Washington, June 4 : The Pentagon’s new strategy to view certain cyber-attacks as ‘acts of war’ avoids hard policy and fails to answer harder legal questions, according to cyber security experts.
David P. Fidler, Professor at the Maurer School of Law and fellow at the Center for Applied Cyber security Research (CACR) said the US has long taken the position that in exercising its right to use force in self-defense its hands are not tied by the means and methods chosen by its adversaries.
“That the U. S. government claims the right to use traditional military power in response to a large-scale cyber-attack that causes serious damage, destruction, or death in the United States is to be expected,” Fidler said.
“However, this position does not address problems cyber weapons create, including the threshold a cyber-attack must cross to trigger the right to use force in self-defense and the difficulties in attributing responsibility for the attack,” he added.
Scott J. Shackelford, CACR fellow, highlighted the complexity of the problem of attribution, which involves both technical and legal challenges.
“As a technical matter, you have to trace an attack back to a specific source, many experts will tell you that this effort might identify a machine involved in the attack, but that alone is insufficient to determine who really was behind the attack," he said.
“That computer could have been exploited from another location in a different country, creating barriers to applying international rules that assign legal responsibility for armed attacks,” Shackelford added.
Fidler and Shackelford agreed that the Department of Defense''''s development of a strategy for cyber conflict is needed.
"Not answering hard questions about cyberwar is, in many ways, part of the thinking," Fidler said.
"As the International Strategy on Cyberspace provides, the United States is seeking to dissuade and deter cyber-attacks against its interests, critical infrastructure, and population,” he added. (ANI)