Ellen Nakashima, of the Washington Post, reports in an article dated November 6, 2010, that the "Pentagon's new Cyber Command is seeking authority to carry out computer network attacks around the globe to protect U.S. interests." The move is drawing objections and concerns from administration lawyers who are concerned about the legality of so-called "offensive" cyber operations.
According to the article, these offensive operations could include "shutting down part of an opponent's computer network to preempt a cyber[-]attack against a U.S. target or changing lines of code in an adversary's computer to render malicious software harmless. They are operations that destroy, disrupt or degrade targeted computers or networks."
Others, such as administration lawyers, want to limit the military's offensive computer capabilities to "war zones such as Afghanistan, in part because the CIA argues that covert operations outside the battle zone are its responsibility and the State Department is concerned about diplomatic backlash."
One complication comes from the definition of "offensive action," which in the cyber context, has yet to be fully spelled out. "The CIA has argued that such action is covert, which is traditionally its turf. Defense officials have argued that offensive operations are the province of the military and are part of its mission to counter terrorism, especially when, as one official put it, 'al-Qaeda is everywhere.'"
Also complicating the decision is the increased possibility of unforeseen collateral damage. The unpredictability of cyber-operations could mean that "[a]n action against a target in one country could unintentionally disrupt servers in another, as happened when a cyber-warfare unit under [Gen. Keith Alexander (current Commander, Cyber Command, NSA)] disabled a jihadist Web site in 2008."
According to General Alexander, "'[w]e have to have offensive capabilities, to, in real time, shut down somebody trying to attack us.'" During testimony to Congress in September of this year, General Alexander warned "that Cyber Command could not currently defend the country against cyber-attack because it 'is not my mission to defend today the entire nation.' If an adversary attacked power grids, he added, a defensive effort would 'rely heavily on commercial industry.'"
In response to these concerns, and others, the Pentagon has announced that it will release a national defense cyber-security strategy by year's end.
The full article can be found at the link above, or here.
Leave a Reply