Pentagon is debating cyber-attacks
Saturday, November 6, 2010
The Pentagon's new Cyber Command is seeking authority to carry out computer network attacks around the globe to protect U.S. interests, drawing objections from administration lawyers uncertain about the legality of offensive operations.
Cyber Command's chief, Gen. Keith B. Alexander, who also heads the National Security Agency, wants sufficient maneuvering room for his new command to mount what he has called "the full spectrum" of operations in cyberspace.
Offensive actions could include shutting down part of an opponent's computer network to preempt a cyber-attack against a U.S. target or changing a line of code in an adversary's computer to render malicious software harmless. They are operations that destroy, disrupt or degrade targeted computers or networks.
But current and former officials say that senior policymakers and administration lawyers want to limit the military's offensive computer operations to war zones such as Afghanistan, in part because the CIA argues that covert operations outside the battle zone are its responsibility and the State Department is concerned about diplomatic backlash.
The administration debate is part of a larger effort to craft a coherent strategy to guide the government in defending the United States against attacks on computer and information systems that officials say could damage power grids, corrupt financial transactions or disable an Internet provider.
The effort is fraught because of the unpredictability of some cyber-operations. An action against a target in one country could unintentionally disrupt servers in another, as happened when a cyber-warfare unit under Alexander's command disabled a jihadist Web site in 2008. Policymakers are also struggling to delineate Cyber Command's role in defending critical domestic networks in a way that does not violate Americans' privacy.
The policy wrangle predates the Obama administration but was renewed last year as Obama declared cyber-security a matter of national and economic security. The Pentagon has said it will release a national defense cyber-security strategy by year's end.
Cyber Command's mission is to defend military networks at home and abroad and, when requested, to help the Department of Homeland Security protect critical private-sector networks in the United States. It works closely with the NSA, the intelligence agency that conducts electronic eavesdropping on foreign targets, which has its headquarters at Fort Meade on the same floor as NSA Director Alexander's office.
In a speech at the Center for Strategic and International Studies in June, Alexander said that Cyber Command "must recruit, educate, train, invest in and retain a cadre of cyber experts who will be conducting seamlessly interoperability . . . across the full spectrum of network operations."
"We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us," Alexander told a cyber convention in August.
And in testimony to Congress in September, Alexander warned that Cyber Command could not currently defend the country against cyber-attack because it "is not my mission to defend today the entire nation." If an adversary attacked power grids, he added, a defensive effort would "rely heavily on commercial industry."
"The issue . . . is what happens when an attacker comes in with an unknown capability," he said.