
highly skilled cyber forensics experts and are working with
international partners to share information in a timely manner
about cyber threats, including malicious code and the people
behind it, it said.
Attacks on U.S. computer networks have become relentless in
recent years and have cost defense industries an estimated $1
trillion in lost intellectual property, competitiveness and
damage. One defense company lost some 24,000 files in an
intrusion in March.
Before moving to offensive action, the United States would
exhaust all other options, weigh the risk of action against the
cost of inaction and "act in a way that reflects our values and
strengthens our legitimacy, seeking broad international support
wherever possible," the report said.
"If directed by the president, DoD will conduct offensive
cyber operations in a manner consistent with the policy
principles and legal regimes that the department follows for
kinetic capabilities, including the law of armed conflict," the
report said.
The report followed the release in mid-July of the
Pentagon's cybersecurity policy, which designated cyberspace as
an "operational domain" like land, sea and air where U.S.
forces would be trained to conduct offensive and defensive
operations.
