Secretary of Defense Leon Panetta said in an interview with CBS News that the threat of cyberwar impacting critical operations within the United States is a very real concern.
While many experts continue to debate the very concept of cyber warfare and the semantics necessary to even discuss the subject, the U.S. government is moving swiftly to prepare for conflict in this emerging virtual theater of action.
"The reality is that there is the cyber capability to basically bring down our power grid to create... to paralyze our financial system in this country to virtually paralyze our country," Panetta told CBS News.
In December, Congress officially sanctioned the option for the military to use offensive measures in cyberspace should the tactics be deemed necessary. The language which supports the use of offensive capabilities was tucked away in the 2012 defense authorization act.
Section 954 of the the FY 2012 defense authorization act states that “Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, allies and interests."
Congressional authorization came just a few weeks after the Pentagon produced a twelve page report that reiterated assertions that the United States reserves the right to respond with military force to any "significant cyber attacks directed against the U.S. economy, government or military".
"I think we have to be prepared not only to defend against that kind of attack but if necessary we are going to have to be prepared to be able to be aggressive when it comes to cyber efforts as well. We've got to develop the technology, the capability, we've got to be able to defend this country," Panetta asserted.
Earlier this year, the Department of Defense had concluded that the Laws of Armed Conflict, which govern the level of appropriate military action in the face of naked aggression by a foreign power, should also extend to the cyberspace field of operations.
The measure of a cyber attack and the corresponding response would be determined by evaluating the level of "death, damage, destruction or high-level disruption" caused by an attack. Under this strategy, a sizable event could prompt a significant military response given the level of damage incurred
"That's one of the interesting questions. What constitutes an act of war when it comes to cyber warfare? Countries use cyber as a way to exploit information. I think the Chinese use it as a way to gain information in the business arena. But if a cyber effort were made that, in fact, crippled this country or paralyzed this country or hit a major grid system then you have to ask the question does this constitute an act of war?" Panetta said.
But one of the biggest obstacles to standardization of military response to cyber-based attacks is in reliably determining attribution. In many cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors.
Proxies, routing tricks, compromised machines, and spoofed IP addresses can be easily coordinated to give the appearance that an attack is originating far from the actual source.
It remains to been seen exactly how the problem of attribution is to be overcome in the face an actual event of the magnitude of which Panetta speaks.