U.S. President Barack Obama has the authority to order either a pre-emptive strike or retaliatory attack against its cyber enemies, according to a secret legal review.
The review was carried out by the government to identify its policy on responding to cyberattacks or the threat of one, officials involved in the review told The New York Times.
The rules, which have been deemed highly classified, lay out the roles of both the military and intelligence agencies in such situations. It is the job of the military to defend or retaliate while it is up to intelligence agency personnel to perform searches of foreign computer networks for indications an attack is imminent on the U.S. With the president’s authorization, intelligence officials can also attack enemies by infusing them with damaging code — even if no war has been declared.
The officials interviewed by The Times said the Pentagon has launched a new Cyber Command and, as the threat of cyberattacks continues to grow, so to will the military’s budget for computer network warfare. The officials, who spoke on the condition of anonymity, said the new cyberpolicies were governed in part by the nation’s counterterrorism policy — especially on the roles the military and the intelligence agencies will play in the use of cyberweapons.
So far, the U.S. is only known to have instigated such an attack once under George W. Bush’s administration. Former president Bush gave the green light for damaging code to be introduced to computers operating nuclear reactors in Iran. The action continued under Obama’s administration as well in partnership with Israel.
One of the sources, a senior administration official, told The Times the U.S. has kept its use of cyberweapons to a minimum.
“There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done,” the official said.
The cyber attack policy, seemingly, has been re-worked out of necessity: the Department of Homeland Security recently made public that an American power station, which it did not name, was crippled for weeks by cyberattacks.
The Alabama Criminal Justice Information Center was also hacked Feb. 3. Although hacker group Anonymous claimed responsibility for the attack, it proves government sites are vulnerable and could be the target of foreign powers such as China which has been implicated in the recent attacks against The New York Times, The Washington Post and The Wall Street Journal as well as several private companies.
Hacker group Anonymous, as part ‘Operation Last Resort,’ posted on the center’s site a list of “login information… credentials, IP addresses, and contact information of American bank executives,” ZDNet reported.
The hackers claimed the credentials of 4,000 U.S. bank executives had been obtained via Federal Reserve computers.