The United States should decide on rules for attacking other nations’ networks in advance of an actual cyberwar, which could include an international agreement not to disable banks and electrical grids, the former head of the CIA and National Security Agency said Thursday.
Michael Hayden, who was the principal deputy director of national intelligence and retired last year, said the rules of engagement for electronic battlefields are still too murky, even after the Defense Department created the U.S. Cyber Command last spring. The new organization is charged with allowing the U.S. armed forces to conduct “full-spectrum military cyberspace operations in order to enable actions in all domains,” which includes destroying electronic infrastructure as thoroughly as a B-2 bomber would level a power plant.
Even a formal cyberwar may have rules different from those applying to traditional warfare, Hayden suggested. One option would be for the larger G8 or G20 nations to declare that “cyberpenetration of any (financial) grid is so harmful to the international financial system that this is like chemical weapons: none of us should use them,” he said at the Black Hat computer security conference here.
Another option would be for those nations to declare that “outside of actual physical attacks in declared conflicts, denial of service attacks are never allowed and are absolutely forbidden and never excused,” and a consensus would “stigmatize their use,” said Hayden, who’s now a principal at the Chertoff Group. Nations “do not do it and they do not allow it to happen from their sovereign space.”