The U.S. and Iran may have walked back from the brink of war, but the potential for a cyber battl…

The U.S. and Iran may have walked back from the brink of war, but the potential for a cyber battle looms with no clear rules of engagement.
Lawmakers and military officials say theres no agreed-upon definition of what constitutes cyber warfare, leaving them to operate on a case-by-case basis on how best to respond to individual incidents.
We’ve never really gone down the route to define what constitutes an act of war when it comes to cyberattacks, Sen. Ron JohnsonRonald (Ron) Harold JohnsonSenators set for briefing on cyber threats from IranGOP lawmaker shares fake image of Obama meeting with Iran’s RouhaniElection security, ransomware dominate cyber concerns for 2020MORE (R-Wis.), chairman of the Senate Homeland Security Committee, told The Hill last week.
Sen. Gary PetersGary Charles PetersThe Hill’s Campaign Report: Deadline day for Dems to make January debatePoll: Gary Peters holds slim lead over GOP challenger John James in MichiganThe 5 most vulnerable senators in 2020MORE (Mich.), the top Democrat on the committee, told reporters its an issue that needs some further attention, and one that isnt going away anytime soon.
Were likely to see this not just with Iran, but in the future you are going to see cyber as one of the main domains of warfare going forward, Peters said. So its important to try to get our arms around how we would define it.
While Iran has been considered a major cyber adversary, joining the ranks of Russia, China and North Korea, its threat level spiked this month after President TrumpDonald John TrumpUS troops knew about attack on al-Asad airbase, were able to take shelter: reportDemocrats expand ground game to woo Latinos in NevadaTrump tweets message of support to Iranian protesters: ‘Your courage is inspiring’MORE ordered a drone strike that killed Iranian Gen. Qassem Soleimani.
The Department of Homeland Security (DHS) and FBI subsequently issued a bulletin to law enforcement and briefed lawmakers of the threat of retaliation. The Cybersecurity and Infrastructure Security Agency at DHS issued a separate notification warning of Iranian cyber threats.
But what kind of cyber aggression might spark a return to hostilities remains unclear.
Sen. Richard Blumenthal (D-Conn.), a member of the Senate Armed Services Committee, told The Hill that the Pentagon should be responsible for defining what level of cyberattack constitutes going to war with a nation state.
I think the question of what is an act of war in the cyber domain is a serious policy question that needs to be addressed, and Congress so far has failed to address it, Blumenthal said. Its really the Department of Defense that should be providing guidance. Congress should certainly be overseeing the question and addressing it, but we have pressed the Department of Defense to come to us with a proposal on it.
The Pentagon in 2018 elevated U.S. Cyber Command to whats known as combatant command, the same year it released its cyber strategy.
A key priority of that strategy is defending critical infrastructure against debilitating cyberattacks, the type of attack that Johnson said would constitute a red line, despite the lack of consensus around what defines cyber warfare.
When you start getting into control systems, electrical systems, other critical infrastructure, you start attacking our financial system to me those certainly would qualify, or certainly should be considered, as something we would require a pretty robust response, Johnson said.
Sen. Angus KingAngus KingDemocrats brace for round two of impeachment witness fightThe Hill’s Morning Report – Deescalation: US-Iran conflict easesSenators set for briefing on cyber threats from IranMORE (I-Maine), co-chair of a commission tasked with making recommendations for defending the U.S. government in cyberspace, said Iran poses a serious risk of launching a cyberattack.
It’s a serious risk because I think they have the capability and we haven’tdefined what we would consider an attack that would trigger a response, King told The Hill. I think that’s one of the problems with our policy.
On the other side of the Capitol, Rep. Cedric RichmondCedric Levon RichmondElection security, ransomware dominate cyber concerns for 2020Trump nominates DHS senior cyber director Republicans knock Dem after video appears to show him watching golf at impeachment hearingMORE (D-La.), the chairman of the House Homeland Security Committees cybersecurity subcommittee, told The Hill that he and full committee Chairman Bennie ThompsonBennie Gordon ThompsonHouse Dems demand answers regarding holding of Iranian-Americans at borderAdvocates ask DOJ to investigate Mississippi prisons after five inmates die within 10 daysUS officials, lawmakers warn of potential Iranian cyberattacksMORE (D-Miss.) would get together and figure out whether legislation around defining an act of cyber warfare was needed.
The committee will address Iranian threat concerns this week when members hold a hearing on the homeland security implications of tensions between Washington and Tehran.
The U.S. intelligence community has long been aware of Irans ability to target the U.S. through cyberattacks. The most recent Worldwide Threats Report, compiled by former Director of National Intelligence Daniel Coats, said Iran is capable of causing localized, temporary disruptive effects such as disrupting a large companys corporate networks for days to weeks.
The threat is generally at a persistent level and spikes at various times, said Annie Fixler, deputy director of the Center on Cyber and Technology Innovation for the Foundation for Defense of Democracies, a Washington-based think tank known for its hawkish views on Iran.
Fixler said the issue of what type of cyberattack would push the U.S. into war was the million dollar question.
The Pentagon has always said that they reserve the right to respond to cyberattacks with kinetic force and have traditionally said significant cyberattacks and the key is what constitutes significant cyberattacks, Fixler said. Given what weve seen so far from malicious cyber actors, it would be an attack on critical infrastructure that causes significant damage.
Iran is likely to focus more of its cyberattacks against U.S. companies that would have a ripple effect on the government or military, providing a certain level of cover that the attack wasnt directly targeting the government.
Iran could have an outsize impact by undermining these private sector companies, Fixler said. So that is a very potent threat.
Tom Kellermann, who served on a presidential cybersecurity commission during the Obama administration, told The Hill last week that he saw an act of war in the cyber domain that the federal government would have to respond to as those on the transportation sector, such as trains and airplanes, and on the chemical, pharmaceutical, and energy sectors.
Kellermann, who now serves as chief cybersecurity officer for cyber group VMware Carbon Black, cited examples of an attack on air traffic control systems causing loss of life, or hackers disrupting financial markets on Wall Street.
Congress must view cyber as a patriotic imperative, Kellermann said. It cannot not be ignored merely because it is invisible as the physical world has converged with cyberspace.