Blog Conclusion

To defend against all forms of cyber attack, the United States must have the ability to deter attacks. In most cases the first line of deterrence will be a strong defense to deny potential cyber attackers access to our systems. However, because of the inherently open nature of our systems, it will be impossible to stop all intrusions. As long as there is any risk for computer attack, we remain vulnerable. The second part of a strong deterrent policy will be the threat of retaliation or punishment. This ability to retaliate will be instrumental in establishing law and order in cyber space and will give us the ability to hold individuals, sub-state groups and states responsible for cyber attacks. Without this ability to retaliate, potential cyber attackers will continue to threaten US interests with impunity.

There are several technical and legal difficulties with identifying the perpetrator of a cyber attack. Because these attacks against our national information infrastructure and DOD networks are mainly perpetrated via computer intrusions from the Internet, it is very easy for the attacker to hide his identity through the World Wide Web. In addition, an attacker may also be able to hide his intentions by appearing to be a juvenile hacker but is actually collecting foreign intelligence or preparing for cyber warfare operations on behalf of a foreign government. Because of the difficulty in determining the type of attack without identifying the perpetrator, it is paramount to trace back the attack to the attacker.

Inherent in US law is the right to privacy, even on the Internet. The DOD is limited by US laws from obtaining information from computer systems located in the United States without proper legal authority, which can only be obtained via appropriate law enforcement agencies and US courts. Because of these legal restrictions, DOD must work closely with it‘s own investigative agencies and Department of Justice to be able to identify perpetrators and deter future attacks through the threat of punishment or military retaliation.

The spectrum of cyber conflict depicts the range of possible cyber attacks and identifies whether law enforcement or the military could pursue the attacker based on location of the attacker. It also shows the range of possible punishment or retaliation by DOD or the US government based on the perpetrator and his intentions to harm national security. The spectrum progresses from hackers with no intent to affect national security and advances to intentional actors like political activists who use hacktivism to affect changes in national policy. It then increases in threat to cyber espionage and cyber terrorism, which harms national security. Finally, it culminates with full out cyber warfare that furthers military operations (warfare) against a nation. The purpose of this spectrum is not only to depict the different types of computer attack but also to highlight the similarities between computer intrusions and reveal the need to identify not only the perpetrator but understand his intentions. This may not always be possible but in order to strengthen our deterrence of cyber attack, we must improve our ability to trace and identify attackers and retaliate through either criminal prosecution or other means of government sponsored retaliation when necessary.