US may use preemptive cyber strikes: report
A secret legal review has concluded the US president has the power to order preemptive cyber strikes if credible evidence suggests a major digital attack is imminent from abroad, a report said Monday.
The New York Times, citing unnamed officials, said the finding will shape new rules on how military and intelligence agencies can defend US network infrastructure and mine foreign computer systems to detect attacks.
The report comes amid new concern about the power of cyberwarfare, and its potential to take out defense networks, major technological infrastructure, and facilities like power plants or financial systems.
One senior US official quoted by the Times said those behind the review had determined that cyberweapons were so powerful that -- like nuclear weapons -- they should be unleashed only on the direct orders of the commander-in-chief.
The White House would not confirm the details of the report, but President Barack Obama has warned that cyberwarfare is "one of the most serious economic and national security challenges" faced by the United States.
An official said Obama had established principles for governing cyber operations by the US government consistent with the US Constitution and US and international law.
"The United States will act in accordance with its inherent right of self-defense in cyberspace as recognized in international law to prevent the imminent loss of life or significant damage," the official said.
The policy review came as the US Department of Defense approved a five-fold expansion of its cybersecurity force over the coming years in a bid to increase its ability to defend critical computer networks.
The Washington Post has reported that the department's Cyber Command, which currently has a staff of about 900, will expand to about 4,900 troops and civilians.
The seriousness of the threat has been underscored by a string of sabotage attacks, including one in which a virus was used to wipe data from more than 30,000 computers at a Saudi Arabian state oil company last summer.
According to the Times, Obama's top counter-terror official John Brennan, who has been nominated to run the Central Intelligence Agency, played a central role in developing the administration's policies regarding cyberwarfare.
Obama is known to have approved the use of cyberweapons only once, when he ordered an escalating series of cyberattacks against Iran's nuclear enrichment facilities, the Times said.
The attacks on Iran, under the codename of Olympic Games, illustrated that a nation's infrastructure can be destroyed without bombing it or sending in saboteurs, the report said.
Under the new guidelines, the Pentagon would not be involved in defending against ordinary cyberattacks on American companies or individuals, the Times said. That responsibility falls to the Department of Homeland Security.
But the military would become involved in cases of a major cyberattack within the United States, the paper noted.