Traditional Military Action (TMA) versus Covert Action
Should the US ever self-attribute publicly?
- Does the nature of cyberspace make a difference in whether an activity is characterized under U.S. law as a “traditional military activity” or a covert action?
- Should the U.S. acknowledge (self-attribute) traditional military activities that it carries out in cyberspace?
Activities and attribution can always be “spoofed” in terms of modifying IP addresses or through the use of proxy servers around the globe to diminish the attribution of the would-be attacker. In February 2007, the newly sovereign state of Estonia emerged into primacy of the first-ever statewide attack of its cyber infrastructure. On April 27, 2007, during ethnic rioting, the Estonian authorities moved a highly revered WWII Soviet Union statue. “This is when the conflict moved into cyberspace. Estonia…is one of the most wired nations in the world,” (Clarke & Knake, 2010, p. 13). While Russia never claimed responsibility for this far-reaching attack of all facets of Estonia’s public and private cyber infrastructure, the world community may have rightly assumed that Russia was the attacker. Unfortunately, that attack was never proven to be launched by Russia and posed a difficult issue of attribution especially in terms of cyberspace.
In terms of cyberspace activities, the suggested answer is that TMA or covert actions are essentially the same. The real challenge is whether the US should self-attribute?
The US should self-attribute only if it is in terms of announcing our position as a country that certain activities reach a level of “overwhelming response.” If you shut-down a US electrical grid, we will counter with taking out your entire country and banking and finance system. The US should not hamper itself especially in terms of cyber-attack capabilities. Certainly, as a TMA activity under a declaration of war or like authorization by the President, both overt [TMA] and covert responses are appropriate.
Where there is a more covert need to gather intelligence, implant software attack vectors, etc., the US should maintain absolute cover to protect its identity.
TMA should retain both the flexibility to act in either an overt or covert manner subject to the directions and protections afforded DOD by current legislation. Commanders should still comply with reporting criteria specific to covert operations.
Reference:
Clarke, R. A., & Knake, R. K. (2010). Cyber War. New York: Harper-Collins Publishers.
Ms. Columbus has worked in the Intelligence Community (IC) for over 20 years. She retired from the US Air Force in 2014 after working as a Senior Advisor providing authoritative advice on all aspects of Cyberspace operations, force structure and organizational concepts. She oversaw strategic support activities to enable the right mix of cyber capabilities for future operations.