US may stop cyber attacks at source
WASHINGTON — The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary’s computer network overseas — but it is still wrestling with how to pursue the strategy legally.
The department is developing a range of weapons capabilities, including tools that would allow “attack and exploitation of adversary information systems’’ and that can “deceive, deny, disrupt, degrade, and destroy’’ information and information systems, according to Defense Department budget documents.
But officials are reluctant to use the tools until questions of international law and technical feasibility are resolved, and that has proved to be a major challenge for policy makers. Government lawyers and some officials question whether the Pentagon could take such action without violating international law or other countries’ sovereignty.
Some officials and analysts say they doubt the technology exists to use such capabilities effectively, and they question the need for such measures when, they say, traditional defensive steps such as updating firewalls, protecting computer ports, and changing passwords are not always taken.
Still, the deployment of such hardware and software would be the next logical step in a cyber strategy outlined recently by Deputy Secretary of Defense William Lynn. The strategy turns on the “active defense’’ of military computer systems, what he called a “fundamental shift in the US approach to network defense.’’
Though officials have not clearly defined the term and no consensus exists on what it means, Lynn has said the approach includes “reaching out’’ to block malicious software “before they arrive at the door’’ of military networks. Blocking bad code at the border of its networks is considered to be within the Pentagon’s authority.
On the other hand, destroying it in an adversary’s network in another country may cross a line, and officials are trying to articulate a clear policy for such preemptive cyber activity.
“We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us,’’ General Keith Alexander, the head of the Pentagon’s new Cyber Command, told an audience in Tampa last month.
Military officials have declared that cyberspace is the fifth domain — along with land, air, sea, and space — and is crucial to battlefield success.
“We need to be able to protect our networks,’’ Lynn said in a May interview. “And we need to be able to retain our freedom of movement on the worldwide networks.’’
Another senior defense official said, “I think we understand that in order for us to ensure integrity within the military networks, we’ve got to be able to reach out as far as we can — once we know where the threat is coming from — and try to eliminate that threat where we can.’’