Subscribe via RSS
Archives by Date
June 2009
May 2009
April 2009

See all Archives
Archives by Category
'Canes
Afghan Update
Ammo and Munitions
Armor
Around the Globe
Av Week Extra
Axe in Iraq (and Elsewhere)
Bizarro
Blimps
Blog Bidness
Body Armor Blues
Bomb Squad
Brownshoes in Action
Bubbleheads, etc.
Cammo Green
Catch the "Buzz"
Chem-Bio
Civilian Apps
Cloak and Dagger
Commandos
Comms
Contingency Ops
Cops and Robbers
Cyber-warfare
Data Diving
Defense Tech Poll
Defense Tech Radio
Dissent Tech
Door Kickers
Drones
DT Administrivia
Eat DT's Dust
Extra! Extra!
Eye on China
Fast Movers
FCS Watch
Fire for Effect
FOS Files
Friday Funnies
Gadgets and Gear
Going Green
Grand Ole Osprey
Ground Vehicles
Guns
Homeland Security
In the Weeds with Eric
Info War
Iraq Diary
Jarhead Jazz
JSF Watch
Just War Theories
Lasers and Ray Guns
Less-lethal
Logistics
Los Alamos and Labs
M4 Monopoly
Medic!
Mercs
Missiles
Money Money Money
Most Wanted
MRAP Edge
Net-Centric
Nukes
Old Skool
Our Shrinking Planet
Planes, Copters, Blimps
Podcast
Politricks
Polmar's Perspective
Popular Mechanics
Rapid Fire
Raptor Watch
Red Team
Retro-Futuro
Robots
Roll Your Own
Sabra Tech
Ships and Subs
Snipertech
Soldier Systems
Space
Special Ops
Star Wars
Strategery
Stray Trons
Tactical Development
Terror Tech
The Deadlies
The Defense Biz
The Peoples' Site
The Sunday Paper
The Tanker Tango
The View from Av Week
Those Nutty Norks
Training and Sims
Trimble on the Case
Video Lounge
War Update
Ward'z Wonderz
You can run...

See all Archives
Newsletters

Edited by Christian Lowe | Contact

Cyber Attacks & Warfare - Rules of Engagement

cyber-fusion-center.jpg

The rapid advancement of cyber attacks and the emergence of cyber warfare have caught government and military leaders around the world off guard. Decision making in time requiring defensive measures or military crisis is guided by doctrine and rules of engagement, but in the case of cyber attacks and cyber warfare they do not currently exist. The complexities and unique characteristics of cyber warfare mandate establishing Cyber Attack and Warfare Rules of Engagement (CAWRoE).

Cyber warfare is different than the conventional war in many ways. It is this difference that will challenge the minds of experts around the world when they attempt to create cyber warfare doctrine and ROE. To frame this discussion, below you will find two definitions that put this challenge in context.

Definition - Cyber Warfare & Terrorism - "The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives." Source: This definition was published in the U.S. Army Cyber Operations and Cyber Terrorism Handbook 1.02. This definition was written by Kevin Coleman back in 2004 for an online article.

Definition - Rules of Engagement - Rules of engagement date at least to the Middle Ages in Europe. In military terms this refers to a directive issued by a military authority controlling the use and degree of force, esp. specifying circumstances and limitations for engaging in combat. The directive delineates the limitations and circumstances under which forces will initiate and prosecute combat engagement with other forces encountered. Source: This definition is based on multiple authorities' sources and combined to clearly articulate ROE.

NOTE-- After months of research, we will soon publish a paper that addresses the question: "What constitutes an act of cyber war?"

History has shown that ROE are often over controlled and regulated by politicians and military leaders. It is anticipated that this will also be the case as it relates to cyber attacks and warfare. In addition, commanders and government leaders at all levels must understand the situation, complexities and uncertainty they face.

The increase in complexity, technical aspects and difficulty in tracing the cyber attacks back to the aggressor will combine to increase the difficulty of creating the ROE for cyber. Careful crafting of cyber ROE is required to diminish ambiguities that could caused delays in actions when the use of force is required and will surely lead to increased implication on the United States.

Cyber attack and warfare rules of engagement will undoubtedly require hundreds of pages to establish a decision framework. That being said, there are a few critical areas that will pose the most significant challenge to policy makers. One of these areas will be the level of confidence in the identification of the entity behind an attack on a nation. Tracing and tracking cyber attacks back to those responsible is not an easy task. Usually this takes months or years not minutes and hours. Current intelligence and surveillance capabilities will provide only minimal assistance in this effort. Although promising research on tracking and tracing cyber attacks is currently underway and advances are occurring on a regular basis, we are far from being able to rapidly identify the party or parties behind the attack with the high degree of confidence and hard evidence necessary to launch an offensive cyber response. At the present time, the newness of cyber attacks and weapons coupled with their potential, but unproven power and the uncertainty about how they might be used, have pushed the decision around the response to cyber attacks all the way to the top and in the hands of the President of the United States.

Conclusion
Over 140 countries around the world have cyber weapons development efforts underway but lack a comprehensive doctrine and legal framework for responding to cyber attacks as well as using offensive cyber weapons against attackers and adversaries. President-elect Barack Obama's national security team will have to rapidly establish the rules of engagement as they relate to cyber attacks and all out cyber warfare. His national security team is said to include: Sarah Sewall, Tom Donilon, Wendy R. Sherman, Michèle A. Flournoy, John P. White, Robert R. Beers, Clark Kent Ervin, Gayle E. Smith, Aaron Williams, John O. Brennan and Judith A. ("Jami") Miscik.

The United States Military has an expansive arsenal of sophisticated cyber weapons at its disposal, policy makers have yet to define the rules of engagement that govern when and how to use them. In a briefing earlier this year I said: "This is totally uncharted territory for policy makers. The characteristics of cyber attacks coupled with the operational aspects of cyber weapons make this a unique challenge."

This remains the case and time is growing short before the next significant cyber attack is launched. Cyber warfare requires new rules of engagement.

-- Kevin Coleman
November 28, 2008 09:01 AM | Cyber-warfare |  Bookmark and Share

Comments

I am Pte Collins .I want 2 know how I can get Army kits from ur products, pls can u send me a mail to this email as reply pls.

Posted by: Colins at April 17, 2009 09:35 AM


The issue is not with the definitions. It is rather we have not defined what constitutes and acto fo cyber war. We do not have uniform laws about that constitutes a cyber crime as well. That is what is missing and need to be defined in the ROE.

Posted by: Kevin at December 1, 2008 03:42 PM


Based on Coleman's definition, it would include kenetic attacks against the physical infrastructure (locs,nodes, etc...) to prevent electrons from moving about...those are certainly 'disruptive activities', even against POTS.
That would mean we would have been engaged in 'cyber warfare' since the telegraph was invented.
So, it seems like a better definition is in order.

Posted by: J House at December 1, 2008 10:29 AM


Because of the difficulty of finding out the source of cyber attacks, I believe that automated systems, like Einstein, are needed to combat this threat.

The future evolution of this technology should include accurate source detection and fully automated responses. This could be anything from cyber attacks to UAV strikes.

And we could call it Skynet.... Err... wait a minute.. :)

Posted by: Ptsfp at November 30, 2008 11:18 PM


buy wow goldcheap wow goldwow goldcheapest wow goldwarhammer goldwarhammer powerlevelingwar goldwar powerlevelingwar power levelingcal alzbuy wow goldcheap wow goldwow goldcheapest wow goldwarhammer goldwarhammer powerlevelingwar goldwar powerlevelingwar power levelingcal alz

Posted by: buywowgold at November 30, 2008 10:30 PM


Yes it's time to be proactive on this subject. But as you describe in your article. How can you engage your enemy if you don't kow who your enemy is? And next question is, how can you make ROE if you don't know who your enemy is. A criminal organisation asks for different rules then a state. My believe is is that you cannot react on this as with Cuntry Vs Country acts of war. Even when verything points in that direction, just because there's never going to be solid evidence that justifies any big (internet)offensive. The only way I think you can get back at them is not with a big stick but with the same weapon. It's all about plausible denialbillity.


But then where does it stop?

Posted by: pleuris at November 30, 2008 06:22 PM


It seems we are already under attack by certain parties.
No matter what the rules are, we need to go on the offensive.
And when the Chineese say their systems are being attacked by computers from the US, we will just shrug like they do and say we cannot control every computer in the country.....

Posted by: Dennis at November 30, 2008 09:48 AM


Post a comment




Remember Me?


Please enter the code as seen in the image below to post your comment.