Page 2 of 2   <      

Pentagon's Cyber Command seeks authority to expand its battlefield

To counter that, he added, "we need to come up with a more . . . dynamic or active defense."

Alexander has described active defense as "hunting" inside a computer network for malicious software, which some experts say is difficult to do in open networks and would raise privacy concerns if the government were to do it in the private sector.

A senior defense official has described it as the ability to push "out as far as we can" beyond the network perimeter to "where the threat is coming from" in order to eliminate it.

But, the official said, "we need to wait until we get some resolution on just how far we can go with regards to marrying the technology and operational concepts with law and the interagency process."

The sort of threats that Alexander and other officials worry about include the computer worm Stuxnet, which experts say was meant to sabotage industrial systems - though exactly whose system and what type of sabotage was intended is unclear.

NSA experts "have looked at it," Alexander told reporters in September. "They see it as essentially very sophisticated."

Officials have not resolved what constitutes an offensive action or which agency should be responsible for carrying out attacks. The CIA has argued that such action is covert, which is traditionally its turf. Defense officials have argued that offensive operations are the province of the military and are part of its mission to counter terrorism, especially when, as one official put it, "al-Qaeda is everywhere."

"This infuriating business about who's in charge and who gets to call the shots is just making us muscle-bound," said retired Adm. Dennis C. Blair, who resigned in May as the director of national intelligence after a tenure marred by spy agencies' failures to preempt terrorist plots and political missteps that eroded the White House's confidence in him.

Blair decried an "over-legalistic" approach to the issue. "The precedents and the laws on the books are just hopelessly inadequate for the complexity of the global information network," he said.

The Justice Department's Office of Legal Counsel, whose opinions are binding on the executive branch, prepared a draft opinion in the spring that avoided a conclusive determination on whether computer network attacks outside battle zones were covert or not, according to several officials familiar with the matter who were not authorized to speak for the record.

Instead, it said that permission for specific operations would be granted based on whether an operation could be, for instance, guaranteed to take place within an area of hostility. Operations outside a war zone would require the permission of countries whose servers or networks might be implicated.

The real issue, said another U.S. official, is defining the battlefield. "Operations in the cyber-world can't be likened to Yorktown, Iwo Jima or the Inchon landing," he said. "Defining the battlefield too broadly could lead to undesired consequences, so you have to manage the potential risks. Getting to the enemy could mean touching friends along the way."

Senior defense officials are now inclined to "stay conservative" in line with the draft opinion, one senior military official said. He said it is probable that policymakers will have Cyber Command propose specific operations in order to test the boundary lines.

But Alexander, a 58-year-old career intelligence officer, is not conservative by nature. He rose through the Army ranks by pushing to make intelligence available on the front lines . As NSA director during the Iraq war, he developed ways to allow soldiers to read useful data culled almost in real time from insurgents' communications.

Although he told reporters that he would prefer to have Cyber Command's authority clarified rapidly, he also acknowledged that to "race out and get authorities" only to be told, "Stop, stop, stop, you can't do it," makes no sense.

Stewart A. Baker, a former NSA general counsel, said calling cyber-operations, such as dismantling terrorist Web sites, "covert action" incorrectly implies they carry the same risks.

"There are lots of hackers in lots of countries who regularly break into computers, regularly disguise their identities," he said. "No one would think that discovering the U.S. had done that would lead to a scandal comparable to . . . the funding of Nicaraguan contras with secret Iranian arms sales, which are the kind of activities the covert action law was written for."

<       2

© 2010 The Washington Post Company