Deliberate cyber-attacks by any foreign nation on vital computer networks in the United States may be considered an "act of war" that could be met by a full-blown military response, say officials in Washington.
The stern warning comes as the Pentagon hurries to complete a new policy blueprint on defending US transport, power and defence systems against enemies digitally insinuating themselves, with malicious intent, into the country's cyber-nervous system.
"A response to a cyber-incident or attack on the US would not necessarily be a cyber-response. All appropriate options would be on the table," said Pentagon spokesman Colonel Dave Lapan. A defence official told The Wall Street Journal: "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."
The US Defense Department said that more than 100 foreign intelligence organisations have been trying to break into US networks. Some "already have the capacity to disrupt the country's information infrastructure," Deputy Defense Secretary William Lynn wrote last year in the journal Foreign Affairs.
The review is tied directly to a strategy statement on cyber-security issued by the White House last month. It said the US would "respond to hostile acts in cyberspace as we would to any other threat to our country." It added: "We reserve the right to use all necessary means – diplomatic, informational, military, and economic."
Awareness of the issue has spiked in recent weeks in the US, because of the high-profile problems suffered by Sony Corporation which last month briefly had to close down its PlayStation network after an intrusion by yet-to-be-identified hackers that put at risk the credit card information of about 70 million users.
Last week, public broadcasting body PBS revealed that its widely trusted news web page had been penetrated by hackers who left behind a false news story suggesting the late hip-hop entrepreneur, Tupac Shakur, whose murder in Los Angeles still mystifies detectives, is alive in New Zealand. The hackers said the attack was in retaliation for a PBS documentary that was mainly negative about WikiLeaks.
Then came the revelation a week ago that the computer brains of defence contractor Lockheed Martin had suffered a "tenacious" cyber-attack.
Lockheed said damage has been contained and it is working to restore access to its systems for employees. That Lockheed, which supplies weapons like the F-16 jet fighter to the US military, should be compromised rang alarm bells. But while there may be new urgency in Washington to confront cyber-threats, scepticism will linger over what solutions can be found. In the 1950s, the US could develop a credible nuclear deterrence framework because there would have been no doubt about the origin of incoming warheads. In cyber warfare, identifying the enemy is likely to be far more difficult.
When intruders briefly accessed a cyber network at US Central Command in 2008, the Pentagon scrambled to identify the culprits, though they suspected Russia. Investigators knew only that malicious software was introduced by a mobile flash-drive.
Who introduced the destructive Stuxnet software worm into Iran's nuclear centrifuge facilities last year has never been confirmed, though Tehran accused the US and Israel. At a conference yesterday, Michael Rake, the chief executive of British Telecom, advocated the negotiation of an international 'non-proliferation' treaty to counter a new cyber-arms race between nations.
The Pentagon policy document, parts of which will be made public, will not offer options for retaliation in the event that a cyber-attack comes from groups other than governments. It will make clear, meanwhile, that any move by the US to initiate the sabotage of systems of foreign governments will require prior presidential authorisation.