The following editorial appeared recently in the Kansas City Star:
In the 2008 conflict between Russia and Georgia, cyber warriors aimed computer attacks at the smaller country that disrupted financial institutions' websites and the government. Given our computer and Internet dependence, this was a harbinger for an ominously threatening kind of war.
The Defense Department has now concluded that a highly disruptive cyber attack by a foreign power could be justifiably viewed as an act of war — something requiring retaliation by conventional military means. This conclusion is long overdue.
We tend to associate the phrase "acts of war" with outright combat. But the phrase has long covered acts that don't involve clashing armies or fleets. A naval blockade is an act of war, for example, and a cyber attack could have similar consequences, generating critical shortages or life-threatening disruptions of essential services.
Then there's the risk of a successful cyber attack on the military, something that would be devastating.
The armed forces were once "platform-centric." They were built around weapons "platforms" such as ships, vehicles and planes. Now they are reliant on interlinked computers, which coordinate the movements of widely dispersed ships, planes, satellites and ground troops. The technology that directs the weapons and troops has become the most lucrative target of all.
Yet the Pentagon has only taken the first steps in developing a doctrine for grappling with such threats. And it's still unclear how the source of any attack would be verified, given that this is often murky. The origin of the Stuxnet cyber worm that sabotaged Iran's nuclear program remains unknown to this day.
Pentagon planners say any military response would probably be governed by the notion of equivalence. If a cyber attack causes a high level of disruption or death, a "use of force" response could be called for, but that response must be proportional.
The issue of cyber security was highlighted last week after Google said hackers in the northeast Chinese city of Jinan had penetrated hundreds of email accounts, including those of Chinese activists and government officials in Washington.
In addition, a Chinese army spokesman recently acknowledged the existence of a military unit specializing in cyberspace.
In developing its strategy, the Pentagon is rightly consulting with allies in a bid to develop coordinated responses to any attack.
Three years ago, one of the U.S. military's computer systems was penetrated. This was a wake-up call, but one the Pentagon has been slow to heed.
Announcing that a cyber attack could be viewed as an act of war meriting a "use of force" response was a necessary step — a reminder that one of the first steps in a credible national defense policy is deterrence.