David Z. Bodenheimer
David Z. Bodenheimer is a partner in the law firm of Crowell & Moring LLP (www.crowell.com) in the Washington, DC, office, where he heads the Homeland Security Practice and specializes in government contracts, litigation, and cybersecurity. He currently co-chairs the ABA Section of Science & Technology Law Homeland Security Committee, as well as the PCL Cybersecurity, Privacy, and Data Protection Committee.
A nuclear processing facility shuts down. Government websites crash. A city goes dark. Is it an accident—or cyber blitzkrieg? After the cyberattacks on Estonia and Georgia in 2007 and 2008 and the Stuxnet penetration of Iran’s Bushehr nuclear power facility in 2010, cyberwar has moved from theory to reality. We know that cyberwarfare has gone mainstream when dozens of countries are mobilizing forces for battle in cyberspace, the Secretary of Defense himself warns of a "digital Pearl Harbor," and the popular press churns out stories on the emerging battlefront.
With the fog of cyberwar comes a torrent of legal issues regarding authentication, intelligence gathering, counterstrike authority, and liability under domestic and international laws. Rather than tackling the broader policy issues applicable to nation-states,1 this article focuses upon what cyberwar may mean for the private sector, including government contractors, caught in the cross fire of cyberbattles and the ensuing legal fallout.
Quite simply, cyberwar is reality. Although some have downplayed cyberwar as mere science fiction, the technology has already been proven, and the risks scare those who know.