New doctrine under review by the Joint Staff will lay out rules of engagement against an attack in cyberspace, the commander of U.S. Cyber Command said today.
The doctrine, once adopted, will help to define conditions in which the military can go on the offensive against cyber threats and what specific actions it can take, Army Gen. Keith B. Alexander told reporters at an International Systems Security Association conference here.
It will support the Defense Department’s strategy for operating in cyberspace, released in July, and President Barack Obama’s international cyberspace strategy, the general added.
Once the doctrine is approved, Cyber Command will put out guidance to its cyber warriors spelling out, “Here is how we operate in cyberspace,” and tailor its training accordingly, Alexander said. In the meantime, the laws of land warfare and law of armed conflict apply to cyberspace, he said. The challenge, he explained, is how to translate laws that govern physical space to cyberspace – now a fifth domain of conflict.
“That is what the Defense Department and others are working right now: to come up with the standing rules of engagement and those different parts,” he said.
Among issues the Defense Department is considering, Alexander said, is what constitutes a war in cyberspace.
The United States also must determine what represents a reasonable and proportional response to a cyber attack, he said. The law of armed conflict authorizes a reasonable, proportional defense against a physical attack from another country. Extending that logic to cyberspace, Alexander said, it remains unclear if it includes authority to shut down a computer network, even if it’s been taken over by a malicious cyber attacker intent on destruction.
If it does, also left unanswered so far is who would have that authority: the FBI, the National Security Agency, the military, the Internet service provider or another entity.
“That is something policymakers are going to have to tell us: ‘Here is what you are authorized to do,’” Alexander said.
The way doctrine, laws, policy and standing rules of engagement address these and other issues will shape how the military trains its cyber warriors, the general said. Current training focuses predominantly on ways to secure DOD networks, Alexander said, but he added that he expects that training to broaden to include more “full-spectrum” operations against threats.
Cyber Command will “train our force to the standard and ensure that we do it exactly right,” he said.
Alexander emphasized the importance of that capability against a growing array of ever-more-dangerous cyber threats.
“I think that nation states, non-nation state actors and hacker groups are creating tools that are increasingly more persistent and threatening, and we have to be ready for that,” he said. “So the security frameworks we are putting in place are forward-looking, based on what we are seeing.”