Cyber attacks that originate abroad can qualify as acts of war that could merit a military response by the U.S., the Pentagon has determined, according to the Wall Street Journal.
Citing a Pentagon report on cybersecurity strategy, part of which will be de-classified soon, the Wall Street Journal reported that the Pentagon has, for the first time, developed a cyber strategy that seeks to outline how the U.S. might react to cyber attacks targeted at the government, as well as critical infrastructure such as power plants, public transportation systems, financial institutions, and more.
"If you shut down our power grid, maybe we will put a missile down one of your smokestacks," an unnamed military official told the Journal.
At the core of the Pentagon's plan is the idea of there being an "equivalence" between an electronic attack and a physical one. "If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a 'use of force' consideration, which could merit retaliation," writes the Journal.
The report's recommendations are likely to be controversial, sparking questions about how the government will be able to quickly and correctly track attacks back to their perpetrators, a notoriously difficult process. In addition, it remains to be seen how the policy would affect other countries' response to covert cyber attacks or cyber sleuthing spearheaded by the U.S. For example, many have suggested that the U.S. was, in part, responsible for the Stuxnet worm that infiltrated Iran's nuclear defense systems.
A recommendation for a global cybersecurity strategy outlined by the Obama administration earlier this month also suggested cyber attacks could be treated as military threats. The government noted that it would consider using military force to respond to electronic attacks.
"We reserve the right to use all necessary means – diplomatic, informational, military and economic – as appropriate," the report read.
The Pentagon's report comes amid a slew of significant and large-scale hacking attacks have been reported over the past several months. Hackers cracked the defenses of Epsilon, an online marketing company that works with giants like Citigroup, Walgreens, and Capital One, to compromise millions of users' data, Sony's PlayStation Network was shut down following a breach that put 100 million users' personal information at risk, and defense contractor Lockheed Martin suffered a "significant and tenacious" attack that threatened to expose sensitive information.