The US could launch pre-emptive cyber strikes against countries it suspects of threatening its interests with a digital attack, under a new set of secret guidelines to safeguard the nation’s computer systems.
The rules – the country’s first on how it defends or retaliates against digital attacks – are expected to be approved in coming weeks, and are likely to be kept under wraps, much like the policies governing the country’s controversial drone programme.
A secret legal review into the new guidelines has already decided that President Barack Obama has the power to order such pre-emptive strikes if faced with credible evidence of a looming attack, according to the New York Times, which quoted unnamed officials involved in the review.
The revelations come just days after an array of American media organisations, including the New York Times and The Washington Post, said their computer networks had been infiltrated by Chinese hackers. The risk of digital attacks was also underlined by a recent US Department of Homeland Security (DHS) report which revealed that a computer virus had forced an unidentified US power plant to go offline for three days last year.
The US, meanwhile, is known to have conducted cyber attacks of its own, with President Obama reported to have approved a wave of assaults against Iran during his first term. The programme, code-named “Olympic Games”, targeted Iranian nuclear facilities with malicious computer worms. It began under President George W Bush, but Mr Obama is believed to have ordered an acceleration of the digital attacks when he took office. The details only came to light when the Stuxnet worm – believed to have been developed by the US and Israel – surfaced on the internet. Last month, the Iranian government officially denied it had any hand in a recent string of cyber attacks on US financial institutions.
Inside the Obama administration, John Brennan, the President’s counterterrorism chief during his first term and now his nominee to head the Central Intelligence Agency (CIA), has reportedly been a key player in crafting policies governing the drone programme and the new area of cyber warfare.
And while the American military faces deep budgets cuts, the Pentagon recently approved a major expansion of its so-called “Cyber Command”. Currently around 900-strong, the country’s cybersecurity force will swell to some 4,900 troops in the next few years, according to The Washington Post.
Given the capability of digital weapons, few decisions are likely to be taken without the nod of the President himself.
“There are very, very few instances in cyberoperations in which the decision will be made at a level below the president,” an official told the New York Times.
But concerns are already growing about the lack of transparency in the way the administration is tooling up for war in the digital world. “What concerns us is not the growth of forces but the way it is happening behind the scenes,” said a Washington Post editorial published at the weekend.