Pentagon Considers Nuclear Retaliation To Big Cyber Attacks

According to the draft for the Pentagon’s 2018 Nuclear Posture Review, the US would consider using nuclear weapons to respond to non-nuclear attacks.

While the Pentagon’s proposed policy change suggests the US should “only consider the use of nuclear weapons in extreme circumstances to defend the vital interests of the United States or its allies and partners,” large cyber-attacks are considered “extreme circumstances.”

After reviewing threats posed by Russia, China, North Korea and Iran, the document reads:

'The United States would only consider the use of nuclear weapons in extreme circumstances to defend the vital interests of the United States, its allies, and partners. Extreme circumstance could include significant non-nuclear strategic attacks. Significant non-nuclear strategic attacks include, but are not limited to, attacks on the US, allied, or partner civilian population or infrastructure, and attacks on US or allied nuclear forces, their command and control, or warning and attack assessment capabilities.'

Notice that “cyber-attack” is not specifically mentioned, but officials who asked to remain anonymous told The New York Times that “large cyber-attacks” could warrant a nuclear response.

Three current and former senior government officials said large cyber-attacks against the United States and its interests would be included in the kinds of foreign aggression that could justify a nuclear response — though they stressed there would be other, more conventional options for retaliation.

The NPR draft acknowledged that Russia has a “new intercontinental, nuclear-armed, undersea autonomous torpedo” and is “developing and deploying new nuclear warheads and launchers.” Russia, the document claims, believes that limited nuclear first use of low-yield weapons would give it an advantage. “Correcting this mistaken Russian perception is a strategic imperative,” it says.

Therefore, the US should develop smaller nukes, new “low-yield” nuclear weapons, which would “enhance deterrence.” One new nuke would be a cruise missile fired from submarines and another a “low-yield” warhead for ballistic missiles from subs.
The US doesn't need more Nukes

But Alexandra Bell, a former senior adviser at the State Department and current senior policy director at the Center for Arms Control and Non-Proliferation, told the Huffington Post, the US already has “4,000 nuclear weapons in our active stockpile, which is more than enough to destroy the world many times over. “So I don’t think it makes a convincing case that we somehow lack capabilities. And, in fact, I don’t think you can make the case that this president needs any more capabilities.”
Two weeks ago, President Donald Trump was bragging about having a “much bigger” and “more powerful” nuclear button that North Korean leader Kim Jong Un.

During the Cold War, nukes guaranteed mutually assured destruction. That same mutual assured destruction has been applied to large-scale cyberwar, knock out our power grid, and we will knock out yours type thing. 

It remains to be seen if the threat of nuking a country for pulling off large cyber-attacks would serve as a deterrent or be the start of doomsday. “Almost everything about this radical new policy will blur the line between nuclear and conventional,” Andrew C. Weber, an assistant defense secretary during the Obama administration, told The New York Times. If the draft is adopted as is, the new policy “will make nuclear war a lot more likely.”

The draft, called “pre-decisional” by the Pentagon, is currently being reviewed by the White House. The final version is expected to be released in February.

CSO Online

You Migh Also Read: 

World Economic Leaders Fear Increasing Cyber Attacks:

Army Chief Urges  UK To Increase Cyber Defence & Attack Capabilities:

2018 Predictions: Full-Scale Cyber War:

 

 

« World Economic Leaders Fear Increasing Cyber Attacks
Employees Are Key To Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Hackinsure

Hackinsure

Front Row Insurance’s Hackinsure provides protection against online hazards including Cyber Liability, Theft & Fraud, Business Interruption, Extortion & Ransomware, Forensic Investigation.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.