The first stage in determining whether the hacking activities sanctioned by other governments may be classified as an act of war is to determine the nature and scope of the repercussions. Cyberspace activities contradict the rules and laws established by the government under the law of war. As a result, it is best to understand the behaviors that constitute hacker attacks, as this is required for legal analysis. Understanding activities that compose cyber-attacks will assist in providing information to the existing literature that has abused the word without caring to explain what it entails. Defining the meaning and consequences of hacking attacks will serve as a prologue of determining whether it should be considered as an act of war.
Cyber Attacks Definition
Cyber-attacks have existed for over a decade, and have become rampant and complicated. This is facilitated by the high rise and easy accessibility of technology. For over a decade, scholars have predetermined and analyzed potential consequences associated with execution of cyber-attacks. The possible outcomes range from a virus that disables the basic functioning of an organization to a phony sensitive message that causes countries to engage in war or a scenario that causes severe economic disruption (Hathaway, et al., 2011). While some of those situations have occasionally occurred; in the last two years, smaller incidents of cyber-attacks have transpired regularly. However, no possible method has been erected to predetermine or predict the cyber-attack.
Therefore, cyber-attack is any attack that is premeditated from a computer against another computer with the intention of distorting or threatening the confidentiality, significance, or the security of the information stored. Cyber-attacks might engage an individual or an organization that operates with computer and Internet; the malware usually originates from an unknown source and proceeds to steal, threaten, or destruct targeted information (Deore & Vijaya, 2016). Hacking into susceptible computers facilitates the spreading and popularity of cyber-attacks. Cyber-attacks have become sophisticated and severe because of the superfluous freedom granted for planting spyware on personal computers. Installing a malware on a personal computer has the capability of sabotaging the functioning of an entire country.
However, the appropriate definition for this case study focuses on cyber-attack as a propagated action purposing to cause mayhem and undermine the essential functions of countries such as breaching their security and political functioning through computing systems. The potential causes that might cause cyber-attacks include creating a fear factor among groups, communities, and citizens.
Nations Perceptions about Cyber-attacks
Different countries have distinct perceptions of what they might consider as cyber-attack. For instance, what the USA government might term as cyber-attack might differ to what Russia or China might scope. However, it is not surprising how they have come up with the definition of the term. There is no definite explanation offered to be implemented when describing cyber-attack (Hathaway, et al., 2011). The USA defines cyber-attacks as deliberate measures executed with the intention of disrupting, deceiving, distorting, or altering the normal functioning of a computer system or information network used to store or disseminate critical and sensitive data. While countries like China and Russia consider cyber-attacks as any threat that is posed by the utilization of new technologies and techniques that are considered incompatible with ascertaining national and military security (Hathaway, et al., 2011). Furthermore, any dissemination of false or harmful information towards sensitive matters that can cause public unrest such as religion, politics, culture, or economic systems.
Data protection has been considered as the significant challenge in the world. Governments are developing new and sophisticated methods of ensuring cybersecurity, but the hackers are upgrading their techniques (Deore & Vijaya, 2016). The internet use has facilitated the penetration of hackers into private facilities. In this technologically advanced era, everyone wants to indulge in utilizing technology as a way of solving their problems or increasing the efficiency of their operation. Therefore, as the technology advances, the government continues to improve their protection techniques. Hacker attacking occurs either directly or indirectly, and the attacks are considered as active and passive attacks.
Should Hacking-attacks be Considered as an Act of War?
An appropriate definition of cyber-attack has been applied in this essay; thus, it is critical to comprehend the extents that these cyber-attacks might harm the normal functioning of the country. Initially, the attacks that occurred were performed through physically engaging in wars, launching surprise missiles, nuclear bombs, and surprise terrorism acts that managed to leave a score of people dead and others injured. These forms of attacks have been declared as tragic moments because they cripple the normal functioning of the government and evoke the declaration of war in combating such attacks. The utilization of technology to cripple the economy and create vulnerability to the community has been classified as the modern form of assault. Most people have an idea of how an act of war appears when on land or water (Nakashima, 2012). Therefore, using computers to engage in potentially harmful activities and directing those attacks to the government evokes a threat.
Reflecting on the Saudi Arabia where a virus known as Shamoon wiped data from thirty thousand computers in an oil company and paralyzing business operation for two weeks period, which was referred as an assault (Nakashima, 2012). Countries have been slacking on how to handle the effects caused by cyber-attacks. The origin of Shamoon could not be traced. The USA and Israel government were found responsible for Stuxnet, a worm that aimed at delaying the Iranian progress of developing nuclear weapons (Cuevas & Callie Marie, 2016). The utilization of the virus caused an uproar that demanded an explanation of how that was not to be classified as an act of war. The international experts when they evaluated the harm caused by Shamoon, they disregarded it because it had not produced enough physical damage.
However, the question that bothered most people is; what if the same damage had occurred to any of the USA companies and the creators could be traced, would that have been considered severe? How much loss, fear, and security breaches should countries endure before they decide that the cyber-attacks cannot go unanswered? The government officials in every state should reach a consensus on determining the practical measures that can be applied in curbing the harm and damage caused by cyber-attacks. If a cyber-attack was aimed at the private sector, should the government step in and salvage the situation? When is the right time for the government to construct pre-emptive utilization of cyber weapon to retaliate in the cyber-attack? (Nakashima, 2012).
Formulating what constitutes an act of war does not depend on military or legal guidance, but instead, it's a political decision. A country is deciding if a specific threat is an act of war solely depends on its criteria and not a global decision. It focuses whether the decision will benefit or make the country more vulnerable. For instance, the USA government has experienced several forms of cyber-attacks from countries such as China and Russia (Rubenstein, 2014). Therefore, the USA is rewriting its military rulebooks to execute the mandate of considering cyber-attacks as a deliberate act of war and authorizing the military to retaliate against the hackers who are funded by foreign countries (Pilkington, 2011). The USA has focused on damages caused by cyber-attacks such as loss of lives, significant distortion, and paralyzing the economy.
Existing literature reviews have analyzed cyber-attacks without the anticipation of them accelerating to be declared as an act of war (Atul, Suraj, & Surbhi, 2013). The incidences that have occurred have demonstrated that the cyber-attacks do not require to infiltrate the internet to break down the information system, but can cause harm through other forms of separate, secure devices. Therefore, the ideology that cyber-attacks can only occur through the computer or desktops should be challenged because infiltration and popularity of cyber-attacks can succeed through overlooked computing systems that are relied on to simplify the modern life (Hathaway, et al., 2011). Therefore, with the spread of computing systems to machines that are depended on by humans, cyber-attacks have adopted ways of infiltrating by diversifying its scope and shape. The camouflage capability of cyber-attacks has created a challenge for any legal action to be constructed towards combating the consequences.
However, the answer to whether cyber-attacks should be considered as an act of war is still debatable. Engaging in land and seas wars lead to massive loss of lives, crippling the economy, and destruction of property. However, for the cyber-attacks, they aim at destroying or creating fear in the government and the public but do not lead to the destruction of lives. However, when analyzed in the sense that some extent of cyber-attack can interfere with the air traffic controls causing planes to crash causing loss of lives then another perception is created (Nakashima, 2012). The cyber-attacks cases are challenging to examine and determine the appropriate measures required in dealing with them because most of the time they do not last for hours. While interfering and distorting data is expensive to recover, this cannot warrant for an act of war because it is not an armed act (Whittaker, 2011).
Furthermore, the government officials have been dreading the crippling of the economic backbone of their country during the cyber-attacks. However, has not caused any loss of lives, it does not necessitate a retaliation as an act of war. The world is advancing, and the government might find the use of cyber-attacks as a way of persuading hostile countries on transforming their operation, and this can be beneficial because it averts war (NBC, 2011). States who have not advanced technologically, they might experience vulnerability. However, cyber-attacks should not be seen as an act of war; instead, countries should upgrade the security systems to provide resilience towards cyber-attacks.
Military Response towards Cyber-Attacks
The military has classified the cyber-attacks at the same realm as land, air, or sea domain and several approaches are being enacted to determine the suitable approach towards combating the incidences. However, the military response is based on evaluating the sensitivity of the cyber-attack and determining its origin (Cuevas & Callie Marie, 2016). While assessing the hostility of the cyber-attack, the military will engage in evaluating its effect and its intention. The military should respond when it has transparency about the cyber-attack operation.
In 2016, Hillary Clinton had stated her strategy would be treating cyber-attacks as an act of war and would retaliate using severe military response. The military would focus on protecting the country infrastructure, economy, and government network. Clinton insisted on having an army that is ready and agile towards responding to any threat despite the timeframe and that included the cyberspace (Murdock, 2016). However, the military is still reserving its right towards retaliating on cyber-attacks instances with physical techniques.
Therefore, the military is focusing on sharpening its skills towards determining the origin of the breach (Armin & Michael B., 2014). The effectiveness of the military response is quickly identifying the cyber-attack source because the anonymous nature of the Internet causes the challenge. Pentagon has invested in technologies that can facilitate tracing the real origin of attack quickly, prevent, and salvage the situation before it spreads. Furthermore, the security agencies focus on supporting highly skilled cyber forensics experts and collaborating with international organizations towards curbing the cyber threats quickly through sharing critical information, including unveiling the intentions of the attacks and the perpetrators (Pomerleau, 2015).
Before the military engages in offensive measures, it should have exhausted all other options such as collaborating with international bodies and dealing directly with the perpetrators. Therefore, the military is expected to respond in a manner that reflects their values and legitimacy, and when need be, ask for overseas support. Having international support ensures quick response and coordination beyond borders. The military acknowledges that cyber-attacks effects affect beyond the geographical domains emphasizing the importance of working with the foreign bodies (Alexander, 2011). However, in case the president orders for the involvement of offensive actions, the military is demanded to perform in a mode that adheres to the policy principles and legal settings. However, before the president requires aggressive actions several things are considered, and that includes the degree of infrastructure damage and loss of lives resulted from the cyber-attacks.
The national security agencies have the technical abilities and legal authorities to trace the perpetrators and “hack back” the suspected group for purposes of evaluating their intentions. NSA works towards supporting and protecting the law enforcement and technical community while assessing what the President and other departments of the government would execute (Alexander, 2011). Having such a mindset has enabled the military to perform well-informed decisions making a difference through increased coordination and collaboration among security and federal agencies. In cyber-attacks, acknowledging that the incident has infiltrated the system is challenging because to some extent, cyberspace demands extensive anonymity because the attackers can mask the origin by showing the source to be global.
Conclusion
The paper evaluated whether cyber-attacks sanctioned by other governments can be considered as an act of war. The adequate definition explored in the article focused on a cyber-attack as a propagated action purposing to cause mayhem and undermine the essential functions of countries by breaching their security and political functioning through computing systems. The potential causes that can spread cyber-attacks include instilling fear among groups, communities, and the citizens. However, different nations have distinct definitions of cyber-attacks. Formulating what constitutes an act of war solely depend on the political decision. Cyber-attacks have focused on destroying data, and even if it is expensive to restore them, it does not warrant for it to be declared as an act of war. Therefore, cyber-attacks should not be seen as an act of war; instead, countries should upgrade the security systems to provide resilience towards cyber-attacks. Furthermore, the military is expected to respond in a manner that reflects their values and legitimacy, and when need be, ask for overseas support. Having international support ensures quick response and coordination beyond borders.
References
Alexander, D. (2011, November 16). U.S. reserves right to meet cyber attack with force. Retrieved from Reuters: http://www.reuters.com/article/us-usa-defense-cybersecurity/u-s-reserves-right-to-meet-cyber-attack-with-force-idUSTRE7AF02Y20111116
Armin, R., & Michael B., K. (2014, December 17). Now That The US Government Thinks North Korea Hacked Sony, Here's How It Could Respond. Retrieved from Bussiness Insider: http://www.businessinsider.com/sony-hack-should-be-considered-act-of-war-2014-12?IR=T
Atul, T., Suraj, K., & Surbhi, C. (2013). Cyber security: challenges for society- literature review. IOSR Journal of Computer Engineering, 67-75.
Cuevas, C. A., & Callie Marie, R. (2016). The Wiley handbook on the psychology of violence. West Sussex, UK: John Wiley & Sons Inc.
Deore, U., & Vijaya, W. (2016). A Literature Review on Cyber Security Automation for Controlling Distributed Data. International Journal of Innovative Research in Computer and Communication Engineering, 1-4.
Hathaway, O. A., Rebecca, C., Haley, N., Aileen, N., William, P., & Julia, S. (2011). THE LAW OF CYBER-ATTACK. California Law Review, 7-25.
Murdock, J. (2016, September 1). Clinton: US should use 'military response' to fight cyberattacks from Russia and China. Retrieved from International Business Times: http://www.ibtimes.co.uk/clinton-us-should-use-military-response-fight-cyberattacks-russia-china-1579187
Nakashima, E. (2012, October 26). When is a cyberattack an act of war? Retrieved from Washington Post: https://www.washingtonpost.com/opinions/when-is-a-cyberattack-an-act-of-war/2012/10/26/02226232-1eb8-11e2-9746-908f727990d8_story.html?utm_term=.6c56a3408aeb
NBC. (2011, May 31). US decides Cyber Attack can be 'act of war'. Retrieved from NBCNEWS.com: http://www.nbcnews.com/id/43224451/ns/us_news-security/t/sources-us-decides-cyber-attack-can-be-act-war/#.WgtBVvmCzIV
Pilkington, E. (2011, May 31). Washington moves to classify cyber-attacks as acts of war. Retrieved from The Guardian: https://www.theguardian.com/world/2011/may/31/washington-moves-to-classify-cyber-attacks
Pomerleau, M. (2015, June 10). How might the US respond to cyber attacks? Retrieved from Defense Systems: https://defensesystems.com/articles/2015/06/10/us-response-scenario-cyber-attack.aspx
Rubenstein, D. (2014). Nation State Cyber Espionage and its Impacts. 1-11.
Whittaker, Z. (2011, June 2). Can a cyber-attack really be considered an 'act of war'? Retrieved from ZDnet: http://www.zdnet.com/article/can-a-cyber-attack-really-be-considered-an-act-of-war/
