Senior Department of Defense officials are working to determine how the centuries-old Law of Armed Conflict applies to potential conduct of operations in cyberspace, announced Deputy Assistant Secretary of Defense for Cyber Policy Eric Rosenbach.
“We’re trying to think about cyber operations as a new form of policy tool that gives the president or the secretary of defense new options,” he said.
“We’re not actively looking to mount operations in cyberspace just to do it,” he said. “We want to do it only when appropriate and when there’s a good reason to do it and when we can do it in a way that allows us to [avoid using] kinetic tools.”
The Senate Armed Services Committee last year asked department officials to answer 13 questions about its cyber policy, as part of the National Defense Authorization Act.
Thinking through the Law of Armed Conflict and what an armed attack and other terms mean is important to the DOD effort to update the rules of engagement, Rosenbach said.
The same cyber-language barrier also impedes international collaborations and agreements that potentially could help fight back against the steady rush of cyber intrusions that target organizations, firms and nations.
“Because it’s a new domain and people in the department and senior military officers tend to use a military-type language when talking about [the cyber domain], it often looks like we’re more aggressive in cyberspace than we, in fact, are,” Rosenbach said.
“ … We don’t want to establish unhelpful norms [and] we don’t want to use force in cyberspace unless we absolutely have to,” he added. “So we’re working to protect the nation but in a way that’s not overly aggressive and [doesn’t do] anything that Americans wouldn’t be proud of.”