Internet Attacks: A Policy Framework for Rules of Engagement

Information technology is redefining national security and the use of force by state and nonstate actors. The use of force over the Internet warrants analysis given recent terrorist attacks. At the same time that information technology empowers states and their commercial enterprises, information technology makes infrastructures supported by computer systems increasingly accessible, interdependent, and more vulnerable to malicious attack. The Computer Security Institute and the FBI jointly estimate that financial losses attributed to malicious attack amounted to $378 million in 2000. International Law clearly permits a state to respond in self-defense when attacked by another state through the Internet, however, such attacks may not always rise to the scope, duration, and intensity threshold of an armed attack that may justify a use of force in self-defense. This paper presents a policy framework to analyze the rules of engagement for Internet attacks. We describe the state of Internet security, incentives for asymmetric warfare, and the development of international law for conflict management and armed conflict. We focus on options for future rules of engagement specific to Information Warfare. We conclude with four policy recommendations for Internet attack rules of engagement: (1) the U.S. should pursue international definitions of “force” and “armed attack” in the Information Warfare context; (2) the U.S. should pursue international cooperation for the joint investigation and prosecution of Internet attacks; (3) the U.S. must balance offensive opportunities against defensive vulnerabilities; and (4) the U.S. should prepare strategic plans now rather than making policy decisions in real-time during an Internet attack. * supported in part by grants from DARPA # F30602-97-1-0257, NASA #NGT-30019, State Farm Insurance, and the John Deere Corporation 1 Assistant Professor and corresponding author; additional contact information: telephone/fax: 309-5563064/3864; postal mail: 45 Oak Park Road, Bloomington IL 61701 USA Associate Department Chair and Associate Professor, He is also a retired Lt. Commander US Navy (SSN).