I don't know a lot about cyber-security (I usually write environmental diaries). Living in Maryland, I should though. One of my local electeds is Rep. Ruppersberger, a big proponent of cyber-security. Maryland has a lot of military bases and federal agencies dealing in the issue. The DC-metro area is a big juicy target.
With the use of chemical weapons in Syria being disputed, could the US declare war based on cyber attacks? Depending on who you ask, the Stuxnet virus was either an "Act of War" or an "Act of Force":
They disagreed over whether the Stuxnet attack qualified as an “armed attack,” which would constitute the beginning of wartime aggression that, under the Geneva Convention, could be followed by the use of force.
“We wrote it as an aid to legal advisers to governments and militaries, almost a textbook,” Schmitt told The New York Times. “We wanted to create a product that would be useful to states to help them decide what their position is. We were not making recommendations, we did not define best practice, we did not want to get into policy.”
The White House, in the
International Strategy for Cyberspace Report, stated:
States have an inherent right to self-defense that may be triggered by certain aggressive acts in cyberspace…. Certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners…. When warranted, the United States will respond to hostile acts in cyberspace as we would any other threat to our country.
The Pentagon also describes the situation warranting a response to a cyberattack:
One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation.
The Pentagon's document runs about 30 pages in its classified version and 12 pages in the unclassified one. It concludes that the Laws of Armed Conflict—derived from various treaties and customs that, over the years, have come to guide the conduct of war and proportionality of response—apply in cyberspace as in traditional warfare, according to three defense officials who have read the document. The document goes on to describe the Defense Department's dependence on information technology and why it must forge partnerships with other nations and private industry to protect infrastructure.
At the moment, to me at least, the (known) hacking done by the Syrian Electronic Army doesn't seem to merit a military response.
But what if they hacked the Stock Exchange? Released their version of the Stuxnet virus? Found someway to shut down the power grid? As one Pentagon official said:
"If you shut down our power grid, maybe we will put a missile down one of your smokestacks".
Again, I'm no expert on this issue. I can see some incidents, like loss of life or damaged infrastructure as a prelude to war. Hacking a news agency, pulling pranks, denial of service attacks, not so much.
But will the Syrian Electronic Army carry on with these "pranks", or are they prepping for a bigger attack?