In cyberspace, it's tough to know who exactly is attacking you and military rules of engagement might make it hard to strike back, said Army Lt. Gen. Keith B. Alexander, the likely first head of the new military Cyber Command.

Testifying before the Senate Armed Services Committee on April 15, Alexander--who now heads the National Security Agency and would add the Cyber Command to his duties if confirmed by the Senate--said military rules of engagement prohibit attacking neutral countries, even if cyber attacks are routed through their servers.

"And therein lies the complication from a neutral country: What do you do to take that second step?" Alexander said.

The problem of attributing the source of an attack has long bedeviled cyberspace operations since attackers can shield their identities and place of origin, although determined analysis can ultimately trace the source of exploits to particular servers. Even knowing the difference between a nation state's attack and mere private hackery can be difficult, Alexander said.

In written responses to senators' questions made before the hearing, Alexander noted that all military operations, even cyber operations, must be conducted according to the laws of armed conflict.

Military thinkers have said elsewhere that attribution would likely have to occur in combination with other signs of overt hostility in the physical world. Alexander said he does not rule out the possibility of a cyber war, but that it would likely occur "as part of a larger military campaign."

During the hearing, senators expressed concern that cyber potential for harm has outstripped policy on how to control cyber operations.

"This policy gap is especially concerning because cyber weapons and cyber attacks potentially can be devastating, approaching weapons of mass destruction in their effects," said Sen. Carl Levin (D-Mich.), the committee chairman.

The military portion of a new policy on coordinating response to cyber attacks with the Homeland Security Department should be complete by the end of this year, Alexander said in response to a question from Levin.

For more:
- read Army Lt. Gen. Alexander's written responses to pre-hearing questions (.pdf)
- check out Sen. Carl Levin's (D-Mich.) prepared opening statement
- see video recording of the April 15 hearing 
- read this American Forces Press Service coverage of the hearing

Related Articles:
Federal cybersecurity staff less confident than bosses about cyber defense
Computer network warfare is an essential military tactic, says Alexander
Report: Chinese hackers penetrated Indian government computers
U.S. electrical grid probed but not yet attacked, says paper