The USA goes nuclear: how should the security community react?
The USA goes nuclear: how should the security community react?

A recent leaked document from the Pentagon discloses plans for the US to use nuclear weapons as an appropriate reaction to cyber-attacks.

The draft entitled the Nuclear Posture Review, first published in The Huffington Post, reveals a fresh and drastic look at the USA's nuclear strategy in “extreme circumstances”. It tells us that America “must look reality in the eye and see the world as it is, not as we wish it to be.”

The latest innovations allow nation states to predict where cyber-attacks could occur, with critical government infrastructure, power stations and mobile phone networks all at high risk of attack. The document suggests that the threat of cyber-attack is imminent, echoing the recent warnings of NCSC chief Ciaran Martin here in the UK.

While alarm bells might be sounding in the mind of many an IT professional (and every other citoyen du monde), terms seen in the review have been seen by some as a “realistic response” to the risk.

But sirens are right to ring out.

Nuclear response in relation to online actions is a very thorny issue; it requires assessment of all possible angles and outcomes. Sometimes US legislation can be put in place by people who are not fully educated in cyber-security, which could be incredibly dangerous for the state of the planet.

In a time of so many threats and the almost constant reports of terrorism from every corner of the globe, it is perhaps right that the US – along with many other countries – is in a perpetual state of vigilance, prepared to retaliate in the most forceful way imaginable. However the issue arises in the case of home-grown terrorism, where would officials drop the bomb?

The attribution of a cyber-attack is a key question in this debate. It is extremely difficult to pinpoint the source of a tech invasion, as complex coding techniques mean users are able to retain online anonymity. At Secarma we see this kind of thing in action every day as we support our clients.

An attack may be launched by a country or organisation based on false location information or fortified encryption, leading to an incorrect target. This kind of extreme reaction could well be a consideration in future, as technology develops and we are able to gain further accuracy with our location programmes, however it would not be possible to implement the required level of precision at this moment in time.

Not only is a nuclear move in 2018 uneducated, it is also reckless.

With the legislation draft under review, it is possible that other countries – including Russia, North Korea, Iran and China – could demand parity if it is given the green light. While Russia has not had the same military power as the US in recent years, they are investing key funds in cyber-training, amplifying the risk of potential attack.

The Nuclear Posture Review could quickly gain support within America thanks to a climate of fear. As with any government trying to protect its country, certain rhetoric is used to rile the masses and gain crucial backing. Powerful speeches alongside the promise of impending doom could be used by US government officials, inciting hackers to resort to illegal measures and produce their own cyber-attacks on nominated countries. With the threat of nuclear weapons hanging over a country, certain organisations and individuals are likely to undertake extreme plans to act first and counter the threat of attack.

This proposed legislation may create a dangerous and fearful atmosphere, and must be investigated thoroughly to ensure long-term safety. More thorough communication and debate is certainly needed between IT experts and government officials if we are to guarantee the wellbeing, health and protection of millions of people.

Contributed by Paul Harris, Managing Director, Secarma

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.