Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy.Cyberattacks-actions intended to damage adversary computer systems or networks-can be used for a variety of military purposes. But they also have application to certain missions of the intelligence community, such as covert action. They may be useful for certain domestic law enforcement purposes, and some analysts believe that they might be useful for certain private sector entities who are themselves under cyberattack. This report considers all of these applications from an integrated perspective that ties together technology, policy, legal, and ethical issues.Focusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores important characteristics of cyberattack. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights. Of special interest to the military, intelligence, law enforcement, and homeland security communities, this report is also an essential point of departure for nongovernmental researchers interested in this rarely discussed topic.Table of ContentsFront MatterSynopsis1 Overview, Findings, and RecommendationsPart I: Framing and Basic Technology2 Technical and Operational Considerations in Cyberattack andCyberexploitationPart II: Mission and Institutional Perspectives3 A Military Perspective on Cyberattack4 An Intelligence Community Perspective on Cyberattack andCyberexploitation5 Perspectives on Cyberattack Outside National Security6 Decision Making and OversightPart III: Intellectual Tools for Understanding and Thinking AboutCyberattack7 Legal and Ethical Perspectives on Cyberattack8 Insights from Related Areas9 Speculations on the Dynamics of Cyberconflict10 Alternative FuturesAppendixesAppendix A: Biographies of Committee Members and StaffAppendix B: Meeting Participants and Other ContributorsAppendix C: Illustrative Criminal CyberattacksAppendix D: Views on the Use of Force in CyberspaceAppendix E: Technical Vulnerabilities Targeted by Cyber OffensiveActions