A Defense Technology Blog
See All Posts
  • Finally, Rules For A Cyber-Fight
    Posted by David A. Fulghum 5:04 PM on Aug 12, 2011

    Offensive cyber- and electronic attack weapons exist, and even more sophisticated capabilities are being designed.

    But the analytical structure to anticipate their effects, and the command structure to approve their use, do not exist.

    For the moment, even if the U.S. knows a cyberattack has been planned and will be launched, it can’t do anything militarily to stop it.

    However, after decades of delay, the U.S. Air Force is starting to conduct legal reviews of weapons and cyber-capabilities. In the process, it is formulating what a weapon, a cyber-capability and a cyberoperation are.

    Cyber-capability requiring a legal review prior to any employment includes any device or software payload intended to disrupt, deny, degrade, negate, impair or destroy adversarial computer systems, data, activities or capabilities. However, it does not include devices or software that are intended solely to provide access to an adversary’s computer system for data exploitation. Such activity comprises the bulk of intrusions against the U.S. government, its agencies and the defense industry.

    Cyberoperations are defined as the use of capabilities in which the primary purpose is to achieve an objective in or through cyberspace including computer network operations and the operation and defense of the Global Information Grid.

    Weapons are devices designed to kill, injure, disable or temporarily incapacitate people, property or material. But they do not include launch platforms like aircraft and intercontinental ballistic missiles.

    Legal issues associated with employment are not included in the weapon or cyber-capability review. As part of a targeting analysis, those employing the weapon or cyber-capability “must ensure that their actions comply with domestic and international law, including the law of armed conflict (LOAC), according to a July 27 memo signed by the Air Force’s judge advocate general, Lt. Gen Richard Harding.

    There is a loophole in the rules.

    The fact that the “forces of another country have adopted the weapon or cyber-capability [desired by the U.S.] may be considered in determining the legality of such weapons or cyber capability,” the memo states.

    Meanwhile, the assistant Air Force secretary for acquisition will conduct legality reviews of existing weapons at the earliest possible stage in the acquisition process, including research and development.

    There is an interesting list of details that Air Force commanders and directors have to reveal when asked by investigators. These include:

    • A description of the weapon or cyber-capability.
    • Statement of intended use, types of targets and concept of operations.
    • The “reasonably anticipated effects” to include all tests, computer modeling, laboratory studies, technical analysis and assessments.

    Tags: ar99, cyber

  • Recommend
  • Report Abuse

Comments on Blog Post