Hacking Back: Cyber Command lawyer pushes for speedier military responses

The increasing rate and impact of cyber-attacks on U.S. Kurt Sanger, a member of Cyber Command’s general counsel, is one of the few advocating for a reevaluation of how military anti-hacking operations are decided. He believes that the planning stage for militarily countering cyber-attacks should be reconfigured.

And that it should be done with speed in mind.

Sanger, alongside fellow Judge Advocate Peter Pascucci, co-authored an article on Lawfare.com earlier this month that highlights the need for expedited responses when it comes to cyber-attacks in the U.S.

Before delving into the need for change, the authors tap into the domestic context of cyber. They claim that “The cyber incidents encountered in this calendar year alone are sufficient to highlight the United States’ mounting security challenges.”

Continuing this thought, the authors acknowledged, “The scope and scale of harm from these incidents are also increasing in comparison to past cyber incidents.” The comparison made here is between previous attacks on “discrete communities,” and those that impact a much wider group of people.

The Colonial Pipeline attack in May is just one example of how wide of an impact these sorts of attacks are currently capable of.

Right intention, wrong focus

A separate Lawfare.com post from April, written by Jason Healey, offers a five-pronged test to determine the appropriateness of a U.S. military cyberspace response to criminal hacking activities.

Healey’s list is as follows:

1. Imminence: There is an upcoming national-security-relevant window of U.S. or allied vulnerability OR intelligence suggests the malware is about to be used in a far more dangerous manner AND

2. Severity: The targeted malware is particularly large or dangerous OR Likely to cause deaths AND significant destruction of the kind normally associated with military weapons AND

3. Overseas Focus: The targeted malware is located largely overseas, not within the United States AND

4. Adversary: The targeted malware is tied to a major adversary: China, Russia, North Korea or Iran; AND

5. Military as a last-ish resort: No one else taking effective action OR Military disruption can uniquely complement actions by others.

After injecting the list, Healey states that “In practice, in an emergency, some operations could be approved that meet most but not all criteria.” And that,“The malware must have a connection to a nation-state to ensure it is a proper target for military force.”

The problem here is that “Military Force” in the context of cyber does not usually entail agony or death throes. It is a coordinated engagement with someone targeting U.S. interest’s from afar, and usually involves a counter-attack which isn’t going to result in physical violence.

What Healey’s pronged approach advocates for, albeit implicitly, is a dismissal of scope of impact as the primary determining factor for who should be taking charge of handling such attacks.

By limiting Cyber Command to stringent qualifications pertaining to foreign policy, and to concerns about modality of impact, for action, the only thing left from consideration is the total amount of normal individuals that should be protected from being victimized by attacks like this.

We must safeguard innocent American citizens, regardless of who does the attacking and if the attack is violent or not.