Fault Lines, a television program run by Al Jazeera, recently ran a segment on cyber warfare, which included interviews with notable experts like Michael Chertoff and James Lewis. During his interview, Chertoff discussed the possiblity of responding to a cyber attack with kinetic response, such as utilizing Special Forces to go and take down the server conducting the attack.
“Sure, that’s not out of the question. Imagine that country A attacks and seriously affects our systems. And in order to remove the servers, first we go to the country and say ‘you’ve got to shut down this server’ and the country either says ‘we can’t’ or ‘we won’t’, or ‘we don’t have the ability to do so’. Now then we’d have to decide how do we shut down the server? Do we do it virtually, by going back over the network?,” Chertoff said. “Would it be easier to send a group of special forces in and blow the server up? And again because we haven’t really laid out what our doctrine is, there’s uncertainty on both sides about how far we would go. And that creates a certain instability in the system.”
Chertoff also discussed the possibility of a cyber attack turning into a conventional war.
“Look a cyber attack would have real effects. If a cyber attack on our air system caused airliners, for example, to crash, there would be real loss of life. And it would be every bit as serious as somebody putting a bomb on an airliner. So it would be very easy to see how cyber warfare could leak into the physical realm and vice versa,” he said.
Dr. Jim Lewis discussed the threat of cyber espionage, which he says is decidedly not an act of war. Instead, cyber espionage should be treated in the same way that traditional espionage is, largely through expelling representatives with diplomatic immunity.
Perhaps the most compelling point to take away from Chertoff’s points, was that there is currently very little agreement or doctrine regarding operations and responses in cyberspace. Until a clear doctrine is produced, it will be difficult for the U.S. to effectively respond in the event of a cyber attack.