Pentagon Considers Nuclear Retaliation To Big Cyber Attacks

According to the draft for the Pentagon’s 2018 Nuclear Posture Review, the US would consider using nuclear weapons to respond to non-nuclear attacks.

While the Pentagon’s proposed policy change suggests the US should “only consider the use of nuclear weapons in extreme circumstances to defend the vital interests of the United States or its allies and partners,” large cyber-attacks are considered “extreme circumstances.”

After reviewing threats posed by Russia, China, North Korea and Iran, the document reads:

'The United States would only consider the use of nuclear weapons in extreme circumstances to defend the vital interests of the United States, its allies, and partners. Extreme circumstance could include significant non-nuclear strategic attacks. Significant non-nuclear strategic attacks include, but are not limited to, attacks on the US, allied, or partner civilian population or infrastructure, and attacks on US or allied nuclear forces, their command and control, or warning and attack assessment capabilities.'

Notice that “cyber-attack” is not specifically mentioned, but officials who asked to remain anonymous told The New York Times that “large cyber-attacks” could warrant a nuclear response.

Three current and former senior government officials said large cyber-attacks against the United States and its interests would be included in the kinds of foreign aggression that could justify a nuclear response — though they stressed there would be other, more conventional options for retaliation.

The NPR draft acknowledged that Russia has a “new intercontinental, nuclear-armed, undersea autonomous torpedo” and is “developing and deploying new nuclear warheads and launchers.” Russia, the document claims, believes that limited nuclear first use of low-yield weapons would give it an advantage. “Correcting this mistaken Russian perception is a strategic imperative,” it says.

Therefore, the US should develop smaller nukes, new “low-yield” nuclear weapons, which would “enhance deterrence.” One new nuke would be a cruise missile fired from submarines and another a “low-yield” warhead for ballistic missiles from subs.
The US doesn't need more Nukes

But Alexandra Bell, a former senior adviser at the State Department and current senior policy director at the Center for Arms Control and Non-Proliferation, told the Huffington Post, the US already has “4,000 nuclear weapons in our active stockpile, which is more than enough to destroy the world many times over. “So I don’t think it makes a convincing case that we somehow lack capabilities. And, in fact, I don’t think you can make the case that this president needs any more capabilities.”
Two weeks ago, President Donald Trump was bragging about having a “much bigger” and “more powerful” nuclear button that North Korean leader Kim Jong Un.

During the Cold War, nukes guaranteed mutually assured destruction. That same mutual assured destruction has been applied to large-scale cyberwar, knock out our power grid, and we will knock out yours type thing. 

It remains to be seen if the threat of nuking a country for pulling off large cyber-attacks would serve as a deterrent or be the start of doomsday. “Almost everything about this radical new policy will blur the line between nuclear and conventional,” Andrew C. Weber, an assistant defense secretary during the Obama administration, told The New York Times. If the draft is adopted as is, the new policy “will make nuclear war a lot more likely.”

The draft, called “pre-decisional” by the Pentagon, is currently being reviewed by the White House. The final version is expected to be released in February.

CSO Online

You Migh Also Read: 

World Economic Leaders Fear Increasing Cyber Attacks:

Army Chief Urges  UK To Increase Cyber Defence & Attack Capabilities:

2018 Predictions: Full-Scale Cyber War:

 

 

« World Economic Leaders Fear Increasing Cyber Attacks
Employees Are Key To Cybersecurity »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

NPCore

NPCore

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.

Cyberdise

Cyberdise

Cyberdise is an AI-driven cybersecurity awareness solution designed for companies with complex security requirements.

Culminate

Culminate

Adopt AI with confidence in your SOC. Utilize human-AI teaming to conduct your investigations with unmatched accuracy and speed.