Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Thinking through the threat of cyber war

Reprints

Sound risk management requires its practitioners to perform many tasks, and to perform them well. Some are obvious, like making sure insurance purchased adequately covers the exposures involved. Others may not be so obvious.

One key element to sound risk management may sound esoteric, but it's not — that is being able to think about the unthinkable. It's a phrase popularized by the late futurist Herman Kahn in the 1960s. Mr. Kahn used the term in regard to nuclear war, which dominated defense issues during the Cold War.

There's another unthinkable now: the prospect of cyber catastrophe. A question for which the answer appears to be a definite “yes” is whether nation states would use cyber attacks as a weapon of war.

U.S. authorities have traced some hacks to people working on behalf of nation states, although state sponsors of such attacks obviously don't want to admit their involvement. That raises the question of how the United States — or any other country, for that matter — would react if its leaders received incontrovertible evidence that another nation had deliberately launched a cyber attack aimed at crippling military capabilities and/or destroying critical infrastructure.

The answer is, we don't know. Sen. Mike Rounds, R-S.D., addressed the issue last month by introducing the Cyber Act of War Act, which was included in the version of the National Defense Authorization Act approved in mid-May by the Senate Armed Services Committee.

“As the nature of warfare continues to evolve, it is critical that our armed forces have the authorization and ability to defend against cyber attacks on our critical infrastructure such as the electric grid, transportation systems and water supplies. Clearly defining what constitutes an act of war in the cyber realm is the first step in this effort,” said Sen. Rounds in a statement following the committee action.

The provision would require the White House to develop a policy to determine when an action carried out in cyber space constitutes an act of war against the United States. According to Sen. Rounds, such a formal definition “would allow our military to be better able to respond to cyber attacks and deter bad actors from attempting to attack us in the first place.”

Calling an action an act of war is not to be taken lightly. Having a definition of what would constitute such an act is critical. That would give the president, whoever may sit in that office, guidance before possibly exercising the gravest of constitutional duties — asking for and receiving a formal declaration of war. That's something that's happened only five times in U.S. history, the most recent being World War II.

The response could fall short of a declaration of war. But the possibility of cyber space being a battlefield would have been unthinkable outside of science fiction not all that long ago. Given the risks involved, it should be unthinkable for policymakers not to think very seriously about how to respond now.