"Cyberattack refers to deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks."
So taking out an enemy's command and control with a bomber would be a "cyberattack" by that definition.
"Domestic law enforcement agencies also engage in cyberattack when they jam cell phone networks in order to prevent the detonation of improvised explosive devices."
Yeah. I think they're confusing the goal with the method. That's just bad practice.
"Second, weapons for cyberattack have a number of characteristics that differentiate them from traditional kinetic weapons."
Strangely enough, they missed the part about blowing off limbs. Or not, as the case may be.
"For example, given that any large nation experiences cyberattacks continuously, how will the United States know it is the subject of a cyberattack deliberately launched by an adversary government?"
This is the first hint that you're classifying "vandalism" as "attack".
"For example, a cyberattack could disrupt adversary command, control, and communications; suppress air defenses; degrade smart munitions and platforms; or attack warfighting or warmaking infrastructure (the defense industrial base)."
The same as regular military operations can. And regular military operations do it with better reliability.
And so on and so forth.
This plays like a bad movie. Where the evil enemy is defeated by something as simple as a correctly configured firewall.
BTW: Firewall is first mentioned on page 36. Then again on page 97.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.