Even casual news readers have probably noticed the increased frequency of large-scale hacking against prominent targets lately.  Just this past month, the list of cyber-victims has grown formidable: Sony (almost daily), Citigroup, Google, Lockheed Martin, the U.S. Senate, the CIA…and the list goes on.  This is a striking collection of high-profile companies and government agencies, and the pattern that has emerged calls into question whether this is the work of pranksters and loosely affiliated criminals, or something far more serious and menacing.  On the June 15 editorial page of the Wall Street Journal, Richard Clarke, a former high-ranking national security and counter-terrorism official for three U.S. presidents, warned that we are in the midst of an internet conflict with China.  He claims that the U.S. is the target of systematic attacks designed to expose national vulnerabilities and steal private sector knowledge, yet there has been no coordinated national response, let alone public acknowledgement of this state of affairs by the Obama administration.  If these allegations are true, then cyber-security in the U.S. has reached a state of crisis.

China has openly acknowledged that it is engaged in an internet “arms race” in order to counterbalance perceived military threats and cyber-hostility from the U.S.  But these recent hacks against major U.S. companies and government agencies seem to indicate that we may have already reached an open state of conflict.  Perhaps China has a point: many intelligence and cyber-security experts believe that last year’s “Stuxnet” computer worm, which crippled Iran’s Natanz nuclear facilities, was far too sophisticated to be anything less than the work of a coordinated government effort, most likely American or Israeli in origin.  China could be signaling that there would be severe consequences for a similar attack against its national infrastructure.  But if China’s response is to openly target the likes of Google and Lockheed Martin, then it is playing with fire.

A recent report details the Pentagon’s understanding of the threat of cyber-attacks against critical infrastructure and institutional targets.  Top military officials believe that cyber-attacks and hacks with the capability to bring down the electrical grid or to paralyze financial markets are acts of aggression that could merit the use of military force in retaliation.  This represents a paradigm shift in the law of international armed conflict, one that requires careful thinking and a new understanding of what constitutes an “attack” from another country.  Do the traditional laws of international war also apply to cyber-war?  How can we be sure that a cyber-attack originated from a particular country, and could hacking pranksters fake the origin?  Does a cyber-attack merit a response with conventional military force?  The Obama administration has called for a new national cyber-security strategy, and clearly the time for this has come.  In the worst case, an escalation of the current wave of cyber-attacks could result in the world’s next war.  At the very least, the U.S. has an obligation to protect its private and government sectors from international aggression.

— Benjamin McKelvey

Benjamin is a guest writer for the JETLaw Blog.  He is a member of the Class of 2012 at Vanderbilt Law School and is on the Senior Editorial Board of the Vanderbilt Journal of Transnational Law.  If you are interested in submitting a guest post to the JETLaw Blog, please email jetl@vanderbilt.edu.

Image Source

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *