The US military is on the Internet march. Obama said of two new military appointments "Between them they bring deep experience in virtually every domain ... Land, air, space, sea and cyber." Also today the WSJ reports "The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force."

I used to think "cyberwarfare" was an inflated threat. But in the past couple of years my thinking has reversed. Stuxnet was a big deal, presumably a deliberate act of cyberwarfare by the US and Israel against Iran. China's hacking of Google was also a big deal; aimed at individual activists, not nations, but still important. The recent attacks against RSA SecurID and now Lockheed Martin are troubling. We're beyond script kiddies stealing some Warcraft accounts, this is focussed espionage against the US military.

One of the problems with cyberwarfare is it's not clear how to apply international law. What is "proportionate response" to a network break-in that disables a radar installation? How do you even identify an attacker when the attack was a virus that was planted six months ago on USB sticks? These statements says the Pentagon is moving to take these questions seriously. It's about time.

This blog post was inspired by this Metafilter discussion
  2011-05-31 21:26 Z