Have you heard of the “pre-emptive cyber strike” doctrine?
I view “preemptive cyber strike” as the digital counterpart to the Bush-era pre-emptive strike doctrine expressed in a national security policy document in September 2002. This policy was used to “justify” U.S. actions in Afghanistan and Iraq:
To forestall or prevent such hostile acts by our adversaries, the United States will, if necessary, act preemptively in exercising our inherent right of self-defense. The United States will not resort to force in all cases to preempt emerging threats. Our preference is that nonmilitary actions succeed. And no country should ever use preemption as a pretext for aggression.
While contemplating the implications of preemptive cyber strike for critical infrastructure, I had this novel idea for a NERC CIP-005 R2-“compliant” appropriate use banner:
// THIS SYSTEM IS PROPERTY OF U.S. POWER CORP.
// KEEP ABERRANT OR UNAUTHORIZED ONES AND ZEROS
// AWAY FROM OUR ELECTRIC GRIDS.
// WE HAVE AT OUR DISPOSAL A FLEET OF CXPST CANNONS
// PREPARED TO REDUCE THE INTERNET CONNECTIVITY
// OF YOUR ENTIRE COUNTRY TO ZERO.
// UNSOLICITED 0x0564 IS AN ACT OF WAR.