Developing a Proportionate Response to a Cyber Incident
September 1, 2015
Protocols for responding to state-sponsored national security threats are unclear for cyberattacks. While assessing the extent of the damage and identifying attack sponsors is especially difficult for cyber incidents, policymakers need to be proactive in determining appropriate response options.
When considering a response to a cyberattack, it is crucial to remember:
- The degree of confidence in assigning responsibility for the cyber incident must be proportional to the action taken.
- Assessment of the attack's impact on the economy, national interests and physical infrastructure are important when determining reactions.
- Responses to a cyberattack do not need to be limited to cyberspace.
Developing a framework with which to respond to cyberattacks allows policymakers to quickly consider solutions and counter with options previously analyzed for merit and possible consequences. International law prevents disproportional reactions meant to deter future attacks by mandating states use only the necessary means to limit the "scale, scope, duration and intensity" of a cyberattack. Identifying in advance an appropriate response could prevent the United States from mistakes that could unintentionally jeopardize political, economic, intelligence, and military interest.
Recent cyberattacks, such as the ones on Sony Pictures Entertainment and the Sands Casino, increase the pressure to retaliate. The United States should lead the international community in timely, proportionate, legal and discriminatory response by establishing protocols for state sponsored cyberattacks.
Source: Tobias Feakin, "Developing a Proportionate Response to a Cyber Incident," Council on Foreign Relations, August, 2015.
Browse more articles on International Issues