Peacetime Use of Computer Network Attack   [open pdf - 1MB]

Published in May 1998, Presidential Decision Directive 63 (PDD-63), The Critical Infrastructure Protection Directive, calls for a national effort to protect America's increasingly vulnerable and interconnected information infrastructures. Such infrastructure includes telecommunications, banking and finance, energy, transportation, and essential government services. PDD-63 alerts the nation to prepare for impending cyber attacks. This paper examines the nature, scale, and likelihood of cyber attacks posited in PDD-63 and finds that the country does not face an imminent "electronic Pearl Harbor". Nonetheless, the country's information infrastructure is vulnerable to cyber attacks by a plethora of adversaries. The most dangerous threat is from state- sponsored cyber-warriors. In view of this real and growing threat, the prescriptions in PDD-63 for protecting the infrastructure are inadequate. This paper concludes that the defensively oriented policy measures in PDD-63 are insufficient for protecting the infrastructure. These measures are not working now, and because they are entirely reactive by nature, they will not deter future attacks by state-sponsored cyber-warriors. With the potential for severe disruptions to the infrastructure so great, this paper argues that the United States must conduct open, offensive Computer Network Attacks against state- sponsored cyber-warriors during peacetime. Only then will the country be able to stop these adversaries and adequately protect its infrastructure.

Public Domain
Media Type:
Help with citations