Pentagon: Hacking can count as an act of war

The Wall Street Journal broke the news yesterday that the Pentagon has concluded that hacking and other forms of digital sabotage that originate from other countries can be considered an act of war. This means that for the first time, the U.S. is in the position of possibly responding to an online attack with offline "traditional military force." Guns, troops, drones, bombs.
The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military. In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.

Read the whole article here. If the paywall locks you out, MSNBC has a related piece.


  1. Why providing a reason for war anyway if it’s such a lame excuse? Be honest and tell the world you’re going to war because it just fits into your plans, if not into your household.

  2. You better trust your intelligence deeply. But If it becomes a weapon of war I don’t see why this is a surprise. I just wonder what it will take before certain types of hacking will become the center or arms control agreements.

  3. How to prop up the military-industrial complex in four easy steps.

    1. Make hacking from a foreign country an act of war.
    2. Set up a relay in a foreign country.
    3. ??
    4. Profit.

  4. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.

    Yes, yes, over 9,000 cruise missiles… very good sir, you don’t sound powerless at all.

    1. He only said it’s an act of war if someone does it to us. When *we* do it, it’s “defense”.

  5. As compromised as our power grid is, this makes perfect sense for the government to openly make a statement. A friend of mine working for a utility out west says that it is not overly uncommon for their to be cyber attacks weekly, if not daily.

  6. So I guess Iran is justified in using military force against the authors of Stuxnet, right?

    1. Of course not. *That* was justified self defence .. err an humanitarian action.. SAY ARE YOU A TRAITOR?

  7. So did the U.S. Congress authorize the use of Stuxnet against Iran, or has the American executive just declared war on another country without approval?

  8. And of course someone routing through a proxy in an unfavored country would never be used as an excuse.

    I guess this is one really good way for the US to force the rest of the world to accept its draconian plans for control of the internet.
    “Its a nice country, it would be a shame if some kid did something stupid online and we had to bomb it.”

    Better plan – don’t hook “critical” systems up to the internet?

  9. Soooo…. if another nation (let’s say “Nari”) is attacked by some sort of computer worm (let’s say “TenXuts”), is this nation within its right to retaliate, with, let’s say a “ecived raelcun?”

  10. Does it really matter anymore? The last few years have shown that the President of the United States can start wars and attack countries whenever he pleases. They don’t even have to tell us about it or justify why the did it. Just so long as they don’t actually declare “war”.

  11. Avram, you’re quick! (beat me to it)

    But seriously, if a private individual in britain hacks the USA powergrid, are they going to bomb London?
    What if it’s a private individual in Kyrgyzstan?

    So, if Bin Laden’s successor wants to get the American war machine to a specific place he sends his buddy to that country to hack a US system using a known hack? “ACCCHHHHHH, the morals of those dirty (group of Muslims) has strayed too far from Allah. Let’s trick the stupid Americans into attacking them to show them the wrath of Allah”


    “Mr. President. Craplakistan has a bunch of oil and other stuff we can mess around with. Should we send someone there to hack our systems so we have a reason to attack?”

  12. The reality is that they have to do this. Digital attacks can be at least as harmful as traditional attacks.

    And Stuxnet is a great example of that. It was indeed an act of war, and was much more effective than cruise missiles or troops.

    I don’t like having more wars – and I lament the fact that this policy opens the door to massive retribution for simple attacks – but it seems obvious that digital attacks are already offer some of the best cost/benefit offenses out there and their use will only escalate. This policy is both realistic and an attempt by the Pentagon to scare any government considering such attacks.

  13. I realize this kind of news is perfect wadding for armchair revolutionaries to stuff in their snark cannons, but it’s hard to see how the Pentagon is telling us anything we didn’t already know they’d do. The right kind of hack-warfare could do tremendous economic damage, and could also cost human lives or wreck infrastructure.

    Of course we’d retaliate, disproportionately if we could, and not necessarily with a cyber-attack in kind. And that retaliation would enjoy enormous popular support. Sure, things could go wrong: in particular, really truly demigod-level cyber-shenanigans could make us think it was Iran when really it was North Korea. But that’s the nature of the weapon, and of asymmetrical warfare.

    Realistically, as long as there’s a Pentagon to issue press releases, the Pentagon is going to say this and it will always have been the official policy. Because the alternative is the Pentagon saying, “Boy, I hope nobody attacks us via the internet, because we are royally fucked if that happens. Enemies of freedom, please do not cyber-threaten us as that would leave us powerless to respond!”

    1. I realize this kind of news is perfect wadding for armchair revolutionaries to stuff in their snark cannons …

      Do not begrudge us our snark cannons. We use them in order to cope in a world that is in practice without the rule of law. Our snark is analogous to gallows humor.

    2. You know, if they spent 2% of the pentagon budget on IT, this would be a non problem. Maybe 5%. I

      nstead, the bully threatens.

  14. …that having taken way too long to draft, I see that the conversation has essentially lapped me. But just to add a few other quick thoughts:

    • You betcha Stuxnet was an act of war. Iran would respond with missiles down our smokestacks if it could, and is probably working very hard on a more asymmetrical response, whether electronic in nature or otherwise. The question then becomes was it worth it in terms of slowing down their bomb-making calendar, and in terms of letting the rest of the world know that we could be lurking in their light-switches. That, I don’t really know enough to argue one way or the other.

    • The nightmare scenario is indeed that a clever, apolitical teenager in Armenia shuts down LAX’s air traffic control tower for lulz. But think of it this way: a Russian MiG on a strafing run and a guy in a weather-balloon-lofted lawn chair with a machine gun could do similar amounts of damage. But you’d never confuse the one for the other. Stuxnet wasn’t just brilliant (and effective only because it was brilliant), it was the sort of thing where it could never have been cooked up by one person. FOR NOW, there’s a difference between state-funded crackery and what goes on for lulz. When and if that stops being true, well, you know, may you live in interesting times.

    1. I’ve been living in interesting times since about the end of the year 2000. I’ve got interesting times fatigue.

  15. So if you can take over someone else computer, which happens every day, send a weak hack meant to be detected from that computer… you can get the Pentagon to MIRV strike them. But wait, now that it is proven that the Pentagon is hackable, Chinese hackers can send themselves a fake hack from DC and then launch a counter attack. Reminds me of when the nazis dressed poisoned Poles in military attire and placed them in their borders.

  16. So, if the Constitution were anything other than a shit-stained piece of toilet paper, this would mean that we couldn’t engage in any hacking against foreign powers ourselves, because to do so would be an unauthorized act of war, right?

  17. I wish there was a New New World. I want to go there to get away from all this bullshit.

  18. Hacking is already being used as a weapon, and Stuxnet isn’t the only instance of it. If it’s intentional, government-sponsored, and does significant damage, it qualifies as an attack, and invites retaliation.

    I’m only slightly amused by the military having to deal with stuff like the “whose fingers were on the keyboard” problem.

  19. Faking an attack, selling the public on the lie, and covering up the evidence:

    Flying planes into buildings: difficulty rating 10

    Shutting down the power grid: difficulty rating 2

    No more emergency bulldozer cover-ups or those pesky “but the melting point of steel” arguments… “So easy to use, no wonder it’s #1!”

    1. That IS the truth. It has already been stated many times that the Patriot Act for the internet is already written and waiting for the first major act of cyberterror. But with cyberterror, it will be so easy to hoax.

      Remember the Maine?

  20. Domain seizures then are also an act of war. The US Government has declared war on freedom.

  21. the asymmetry thing prevents middle countries retaliating against top-tier countries, but casually trashing someone’s chosen critical path to self-determination can cause people to not invite you to parties.

  22. Do you realize that this means that if you inadvertendly trespass a military computer now they can throw you in GITMO as an enemy combatant?

  23. Maybe we could just pass a law that says all generals and world leaders have really big penises, honest they do.

  24. Why wouldn’t some types of hacking qualify as acts of war? If you used bombs/drones/spies to damage a country’s military capability or harm civilians, that would transparently be an act of war. Replace bombs with computers. Wouldn’t that still be transparently, an act of war?

    I acknowledge, though I admit I don’t understand, some of the fears expressed here. I have a more optimistic view of the world, I guess. But it seems that calling hacking a potential act of war is a logical position to take, independent of broader discussions of who gets to decide.

  25. Didn’t the Pentagon assist Israel in creating Stuxnet?

    So the Pentagon unilaterally declared war with Iran?

    How does the WSJ and NYT get away with reciting the Pentagon line and totally missing these glaringly obvious contradictions?

    1. Well keep in mind the WSJ and NYT are newspapers based in the *United States*, and the Pentagon is the HQ for the armed forces of the *United States*.

      Since when are American institutions supposed to consider people in other nations the exact same as its own people? Guess what, guys – most people in other countries don’t place Americans’ welfare above their own either.

      As for “hacking” considered an act of war, the more accurate term is cyber attack (like the Stuxnet incident) rather than plain old cyber exploitation (what 99% of hacking is).

  26. I’ll remember this if the government ever tried to hack my computer. I won’t tolerate treasonous government scumbags.

  27. So what happens when they’re attacked from their own country? Can you declare war on yourself?

Comments are closed.