Military response to cyberattacks?

If there is ever a cyberattack in UK, then the region might respond with military strikes. This was the sentiment expressed by Sir Michael Fallon, the Defence Secretary of UK. He said that Britain has the resources and the ability to respond to such attacks through any domain – land, sea or air.

The Defence Secretary’s remarks come at a time when there has been increased number of cyberattacks against both governments and organizations across the globe.

Background

In the recent years, it has become commonplace for government systems to fall victim to cyber attacks. It has been reported that in 2000, Israeli hackers launched Denial-of-service (DoS) attacks to computers owned by Hamas, the Palestinian resistance organization among others. There have also been reports that in the 90s, both India and Pakistan engaged in dispute in the cyberspace.

America has claimed that the Russia hacked into their Presidential elections in 2016. Similarly, the campaign run by Emmanuel Macron was hacked on the eve of the French elections. America’s National Security Agency said that Russia was once again culpable for these actions.

The current crisis in the Middle East between Qatar and its neighbouring countries is partly due to a controversy that erupted when Qatar’s news agency and government websites were hacked.

Analysis

The British Parliament too has fallen victim to sustained cyberattacks. While investigations are still at a nascent stage, 90 email accounts with “weak” passwords are said to have been hacked. Investigators also believe that Moscow (Russia) has a hand in what has transpired. The network that was affected is used by nearly everyone including British Prime Minister, Theresa May.

On June 27, there was a worldwide ransomware cyberattack which destabilised a number of critical infrastructures.

Assessment

Our assessment is that as cyberattacks become more frequent, governments will contemplate responding through military action. However, would this be a proportionate response? The genesis of the internet is that it was built on openness and freedom and attribution was never factored when the DARPA built it. Unlike in the case of a response to a nuclear or conventional threat where the attack has a signature, the same premise does not hold good when it comes to cyber. And how would any country respond if the threat vectors are based in more than one country?