When conducting a kinetic military response to a cyberattack, it’s better to explain why and how you are doing so.
A month ago, the Israeli Defense Forces, or IDF, responded to a Hamas cyberattack with an online counter-attack against the hackers followed by an airstrike that destroyed their building in Gaza. It remains unclear whether any Hamas cyberspace operators died in the operation.
This was the first time that a military has conducted a kinetic operation directly in response to a cyberattack in real time. It occurred in the context of decades-long hostilities between Israel and Hamas, and amid the worst fighting between the parties since 2014.
The operation may have been warranted. Unfortunately, the IDF didn’t explain much about it, so the world cannot tell. We don’t know what Hamas was trying to achieve, why the IDF felt that the strike was justified, or just what Israel’s policy is for countering cyberspace operations.
Here’s the problem: the internet, itself just 36 years old, is still a relatively new domain of warfare. As a historic first, this operation needed Israel to explain itself a little more than it did. What did Israel think Hamas was trying to achieve? Why was the response warranted?
All Israel needed to say was something like “Hamas was targeting our military/hospital/government infrastructure and we deemed their operations to be a threat to our national security. On that basis, after conducting a cyberspace operation against Hamas, we determined that the appropriate course was to neutralize the threat. This operation occurred within the law of armed conflict just like any other operation.” But Israel chose to say no such thing.
Absent clear explanations that affirm rules of the road, countries risk setting a dangerous escalatory course for themselves and others. In the future, if State A conducts mass online banking theft during the course of hostilities, would a military response to the hackers be warranted? The short answer is: maybe. The onus would fall on the escalating country to explain how and why it felt that an escalatory operation (of any kind) was warranted and just.
There is already policy precedent for kinetic operations against hackers. In 2011, for example, the Obama administration declared in its International Strategy for Cyberspace that “When warranted the United States will respond to hostile acts in cyberspace as we would to any other threat to our country.”
What are some possible scenarios for how states could respond kinetically to cyberspace operations in the future? We can map at least three hypothetical scenarios.
A cyber event crosses a conflict-initiation threshold. If a State A, not otherwise at war, launches a cyberattack that cripples State B’s critical infrastructure, the latter could respond by launching a kinetic operation to decapitate State A’s cyber command-and-control structure. In this instance, it would be up to State B to determine whether State A’s activity warranted a military response. In the United States, as we said in the 2015 DoD cyber strategy, cyberattacks and potential responses to them “are assessed on a case-by-case and fact-specific basis by the President and the U.S. national security team.” Just as importantly, when the United States has responded to a cyber attack, the government has tried to explain its rationale for response, whether that response is indictments or sanctions or kinetic operations. Explanations can help to affirm the law of armed conflict, establish rules of the road, and set a course for the future.
A cyberattack amid a wider conflict draws an immediate kinetic retaliation. This is similar to the case of Israel and Hamas. There are a range of international disputes that could trigger conflict in cyberspace or kinetically. Imagine a crippling hack in India (or Pakistan) that leads the country’s military to bomb its adversary’s cyberspace command centers. The responding state would have to explain how and why it made the choice that it did.
An authoritarian government uses kinetic attacks to suppress domestic protestors. As we mark the 30th anniversary of the deadly crackdown in Tiananmen Square, imagine a group of dissident Chinese hackers who launch a cyberattack in a bid to weaken China’s state control of the internet — and the government’s likely response. This scenario is by no means unique to China; a narrative of online resistance and kinetic response could play out in a range of authoritarian states.
In some instances, states may be justified in deploying kinetic options against cyberattackers. In others, they may not. For any government that hopes to maintain political legitimacy during an internal or external conflict, it is up to its officials to explain their strategic choices to the public and to situate the operation within appropriate legal norms. Public statements will help countries to develop a language of restraint and proportionality in the evolving landscape of war.