The Pentagon’s new Cyber Command is seeking authority to carry out computer network attacks around the globe to protect U.S. interests, drawing objections from administration lawyers uncertain about the legality of offensive operations.
Cyber Command’s chief, Gen. Keith B. Alexander, who also heads the National Security Agency, wants sufficient maneuvering room for his new command to mount what he has called “the full spectrum” of operations in cyberspace.
But current and former officials say that senior policymakers and administration lawyers want to limit the military’s offensive computer operations to war zones such as Afghanistan, in part because the CIA argues that covert operations outside the battle zone are its responsibility and the State Department is concerned about diplomatic backlash.
The effort is fraught because of the unpredictability of some cyber-operations. An action against a target in one country could unintentionally disrupt servers in another, as happened when a cyber-warfare unit under Alexander’s command disabled a jihadist Web site in 2008.
“We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us,” Alexander told a cyber convention in August.
And in testimony to Congress in September, Alexander warned that Cyber Command could not currently defend the country against cyber-attack because it “is not my mission to defend today the entire nation.” If an adversary attacked power grids, he added, a defensive effort would “rely heavily on commercial industry.”
“The issue . . . is what happens when an attacker comes in with an unknown capability,” he said.
To counter that, he added, “we need to come up with a more . . . dynamic or active defense.”
Defense officials have argued that offensive operations are the province of the military and are part of its mission to counter terrorism, especially when, as one official put it, “al-Qaeda is everywhere.”
etired Adm. Dennis C. Blair, who resigned in May as the director of national intelligence
Blair decried an “over-legalistic” approach to the issue. “The precedents and the laws on the books are just hopelessly inadequate for the complexity of the global information network,” he said.