A recently published story from the New York Times reports a “secret legal review” has been conducted on the use of cyber warfare by the United States. It concluded President Barack Obama has “the broad power to order a preemptive strike if the United States detects credible evidence of a major digital attack looming from abroad.”

Unnamed officials involved in the review inform that the administration is moving in the coming weeks to “approve the nation’s first rules for how the military can defend, or retaliate, against a major cyber attack.” These rules, according to David Sanger and Thom Shanker, will “govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States.” If the president approves a strike, the government will be able to “attack adversaries by injecting them with destructive code — even if there is no declared war.”

It further adds, “The Pentagon would not be involved in defending against ordinary cyberattacks on American companies or individuals, even though it has the largest array of cybertools. Domestically, that responsibility falls to the Department of Homeland Security, and investigations of cyberattacks or theft are carried out by the FBI.”

The Times story points out the rules—like the rules “governing drone strikes”—are highly classified and will be kept secret. The officials from the administration providing details spoke “on condition of anonymity because they were not authorized to talk on the record.” They selectively leaked a scant amount of details on evolving cyber warfare policy to allay concerns about this power the administration is claiming.

One official claimed the US had been “restrained in its use of cyberweapons” and said, “There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done.” A “senior American official” said cyberweapons were as powerful as nuclear weapons and “should be unleashed only on the direct orders of the commander in chief.” The official added the decision to launch cyber operations will rarely be made by someone at a level “below the president,” which means “‘automatic’ retaliation if a cyber attack on America’s infrastructure is detected” has reportedly been “ruled out.”

The story suggests the Obama administration had their best and brightest minds think about preemptive attack and the ramifications of launching such strikes on a country. “One senior official” said a country could “claim it was innocent” and undermine the “justification for the attack” because it would be “very hard to provide evidence to the world that you hit some deadly dangerous computer code.” They also thought through “‘what constitutes reasonable and proportionate force’ in halting or retaliating against a cyber attack,” according to another official.

The leaking of details on the “secret legal review” comes just over a week after the Washington Post reported the FBI was engaging in a fishing expedition for journalistic communications as part of an investigation into the sources of leaks on Stuxnet or Olympic Games, the cyber warfare against Iranian nuclear enrichment facilities that was launched by Obama (which Sanger published details on in a major story in June of last year and also described in detail in his book, Confront & Conceal).

It is a bit appalling that officials are speaking without authorization when it is known the FBI has spent the past six or seven months prying into the communications of government employees, who were sources for the Times story. (more…)