Last year, for instance, U.S. intelligence officials learned of plans by an al-Qaeda affiliate to publish an online jihadist magazine in English called Inspire, according to numerous current and senior U.S. officials. And to some of those skilled in the emerging new world of cyber-warfare, Inspire seemed a natural target.
The head of the newly formed U.S. Cyber Command, Gen. Keith Alexander, argued that blocking the magazine was a legitimate counterterrorism target and would help protect U.S. troops overseas. But the CIA pushed back, arguing that it would expose sources and methods and disrupt an important source of intelligence. The proposal also rekindled a long-standing interagency struggle over whether disrupting a terrorist Web site overseas was a traditional military activity or a covert activity — and hence the prerogative of the CIA.
The CIA won out, and the proposal was rejected. But as the debate was underway within the U.S. government, British government cyber-warriors were moving forward with a plan.
When Inspire launched on June 30, the magazine’s cover may have promised an “exclusive interview” with Sheik Abu Basir al-Wahishi, a former aide to Osama bin Laden, and instructions on how to “Make a Bomb in the Kitchen of Your Mom.” But pages 4 through 67 of the otherwise slick magazine, including the bomb-making instructions, were garbled as a result of the British cyber-attack.
It took almost two weeks for al-Qaeda in the Arabian Peninsula to post a corrected version, said Evan Kohlmann, senior partner at Flashpoint Global Partners, which tracks jihadi Web sites.
The episode reflected how offensive cyber-operations are marked by persistent disagreement over who should take action and under what conditions. The new list of approved cyber-weapons will not settle those disputes but should make the debate easier to conduct, the senior military official said.
Some lawmakers also are proposing statutory language that would affirm that the defense secretary has the authority “to carry out a clandestine operation in cyberspace” under certain conditions. The operation must be in support of a military operation pursuant to Congress’s 2001 authorization to the president to use all necessary and appropriate force against those who committed the Sept. 11, 2001, terrorist attacks.
House Armed Services Committee Vice Chairman Mac Thornberry (R-Tex.), who drafted the language as part of the House-adopted 2012 defense authorization bill, said he was motivated by hearing from commanders in Iraq and Afghanistan frustrated by an inability to protect their forces against attacks they thought were enabled by adversaries spreading information online.
“I have had colonels come back to me and talk about how they thought they could do a better job of protecting their troops if they could deal with a particular Web site,” he said. “Yet because it was cyber, it was all new unexplored territory that got into lots of lawyers from lots of agencies being involved.”
Thornberry’s provision would establish that computer attacks to deny terrorists the use of the Internet to communicate and plan attacks from throughout the world are a “clandestine” and “traditional military” activity, according to text accompanying the proposed statute.
But the White House issued a policy statement last week that it had concerns with the cyber-provision. It declined to elaborate.
Thornberry said some Pentagon lawyers thought the proposed statutory language could go further. “But my view on cyber is we need to take it a step at a time,” he said.