Lawmakers are split over the question of whether attacking another country’s computer networks and websites constitute an act of war. The debate follows accusations that Russia was behind attacks on Georgian government sites (including that of President Mikhail Saakashvili, pictured) shortly before launching military action.
The attacks were simplistic denial of service attacks, which involve sending repeated requests to a server until it seizes up and makes the associated computers and websites inaccessible. They left Georgian officials struggling to communicate with the world electronically during the fighting with Russian troops.
It’s not yet confirmed who is behind the attacks. While they obviously helped Russia, the country’s government is denying any involvement. Subsequent attacks have resembled previous attacks pinned on the Russian Business Network, a major criminal gang. However, it’s not clear if they are responsible this time (it could be other parties copying their techniques) or, if they did carry out the attacks, whether they did so with government knowledge or backing.
Some analysts have compared the attacks with previous cyber-assaults on Estonia which were less intense but continued over a longer period. That may suggest the attacks on Georgia are the work of private individuals with less powerful computers.
With such assaults in the news, The Washington Post has now confirmed that neither the US government nor the Pentagon has an official stance on whether such attacks are an act of war, which could affect the legality of any response, both by the US alone and by NATO partners.
Ironically the Russian government has previously called for a ban on cyber-attacks as part of arms control deals, but the US government refused.
It seems the lack of US policy is largely because cyber-warfare falls into a grey area, with no government department or agency specifically responsible. But it’s not just a US problem: international military law is also unclear about the problem.