The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy.




Cyberattacks—actions intended to damage adversary computer systems or networks—can be used for a variety of military purposes. But they also have application to certain missions of the intelligence community, such as covert action. They may be useful for certain domestic law enforcement purposes, and some analysts believe that they might be useful for certain private sector entities who are themselves under cyberattack. This report considers all of these applications from an integrated perspective that ties together technology, policy, legal, and ethical issues.




Focusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores important characteristics of cyberattack. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights. Of special interest to the military, intelligence, law enforcement, and homeland security communities, this report is also an essential point of departure for nongovernmental researchers interested in this rarely discussed topic.

Table of Contents


Front Matter
Synopsis
1 Overview, Findings, and Recommendations
Part I: Framing and Basic Technology
2 Technical and Operational Considerations in Cyberattack and Cyberexploitation
Part II: Mission and Institutional Perspectives
3 A Military Perspective on Cyberattack
4 An Intelligence Community Perspective on Cyberattack and Cyberexploitation
5 Perspectives on Cyberattack Outside National Security
6 Decision Making and Oversight
Part III: Intellectual Tools for Understanding and Thinking About Cyberattack
7 Legal and Ethical Perspectives on Cyberattack
8 Insights from Related Areas
9 Speculations on the Dynamics of Cyberconflict
10 Alternative Futures
Appendixes
Appendix A: Biographies of Committee Members and Staff
Appendix B: Meeting Participants and Other Contributors
Appendix C: Illustrative Criminal Cyberattacks
Appendix D: Views on the Use of Force in Cyberspace
Appendix E: Technical Vulnerabilities Targeted by Cyber Offensive Actions