Infrastructure protectionPentagon confirms policy of military response to cyberatacks

Published 27 November 2011

In a Pentagon report recently made public, the U.S. military confirmed that it would launch physical strikes in response to cyberattacks

In a Pentagon report recently made public, the U.S. military confirmedthat it would launch physical strikes in response to cyberattacks.

In a report sent to Congress, made public last week, the Defense Department (DoD) said that it would use the threat of military retaliation as a deterrent against cyberattacks.

When warranted, we will respond to hostile attacks in cyber-space as we would do to any other threat to our country,” the report said. 

Under the new policy, the president would have to authorize military response which would be limited to defending computer networks in “areas of hostilities” or combat zones. The DoD would also work with DHS in cyber response operations, as it is the lead agency responsible for computer networks.

The report does not indicate that cyberattacks on U.S. critical infrastructure alone would prompt a military strike.

Cameron Camp, a security researcher with ESET, said the new military cyber policy “reserves the right to defend, not just the nation, but various other related interests as well.”

Camp also noted that the policy would cover the use of proxy force so long as it can be considered as being in “our interests.”

According to the report, military strikes would only be considered when all other options have been exhausted and when the risks of inaction outweigh the risks of action. When the military does strike, cyberoperations would follow the same rules as conventional armed conflict.