Cyberattacks on U.S. networks by other nations may not always demand the same level of retaliation, and only attacks that cause major damage or loss of life should prompt similar responses, a group of national security experts said Wednesday.
Cyberattacks on private companies and even on the U.S. Department of Defense’s network are commonplace and part of a long history of international espionage that the U.S. and other countries have engaged in for years
Presented with a scenario similar to a computer compromise at RSA Security, in which the attackers also targeted defense contractor Lockheed Martin, defense consultant Franklin Miller said people getting upset with the attack seem to assume that the U.S. doesn’t engage in some of the same practices.
“This is going to happen,” said Miller, former senior director for defense policy and arms control at the U.S. National Security Council. “This is what intelligence organizations do.”
Asked about attacks on DOD networks by another country, the panelists said the U.S. should respond, but in most cases, in a limited way. Only if major damage was done should the U.S. consider responding with force, said Judith Miller, former general counsel at the DOD.
“You’re not going to start a war over something like this,” added Robert Deitz, former senior councilor to the director of the U.S. Central Intelligence Agency.
The response would change in the case of an attack causing major damage or killing U.S. residents, the panelists said. An attack that takes down a large portion of the U.S. electric grid or the banking system would likely require significant retaliation, Franklin Miller said.