Doctrine to Establish Rules of Engagement Against Cyber Attacks

BALTIMORE, Oct. 20, 2011 — New doc­trine under review by the Joint Staff will lay out rules of engage­ment against an attack in cyber­space, the com­man­der of U.S. Cyber Com­mand said today.

The doc­trine, once adopt­ed, will help to define con­di­tions in which the mil­i­tary can go on the offen­sive against cyber threats and what spe­cif­ic actions it can take, Army Gen. Kei­th B. Alexan­der told reporters at an Inter­na­tion­al Sys­tems Secu­ri­ty Asso­ci­a­tion con­fer­ence here.

It will sup­port the Defense Department’s strat­e­gy for oper­at­ing in cyber­space, released in July, and Pres­i­dent Barack Obama’s inter­na­tion­al cyber­space strat­e­gy, the gen­er­al added.

Once the doc­trine is approved, Cyber Com­mand will put out guid­ance to its cyber war­riors spelling out, “Here is how we oper­ate in cyber­space,” and tai­lor its train­ing accord­ing­ly, Alexan­der said. In the mean­time, the laws of land war­fare and law of armed con­flict apply to cyber­space, he said. The chal­lenge, he explained, is how to trans­late laws that gov­ern phys­i­cal space to cyber­space � now a fifth domain of con­flict.

“That is what the Defense Depart­ment and oth­ers are work­ing right now: to come up with the stand­ing rules of engage­ment and those dif­fer­ent parts,” he said.

Among issues the Defense Depart­ment is con­sid­er­ing, Alexan­der said, is what con­sti­tutes a war in cyber­space.

The Unit­ed States also must deter­mine what rep­re­sents a rea­son­able and pro­por­tion­al response to a cyber attack, he said. The law of armed con­flict autho­rizes a rea­son­able, pro­por­tion­al defense against a phys­i­cal attack from anoth­er coun­try. Extend­ing that log­ic to cyber­space, Alexan­der said, it remains unclear if it includes author­i­ty to shut down a com­put­er net­work, even if it’s been tak­en over by a mali­cious cyber attack­er intent on destruc­tion.

If it does, also left unan­swered so far is who would have that author­i­ty: the FBI, the Nation­al Secu­ri­ty Agency, the mil­i­tary, the Inter­net ser­vice provider or anoth­er enti­ty.

“That is some­thing pol­i­cy­mak­ers are going to have to tell us: ‘Here is what you are autho­rized to do,’ ” Alexan­der said.

The way doc­trine, laws, pol­i­cy and stand­ing rules of engage­ment address these and oth­er issues will shape how the mil­i­tary trains its cyber war­riors, the gen­er­al said. Cur­rent train­ing focus­es pre­dom­i­nant­ly on ways to secure DOD net­works, Alexan­der said, but he added that he expects that train­ing to broad­en to include more “full-spec­trum” oper­a­tions against threats.

Cyber Com­mand will “train our force to the stan­dard and ensure that we do it exact­ly right,” he said.

Alexan­der empha­sized the impor­tance of that capa­bil­i­ty against a grow­ing array of ever-more-dan­ger­ous cyber threats.

“I think that nation states, non-nation state actors and hack­er groups are cre­at­ing tools that are increas­ing­ly more per­sis­tent and threat­en­ing, and we have to be ready for that,” he said. “So the secu­ri­ty frame­works we are putting in place are for­ward-look­ing, based on what we are see­ing.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)