Even with a team of people responding to a threat, all it takes is one skilled person to continue to execute a cyber attack unaffected and even unnoticed. Thus, the possibilities for supremacy do not favor those with the most money, staff, or equipment.
Instead, supremacy belongs to the one with the most knowledge and who can hide himself and his work the best.
The U.S. has taken steps towards allowing cyberwarfare. The most recent step includes a bill President Barack Obama signed into law in early January, the National Defense Authorization Act for Fiscal Year 2012. This bill includes an amendment in which Congress affirms that the Defense Department may wage cyberwar in the manner it deems fit while respecting existing laws and policies.
However, challenges remain in defining how the U.S. Cyber Command (CYBERCOM) will use these policy and legal definitions in practice.
Among these include: defining when a cyber attack has crossed the line from a civil offense to one that warrants a military response, identifying and locating the aggressor, responding with an underdeveloped international legal regime for defining and punishing cyber crimes, and defining precisely how responding to an attack or potential attack will manifest in practice.
DiploNews finds that, in remaining opaque in where it intends to draw the line in the sand, the U.S. is remaining flexible, fighting asymmetric threats by being asymmetric itself.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.