DOD struggles to define cyber war

Article Index

Efforts hampered by lack of agreement on meaning as the Defense Department puts its new Cyber Command in place to defend the military information infrastructure

, it also is wrestling with the nontechnical issues of defining cyber war and establishing a doctrine for cyber warfare, a top Pentagon cyber policy adviser said.

 James Miller, DOD principal deputy undersecretary for policy, pondered how the law of armed conflict applies to cyber war. “It’s clear that it does," he said, speaking in an Ogilvy Exchange national security lecture in Washington, But the military still has to establish what an act of aggression or an act of war looks like in cyberspace and decide on the rules for responding — both digitally and physically — when the line between hacking and warfare is crossed, he said. “We have a lot of efforts underway,” Miller said. “We are trying to bring all of this together into a coherent strategy” that will begin coming out in the next few months. He said there will not be a simple one-sentence definition of what constitutes cybe rwar, but that it will be an evolving concept based on history and on likely scenarios.

“It is clear there is a lot of cyber espionage where data is being pulled," Miller said. "But we understand that not everything that happens in cyberspace is an act of war.”

 Miller reminded the audience of the usual statistics about the scope of the threat facing a net-centric DOD: 15,000 DOD networks with 7 million devices at 4,000 installations in 88 countries, all being scanned and probed millions of times a day. More than 100 foreign intelligence organizations are trying to access the systems and foreign militaries are developing the ability to attack and disrupt the systems that already are being penetrated by hackers and criminals.

 “The cyber threat has outpaced our ability to defend against it,” he said. “We still are learning” the extent of our dependency on these networks and the scope of the threats against them. “We still see significant gaps and vulnerabilities. We don’t fully understand them, but we’re learning.”

 The greatest threat to DOD systems so far has been the theft of sensitive data, he said. But the military also has to defend against disruption and degradation of the systems it is increasingly dependent on.

 To date, defensive efforts have been spread between at least a half-dozen different organizations, including the Defense Information Systems Agency; the National Security Agency; and individual service commands in the Army, Air Force and Navy.