The February 2023 issue of IEEE Spectrum is here!

Close bar

US Cyberwar Guidelines Officially Signed

Executive orders signed by President Obama a month ago

2 min read
US Cyberwar Guidelines Officially Signed

At the end of last month, there was a Wall Street Journal story reporting that the US government had decided that certain types of cyber attacks originating from another country can constitute an act of war, and therefore could trigger a "traditional" military response from the US.

As one military official in the WSJ article stated it:

"If you shut down our power grid, maybe we will put a missile down one of your smokestacks."

Well, today there is a long AP story that says that President Barack Obama signed executive orders about a month ago outlining  when and how US military commanders can employ cyber capabilities to mount cyber attacks or conduct espionage against other countries.

Defense officials and security experts told the AP that:

"The orders detail when the military must seek presidential approval for a specific cyber assault on an enemy and weave cyber capabilities into U.S. war fighting strategy."

The executive orders act in a similar fashion as operational theater rules of engagement. The AP story states, for example, that:

"Under the new Pentagon guidelines, it would be unacceptable to deliberately route a cyberattack through another country if that nation has not given permission - much like U.S. fighter jets need permission to fly through another nation's airspace."

The full set of cyberwar guidelines have not been announced, but the US Department of Defense is expected to do so soon.

As this week's Spectrum podcast notes, there are likely to be plenty of cyber security incidents for the US military to sort through. It will be interesting to see whether the policy mentions cyber attacks against US defense contractors as warranting a measured response of some kind.

Also interestingly, there is no mention in the AP story about the policy extending to the Central Intelligence Agency, who presumably, operate under their own set of cyber rules that are a bit less constraining than those placed on the US Defense Department.

PHOTO: iStockphoto

The Conversation (0)

How Police Exploited the Capitol Riot’s Digital Records

Forensic technology is powerful, but is it worth the privacy trade-offs?

11 min read
 Illustration of the silhouette of a person with upraised arm holding a cellphone in front of the U.S. Capitol building. Superimposed on the head is a green matrix, which represents data points used for facial recognition
Gabriel Zimmer

The group of well-dressed young men who gathered on the outskirts of Baltimore on the night of 5 January 2021 hardly looked like extremists. But the next day, prosecutors allege, they would all breach the United States Capitol during the deadly insurrection. Several would loot and destroy media equipment, and one would assault a policeman.

No strangers to protest, the men, members of the America First movement, diligently donned masks to obscure their faces. None boasted of their exploits on social media, and none of their friends or family would come forward to denounce them. But on 5 January, they made one piping hot, family-size mistake: They shared a pizza.

Keep Reading ↓Show less