Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

Legal Hurdles Hold Up 'Cyber War'

WASHINGTON -- During last spring's conflict with Yugoslavia, the Pentagon considered hacking into Serbian computer networks to disrupt military operations and basic civilian services. But it refrained from doing so, according to senior defense officials, because of continuing uncertainties and limitations surrounding the emerging field of cyber warfare.

As computers revolutionize many aspects of life, military officials have stepped up development of cyber weapons and spoken ominously of their potential to change the nature of war. Instead of risking planes to bomb power grids, telephone exchanges or rail lines, for example, Pentagon planners envision soldiers at computer terminals silently invading foreign networks to shut down electrical facilities, interrupt telephone service, crash trains and disrupt financial systems. But such attacks, officials say, pose nettlesome legal, ethical and practical problems.

Midway through the war with Yugoslavia, the Defense Department's top legal office issued guidelines warning that misuse of cyber attacks could subject U.S. authorities to war crimes charges. It advised commanders to apply the same "law of war" principles to computer attack that they do to the use of bombs and missiles. These call for hitting targets that are of military necessity only, minimizing collateral damage and avoiding indiscriminate attacks.

Defense officials said concern about legalities was only one of the reasons U.S. authorities resisted the temptation to, say, raid the bank accounts of Yugoslav President Slobodan Milosevic. Other reasons included the untested or embryonic state of the U.S. cyber arsenal and the rudimentary or decentralized nature of some Yugoslav systems, which officials said did not lend themselves to computer assault.

U.S. forces did target some computers that controlled the Yugoslav air defense system, the officials said. But the attacks were launched from electronic jamming aircraft rather than over computer networks from ground-based U.S. keyboards.

The 50 pages of guidelines, prepared by the Pentagon general counsel's office, were not drafted with the Yugoslav operation specifically in mind. But officials said the document, which has received little publicity, reflected the collective thinking of Defense Department lawyers about cyber warfare and marked the U.S. government's first formal attempt to set legal boundaries for the military's involvement in computer attack operations.

It told commanders to remain wary of targeting institutions that are essentially civilian, such as banking systems and universities, even though cyber weapons might provide the ability to do so.

In wartime, the document advised, computer attacks and other forms of what the military calls "information operations" should be conducted only by members of the armed forces, not civilian agents. It also stated that before launching any cyber assaults, commanders must carefully gauge potential damage beyond the intended target, much as the Pentagon now estimates the number of likely casualties from bomb attacks.

By penetrating computer systems that control communications, transportation, energy and other basic services in a foreign country, cyber weapons can have serious cascading effects, disrupting not only military operations but civilian life, Pentagon officials say.

Defense specialists contend there are large gaps between what the technology promises and what practitioners can deliver. "We certainly have some capabilities, but they aren't what I would call mature ones yet," a high-ranking U.S. military officer said.