Crossing the Line: When Cyberattacks Become Acts of War

2021-04-07 17:57

The question is, when does a cyberattack cross the line between a criminal action or mere prank, to an act of war? Is it the nature of the victim? The nature of the attacker? The nature of the damage? Or a combination of them all?

Oxford's Reference Dictionary defines an act of war as: "An act by one nation intended to initiate or provoke a war with another nation; an act considered sufficient cause for war." That's a good definition, but it leaves some ambiguity when applied to the realm of cybersecurity.

How do you treat acts of espionage, in this context? Does infecting a country's industrial machinery with a custom-designed virus that caused it to fail destructively count? What about infecting a government supplier and then leveraging that breach to intrude into your rival government's agencies? Both cases have a massive impact on the rival state, though the intent was not to provoke a shooting war.

Incidents in cyberspace have not translated into a shooting war in the real world.

It's yet to cross the line and manifest in the real world as a hot war.

Figuring out whether it was an act of war will fall to the politicians and diplomats - where it belongs.

News URL

https://threatpost.com/crossing-line-cyberattack-act-war/165290/

#cyberattack