Cyber Attacks & Warfare - Rules of Engagement


The rapid advancement of cyber attacks and the emergence of cyber warfare have caught government and military leaders around the world off guard. Decision making in time requiring defensive measures or military crisis is guided by doctrine and rules of engagement, but in the case of cyber attacks and cyber warfare they do not currently exist. The complexities and unique characteristics of cyber warfare mandate establishing Cyber Attack and Warfare Rules of Engagement (CAWRoE).

Cyber warfare is different than the conventional war in many ways. It is this difference that will challenge the minds of experts around the world when they attempt to create cyber warfare doctrine and ROE. To frame this discussion, below you will find two definitions that put this challenge in context.

Definition - Cyber Warfare & Terrorism - “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” Source: This definition was published in the U.S. Army Cyber Operations and Cyber Terrorism Handbook 1.02. This definition was written by Kevin Coleman back in 2004 for an online article.

Definition - Rules of Engagement - Rules of engagement date at least to the Middle Ages in Europe. In military terms this refers to a directive issued by a military authority controlling the use and degree of force, esp. specifying circumstances and limitations for engaging in combat. The directive delineates the limitations and circumstances under which forces will initiate and prosecute combat engagement with other forces encountered. Source: This definition is based on multiple authorities’ sources and combined to clearly articulate ROE.

NOTE- After months of research, we will soon publish a paper that addresses the question: “What constitutes an act of cyber war?”

History has shown that ROE are often over controlled and regulated by politicians and military leaders. It is anticipated that this will also be the case as it relates to cyber attacks and warfare. In addition, commanders and government leaders at all levels must understand the situation, complexities and uncertainty they face.

The increase in complexity, technical aspects and difficulty in tracing the cyber attacks back to the aggressor will combine to increase the difficulty of creating the ROE for cyber. Careful crafting of cyber ROE is required to diminish ambiguities that could caused delays in actions when the use of force is required and will surely lead to increased implication on the United States.

Cyber attack and warfare rules of engagement will undoubtedly require hundreds of pages to establish a decision framework. That being said, there are a few critical areas that will pose the most significant challenge to policy makers. One of these areas will be the level of confidence in the identification of the entity behind an attack on a nation. Tracing and tracking cyber attacks back to those responsible is not an easy task. Usually this takes months or years not minutes and hours. Current intelligence and surveillance capabilities will provide only minimal assistance in this effort. Although promising research on tracking and tracing cyber attacks is currently underway and advances are occurring on a regular basis, we are far from being able to rapidly identify the party or parties behind the attack with the high degree of confidence and hard evidence necessary to launch an offensive cyber response. At the present time, the newness of cyber attacks and weapons coupled with their potential, but unproven power and the uncertainty about how they might be used, have pushed the decision around the response to cyber attacks all the way to the top and in the hands of the President of the United States.

Over 140 countries around the world have cyber weapons development efforts underway but lack a comprehensive doctrine and legal framework for responding to cyber attacks as well as using offensive cyber weapons against attackers and adversaries. President-elect Barack Obama’s national security team will have to rapidly establish the rules of engagement as they relate to cyber attacks and all out cyber warfare. His national security team is said to include: Sarah Sewall, Tom Donilon, Wendy R. Sherman, Michle A. Flournoy, John P. White, Robert R. Beers, Clark Kent Ervin, Gayle E. Smith, Aaron Williams, John O. Brennan and Judith A. (“Jami”) Miscik.

The United States Military has an expansive arsenal of sophisticated cyber weapons at its disposal, policy makers have yet to define the rules of engagement that govern when and how to use them. In a briefing earlier this year I said: “This is totally uncharted territory for policy makers. The characteristics of cyber attacks coupled with the operational aspects of cyber weapons make this a unique challenge.”

This remains the case and time is growing short before the next significant cyber attack is launched. Cyber warfare requires new rules of engagement.

— Kevin Coleman

  • Dennis

    It seems we are already under attack by certain parties.
    No matter what the rules are, we need to go on the offensive.
    And when the Chineese say their systems are being attacked by computers from the US, we will just shrug like they do and say we cannot control every computer in the country…..

  • pleuris

    Yes it’s time to be proactive on this subject. But as you describe in your article. How can you engage your enemy if you don’t kow who your enemy is? And next question is, how can you make ROE if you don’t know who your enemy is. A criminal organisation asks for different rules then a state. My believe is is that you cannot react on this as with Cuntry Vs Country acts of war. Even when verything points in that direction, just because there’s never going to be solid evidence that justifies any big (internet)offensive. The only way I think you can get back at them is not with a big stick but with the same weapon. It’s all about plausible denialbillity.
    But then where does it stop?

  • Ptsfp

    Because of the difficulty of finding out the source of cyber attacks, I believe that automated systems, like Einstein, are needed to combat this threat.
    The future evolution of this technology should include accurate source detection and fully automated responses. This could be anything from cyber attacks to UAV strikes.
    And we could call it Skynet…. Err… wait a minute.. :)

  • J House

    Based on Coleman’s definition, it would include kenetic attacks against the physical infrastructure (locs,nodes, etc…) to prevent electrons from moving about…those are certainly ‘disruptive activities’, even against POTS.
    That would mean we would have been engaged in ‘cyber warfare’ since the telegraph was invented.
    So, it seems like a better definition is in order.

  • Kevin

    The issue is not with the definitions. It is rather we have not defined what constitutes and acto fo cyber war. We do not have uniform laws about that constitutes a cyber crime as well. That is what is missing and need to be defined in the ROE.

  • Colins

    I am Pte Collins .I want 2 know how I can get Army kits from ur products, pls can u send me a mail to this email as reply pls.