U.S. eyes preemptive cyber-defense strategy

By Ellen Nakashima
Washington Post Staff Writer
Sunday, August 29, 2010

The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary's computer network overseas - but it is still wrestling with how to pursue the strategy legally.

The department is developing a range of weapons capabilities, including tools that would allow "attack and exploitation of adversary information systems" and that can "deceive, deny, disrupt, degrade and destroy" information and information systems, according to Defense Department budget documents.

But officials are reluctant to use the tools until questions of international law and technical feasibility are resolved, and that has proved to be a major challenge for policymakers. Government lawyers and some officials question whether the Pentagon could take such action without violating international law or other countries' sovereignty.

Some officials and experts say they doubt the technology exists to use such capabilities effectively, and they question the need for such measures when, they say, traditional defensive steps such as updating firewalls, protecting computer ports and changing passwords are not always taken.

Still, the deployment of such hardware and software would be the next logical step in a cyber strategy outlined last week by Deputy Secretary of Defense William J. Lynn III. The strategy turns on the "active defense" of military computer systems, what he called a "fundamental shift in the U.S. approach to network defense."

Though officials have not clearly defined the term and no consensus exists on what it means, Lynn has said the approach includes "reaching out" to block malicious software "before they arrive at the door" of military networks. Blocking bad code at the border of its networks is considered to be within the Pentagon's authority.

On the other hand, destroying it in an adversary's network in another country may cross a line, and officials are trying to articulate a clear policy for such preemptive cyber activity.

"We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us," Gen. Keith Alexander, the head of the Pentagon's new Cyber Command, told an audience in Tampa this month.

The command - made up of 1,000 elite military hackers and spies under one four-star general - is the linchpin of the Pentagon's new strategy and is slated to become fully operational Oct. 1.

Military officials have declared that cyberspace is the fifth domain - along with land, air, sea and space - and is crucial to battlefield success.

"We need to be able to protect our networks," Lynn said in a May interview. "And we need to be able to retain our freedom of movement on the worldwide networks."

Another senior defense official said, "I think we understand that in order for us to ensure integrity within the military networks, we've got to be able to reach out as far as we can - once we know where the threat is coming from - and try to eliminate that threat where we can."

CONTINUED     1        >

© 2010 The Washington Post Company