Home / Blogs

Military Asserts Rights to Return Cyber Attacks

Terry Zink

The Washington Post had a good article up yesterday capturing comments issued by the United States military that it has the right to return fire when it comes to cyber attacks:

WASHINGTON — The U.S. should counter computer-based attacks swiftly and strongly and act to thwart or disable a threat even when the attacker's identity is unknown, the director of the National Security Agency told Congress. Lt. Gen. Keith Alexander, who is the Obama administration's nominee to take on additional duties as head of the new Cyber Command, also said the U.S. should not be deterred from taking action against countries such as Iran and North Korea just because they might launch cyber attacks.


It's unclear, Alexander added, whether or not those actions have deterred criminals, terrorists or nations. In cyberspace, he said, it is difficult to deliver an effective response if the attacker's identity is not known.

Senators noted, in their questions, that police officers don't have to know the identity of a shooter in order to shoot back. In cyberspace, the U.S. may be able to counter a threat, rebuff an electronic probe or disable a malicious network without knowing who is behind the attack.

This is an interesting point of view, and it extends from the United States's policy that if it is attacked using conventional weapons, it reserves the right to counter respond in kind. This has been a long accept precept governing US foreign military policy for generations. Yet cyber attacks are different for a couple of reasons:

  1. In cyber attacks, it is not physical infrastructure that is being attacked, and civilians lives are not directly threatened. It's a cat-and-mouse game and the response to a cyber attack is hard to respond to in like kind. In other words, how do you know how much damage that you want to do?
  2. The bolded part above, the second part, is convoluted. It is true that a police officer doesn't have to know the identity of a shooter in order to shoot back. However, a police officer certainly knows who is shooting at him (or her) because they can see the direction from which the bullets are coming towards them. In other words, there is a line of sight. They don't know the name of the shooter but they can definitely see them shooting.

    In cyberspace, you may not even know who is attacking you. You might see the attacker but it doesn't mean that the one doing the attacking is the one behind the attack. For example, in a DOS attack, networks of compromised computers would be attacking your infrastructure but the one behind the attack is not directly connecting to your network. Who do you counter attack? Do you do it in real time? There's no point attacking the zombie computers because they don't even know that they're doing it. The analogous to law enforcement is a thriller/horror movie — some bad guy is able to take control of unsuspecting citizens and get them to commit crimes. The police would know the shooter but they'd be returning fire at the "wrong" person.

Continuing onwards in the article:

Alexander echoed other experts who warn that the U.S. is unprepared for a cyber attack. He said the first priority is to make sure the nation can defend its networks, which are now a "strategic vulnerability."

Alexander said the biggest challenge facing the development of Cyber Command will be improving the defense of military networks, which will require better real-time knowledge of intrusions.

This is a more realistic view, in my opinion. Probably the best step is knowing where your vulnerabilities are and trying to defend them. As some famous coach said, "Offense brings fans, but defense wins championships." In other words, you can go on the offensive but weakness in your own systems can severely degrade and impair your ability launch an attack. If your internal systems are going haywire you can be totally disarmed and unable to launch a counterstrike.

Of course, once you do have your defensive ability up to snuff, or good enough, you will need a good offensive counterpunch. In boxing, if all you are doing is defending, eventually your attacker will wear you out as you absorb blow after blow (the exception being Homer Simpson where his opponents would hit him and tire themselves out and all he would have to do is push them over without throwing a single punch… the exception to that being Drederick Tatum). The rules of engagement for offensive counter strikes are more tricky. Does the US, after identifying a non-state actor attacking it, go after the actor themselves? Or do they pressure the government where the non-state actor is located to handle them? Or do they launch an attack on the government if they consider their enforcement lackadaisical? Or perhaps even intentionally sheltering cyber attackers?

I suppose that for this, the standard military rules of engagement apply.

By Terry Zink, Program Manager. More blog posts from Terry Zink can also be read here.

Related topics: Cyberattack, Cybersecurity, Networks


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


Hi Terry - yes, drawing analogies to shootouts with armed perps may be a bit far out Suresh Ramasubramanian  –  Apr 17, 2010 6:24 AM PDT

But when you have viruses being fully capable of taking down critical infrastructure installations that are connected to the computer network, undermining your financial system, taking out communications etc etc .. well, taking out a C&C;host or a few domains might actually make sense if you're able to do it.

Doesnt mean say - "if country X takes out our banks we'll take out theirs", a lot more nuanced.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

DNS Security

Sponsored by Afilias

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC


Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Mobile Web Intelligence Report: Bots and Crawlers May Represent up to 50% of Web Traffic