Can a cyber-attack be considered equivalent to a traditional act of war for a country?
The Obama administration is trying to develop policy to sort this issue out and have a rapid response to it that is not over reaching but is as effective as more traditional attack and war responses. Possible responses include economic sanctions, reduced trade and supply chain cutoff measures, U.N National Security sanctions, a counter retaliatory cyber attack or even perhaps a military strike.
Defining exactly what to attack, dependent on the involved parties, may also be a key policy consideration. For instance, if a foreign country defined as a terrorist state by the U.S. set off explosives in a public arena and injured U.S. citizens in what may be considered an act of war (declared or not by the terrorist country), a U.S. military response would be likely But if that act of war were staged against a U.S. company, a large power grid supplier for instance, in the form of a cyber attack, would the U.S. response be different? In another scenario, what would be the response if the attack were against the Pentagon's computer systems?
The U.S. Pentagon is reportedly trying to create these formal strategies, and the Obama administration the appropriate policies, to address these form of adverse actions by parties opposing the U.S. At the heart of the issue is essentially: can a cyber attack from a foreign nation can be considered an act of war, and should that result in a U.S. military response? If traditional war situation and policies apply the Pentagon may declare that any computer attack that threatens the U.S. civilian population or major environmental disruption would be treated as an act of war. This would include those acts that attack power grids, emergency responder networks, medical facilities, water dams, or even oil supply. Yet another could be actions that disrupt communication systems themselves such as cell phone and data networks.
What is likely at the early stage of a Pentagon policy and response plan is that a first level of policies may be developed that establishes the definition of a cyber attack in terms of determining whether it is an act of aggression against the country or a business-oriented attack for competitive purposes, as the attack performed by a government or by hackers from the population.
A logical policy that would follow could be assessing what types of measured responses are appropriate. For instance, it would be within a normal response to bomb a terrorist camp if that group had detonated explosives in a U.S. city. But would the U.S. bomb China if a cyber attack against a U.S. company originated from there?
In traditional war settings of the past, these issues were much more clearly defined. An act of war was declared by a country and the Pentagon could readily define where that act was coming from. But definition is now often a blur as acts from terrorist groups, non-state sponsored strikes, and the use of technology has made confirmation difficult at best. Corporate sophistication in technology has also heightened in terms of competitive measures taken against each other through the use of bloggers, social media sites that attempt to control the content of discussion about their company or issue off the record statements about others. Many companies work under the radar in numerous ways just to fend off rumors about them made available on the web by bloggers.
Attack on Google (NASDAQ:GOOG)
One notable cyber attack against Google in 2010 was found to have originated in China but never confirmed to be state sponsored or the work of private hackers. Since disrupting Google would seriously affect U.S and world commerce, could the U.S. government have considered that to be an act of war? Note that recent cyber attacks have also targeted defense contractor Lockheed Martin (NYSE:LMT) and another Sony Corp. (NYSE:SNE).
Considering the Obama Administration's careful diplomatic approach to foreign matters, it would seem far-fetched that a traditional military response would be the response to a cyber attack against the U.S government, citizens, or corporate entity. But a "heavy stick" of rigid and strong policies could surface nonetheless for cyber attacks.
Two weeks ago, the administration‘s approach called for international cooperation on halting potential attacks, improving computer security, in addition to possibly neutralizing cyber attacks.
White House Attack
In the past seven days, White House employees and senior administration officials were the target of "phishing'' attacks on hundreds of users of their Gmail service. Apparently the attack originated in China by hackers looking for administration business data in the personal Gmail accounts of officials. The Obama administration reiterated Thursday that no official messages were compromised. An FBI and Homeland Security investigation is underway with Google participating. The Obama administration isn't going to raise the matter with the Chinese government until the facts about the attack become more clear, according to government officials. The Chinese government has denied any involvement in hacking of U.S. officials' emails.
A cyber attack strategy and policy could be a boon for some U.S. firms as federal agencies such as the National Security Agency, the Central Intelligence Agency and the Department of Homeland Security are developing cyber-warfare plans and responses. Billions of dollars are expected to be allocated to the effort, and private concerns with specific expertise likely will be retained to contribute.
Who do the Cyber attacks benefit?
The majority of big names in military contractors are working on cyber-warfare products and services with the likes of Northrop Grumman (NYSE:NOC), General Dynamics (NYSE:GD), Lockheed Martin, and Raytheon (NYSE:RTN). All are expected to have major cyber contracts with military and intelligence agencies, with a federal budget of an estimated $10 billion for cyber-warfare systems alone.
Considering the relatively young nature of the problem, a limited number of experts exist in the field. With a focus on preventative measures, blocking attacks initially, and subsequently designing countermeasures, experts are ramping up their skills sets and resources in order to deliver. In some instances, larger concerns have been on an acquisition trail in purchasing smaller firms with expertise.
Long term players in the Pentagon's security units such as Northrop Grumman and General Dynamics, are in an envious position in developing offensive cyber-warfare products and systems. Efforts are often focused on finding vulnerabilities in other countries' mainframe and network systems and subsequently developing software tools to exploit such vulnerabilities or to steal sensitive information or disable the networks. These firms may be companies to watch as the Cyberwar and frequent attacks in the news daily continue:
Companies to watch
General Dynamics Corporation Co. closed at 70.49 on Thursday. Their 52 week range is 55.56 - 78.27, but their bottom line may be improved with considerable new contracts which requires low overhead to produce. They have an estimated market CAP of 26.22 billion. Analysts have an estimated target price of 84.50. Just recently they won a $876 million contract (if all options are executed) with the U.S. Department of Homeland Security to relocate its headquarters. They will be providing a new IT infrastructure and are seen as one of the few firms who have the expertise to execute a project of this scale. General Dynamics may be a good long term opportunity as their basic numbers and performance are positive. Historically, their average P/E ratio has been 13.9, which is greater than the current ratio. Their dividend and yield is 1.88 (2.70%) even in the tough economic times of the past two years. Historically, their dividend percent has outpaced average firms on the S&P 500 and a 5 year historical look indicates that their Net income has grown by 12.4%, all good signs while no guarantee in the current economic climate.
Lockheed Martin Corporation closed at 77.89 on Thursday. Its 52wk range is 67.68 - 82.43 and market cap of 27.05 billion. Analyst's targets are 86.68. Their P/E is 9.66 and dividend and yield is 3.00 (3.90%). Right now, Lockheed is viewed with some skepticism due to the recent attack on their systems, but daily attacks being reported in the news will help their situation memories fade fast.
Northrop Grumman Corporation closed at 63.65 Thursday within a 52wk range of 53.50 - 72.50. A market Cap at 18.63 billion and an analyst's target of 68.06. Northrop Grumman has been shy of controversy and has recently completed milestone – SRR systems requirement review, to design and build a new spacecraft bus to reduce space operations, but they may not be seen as real mover.
Raytheon Company Common Stock closed Thursday at 48.61, within a 52wk range of 42.65 - 53.76 and a analysts estimate of 56.41. Their market cap is 17.31 billion. Its been reported that the firm is six months behind schedule delivering its advanced air-to-air missile to the Air Force and Navy prompting the U.S. House of Representatives defense appropriations subcommittee to reduce by $435 million from a combined $498 million Air Force and Navy procurement request.
Disclosure: I have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.