Source: Chris Bronk, The New York Times
“There’s no cyberwar without a real war,” argues cryptographer Bruce Schneier. Yet some sort of cyberconflict with China is afoot. After the U.S. Air Force asked, I considered what a cyberwar, with some real shooting, might look like between the United States and China. In it, I thought cyber-arms would blind, cripple and confuse, but missiles, bombs and torpedoes would do the killing. That will likely change.
News of cyber-attack is omnipresent. But in answering the question of what makes a cyber-attack an act of war, remember that in computer science such attacks are no more than attempts to subvert the function of a system. Compromising a system to steal data, rob property or blow up an oil refinery are all attacks, but only the last of them would likely be considered an act of war or terrorism. We have a lexical problem.
As for rules of engagement, that’s for lawyers interpreting the laws of armed conflict to consider. I see no clear universal redlines. As long as they work, countries and plenty of others will launch cyber-attacks that blur the differentiation between power of persuasion and hard coercive force in combinations of diplomacy, trade, covert action and military intervention. A friend suggested a term for placement of cyber-action across the spectrum of international affairs: shoft (mostly soft, but with some hard elements). Most soft U.S. cyberpower is in Silicon Valley. But there is a growing area of cyber-action with physical ramifications in other places — see Stuxnet and Shamoon.
For the full article, see here.