Washington: US military officers have endorsed the principle of pre-emptive cyber-strikes if the US ever faces an imminent and large-scale digital attack, officials said on Monday.
No formal approval has been issued, but the conclusions of the review signal that President Barack Obama’s administration is ready to embrace pre-emptive cyber attacks as part of military doctrine, officials told AFP.
Under the proposed rules, a pre-emptive digital strike would usually require the approval of the President, they added.
Defence officials compared the guidelines with those applied to nuclear weapons, with built-in checks designed to ensure careful deliberation and no action without a clear decision by the commander-in-chief.
“Because of the magnitude of the cyber weapons involved, it really would need to be subject to review from the highest levels,” said a defence official.
The military and top civilian officials examined scenarios for offensive cyber ops while updating “rules of engagement” for the armed forces, adding the digital realm to the standard battle areas of air, land, sea and space.
“They’re trying to normalize cyber as a domain,” the official added.
Under the guidelines, the military would not defend against ordinary digital attacks on US companies or individuals, a task that would be overseen by the Department of Homeland Security.
But the Pentagon would become involved in the case of a threatened large-scale cyber assault against the US, said officials, confirming a New York Times report.
The Pentagon declined to comment publicly on the conclusions of the review but acknowledged the military was studying the rules of cyber warfare.
“There has been a good discussion across the department about appropriate guidance to military commanders on operations in all domains, including cyber,” said spokesman Lieutenant Colonel Damien Pickart.
The “standing rules of engagement” were last revised in 2005, he said.
He said the rules are meant “to provide military commanders, including cyber professionals, clear guidance on what actions to take when faced with threats and attacks.”
Obama has reportedly approved at least one cyber attack, the digital assault on networks used at Iran’s uranium enrichment sites.
The operation, code-named Olympic Games, was revealed in articles and a subsequent book by New York Times reporter David Sanger.
Officials also confirmed that the Pentagon may dramatically expand its newly-created cyber command by increasing the number of troops and civilians to about 4,900 from the current work force of roughly 900.
The troops would be assigned to “national mission forces” safeguarding electrical grids and other vital infrastructure; “combat mission forces” to carry out digital operations around the world; and “cyber protection forces” focused on defending the military’s own computer networks.
US energy department was hacking victim
The US department of energy on Monday confirmed it was the target of a cyber attack in January, which stole employee and contractor data, but said no classified data was compromised.
The agency, in a memo to staff released to AFP by a spokeswoman, said the “cyber incident that occurred in mid-January” targeted the agency’s network and “resulted in the unauthorized disclosure of employee and contractor personally identifiable information.”
The agency, which manages the country’s nuclear energy programs, said it had begun a probe with federal law enforcement.
The news comes after revelations of high-profile cyber-attacks targeting US news media including The New York Times and The Wall Street Journal said to be originating from China.
The energy department made no comment on the source of the attack.
“Based on the findings of this investigation, no classified data was compromised,” the memo said.
It said personal data from “several hundred” employees and contractors may have been affected.
“As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft,” it added.
“Once the full nature and extent of this incident is known, the Department will implement a full remediation plan... The Department is also leading an aggressive effort to reduce the likelihood of these events occurring again.” AFP