A secret review has concluded that US President Obama has the authority to launch a preemptive cyber attack on any country on the basis that they are considered a ‘cyber threat’ – even if there is no concrete evidence of this threat.
It may not be long before the US conducts crippling attacks on foreign soil with little more than a mouse click, thereby sparing itself the effort of sending its military oversees or declaring war.
The Obama administration is currently drawing up a set of rules about how the US military can defend against or conduct cyberattacks, the New York Times reports. The Obama administration is also allowing intelligence agencies to declare potential threats. But even if these threats are nothing more than a suspicion without evidence, the military now has the authority to attack foreign nations, regardless of whether or not the US is involved in a conflict with them.
This would not only spare the US from sending its own troops overseas, but it would also allow the administration to make decisions without the deliberation that usually occurs before sending Americans into a conflict zone. And if the administration conducts an attack based on false premises, it would be saved the embarrassment that occurred when President George W. Bush sent thousands of US troops into a war with Iraq that lasted nearly 9 years, based on the false premise that Iraq possessed weapons of mass destruction and was a security threat.
With no overseas deployments necessary to conduct a cyberattack, the administration would have nothing to lose by anonymously targeting and destroying infrastructure based on its own suspicions of a threat. The administration’s new rules would also allow the military to operate domestically, the thought of which has always made many people uncomfortable. The White House in October signed a presidential policy directive that aims to “finalize new rules of engagement that would guide commanders when and how the military can go outside government networks to prevent a cyberattack that could cause significant destruction or casualties.”
A senior administration official told the Times that the US has so far kept its cyber capabilities restrained and that the new rules could allow the administration to exercise its full potential.
“There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done,” the official said.
The administration has already used computer worms to cripple other countries’ infrastructure, including a series of attacks against Iran’s nuclear power plants, one of which took out nearly 1,000 of the 5,000 centrifuges of the Natanz plant. The attack was controlled from inside the Pentagon, which now has a new Cyber Command and a growing budget that would allow it to conduct more extensive cyberattacks.
The Pentagon’s foundation of such an office demonstrates the administration’s preparation for cyberwarfare, in which both the US and terrorists can strike each other by taking down power grids, financial systems and communications networks. The Cyber Command office is experiencing a growing budget, while the Department of Defense is preparing for spending cuts and is slashing budgets for other Pentagon departments, indicating the importance of its work to the administration.
The rules have been in development for nearly two years, but they were leaked to the Times at a convenient moment for the administration: The New York Times, Bloomberg L.P., the Wall Street Journal and the Washington Post all claim that their computers have been penetrated by Chinese hackers and had been targeted for years. The computer security company Mandiant also alleged that Chinese hackers had stolen contacts, information and files from more than 30 US newspaper journalists and executives, many of which had written about Chinese leaders and political and legal issues in China.
But the Chinese Ministry of National Defense has denied that its people had anything to do with the suspected attacks, stating that “Chinese laws prohibit any action including hacking that damages Internet security.” The ministry also expressed anger about the accusations, stating that “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”
“We have seen over the last years an increase in not only the hacking attempts on government institutions but also nongovernmental ones,” US Secretary of State Hillary Clinton told reporters on Thursday, emphasizing that the Chinese “are not the only people who are hacking us.”
The administration has also recently announced that an unnamed American power station was crippled for weeks by cyberattacks, without releasing details about the location of the plant. With little proof about the alleged cyberattacks and the suspected threats, the White House now reserves the right to make major cyberwarfare decisions, despite Congress’ long-standing disapproval.
“The [National Security Administration’s] cyber security operations have been kept very, very secret, and because of that it has been impossible for the public to react to them,” said Electronic Privacy Information Center attorney Arnie Stepanovich in November. “[That makes it] very difficult, we believe, for Congress to legislate in this area.”
The Obama administration has long pushed for Congress to pass the Cyber Intelligence Sharing and Protection Act, which would grant the government greater access to the Internet and cybersecurity information from the private sector. US Homeland Security Secretary Janet Napolitano, claims it is necessary to prevent a “cyber 9/11” attack that would knock out water, electricity and gas, causing destruction similar to that left behind by Hurricane Sandy.
But privacy advocates have long expressed concern that this measure would give the government access to Americans’ personal e-mails, online chat conversations, and other personal information that only private companies and servers might have access too, prompting Congress to reject the measure.
Alongside privacy concerns, the Obama administration’s increasing access to cybersecurity information and cyberwarfare capabilities provides the president with an unknown amount of power to conduct anonymous attacks on foreign infrastructure.
While using this technology to attack military objects, such as anti-aircraft or missile defense radars in war zones, would not surprise anyone, the US now also reserves the right to attack other countries with which it has not declared war.
With the US ranking first in a 2012 study that drew up a “Cyber Power Index”, other nations whose conduct conflicts with US wishes could become more vulnerable than ever – especially since International Law allows countries to defend themselves against foreign threats, and these “threats” can now be concluded based on vague intelligence analysis of a 'potential' cyber attack.