WASHINGTON // A secret legal review has concluded that the United States president has the power to order pre-emptive cyber strikes if the US discovers credible evidence of a major digital attack against it is in the offing, The New York Times reported yesterday.
Citing unnamed officials involved in the review, the newspaper said the new policy will also govern how the intelligence agencies can carry out searches of overseas computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries with a destructive code — even if there is no declared war.
The review came as the US Department of Defence approved a five-fold expansion of its cybersecurity force over the coming years in a bid to increase its ability to defend critical computer networks.
The Washington Post reported that the department's Cyber Command, which currently has a staff of about 900, will expand to about 4,900 troops and civilians.
Last November, defence secretary Leon Panetta conceded that US cybersecurity needed more financial support and human capital.
The nature of the threat has been underscored by a string of worldwide sabotage attacks, including one in which a virus was used to wipe data from more than 30,000 computers at a Saudi Arabian oil company last summer.
According to The Times, John Brennan, who has been nominated to run the Central Intelligence Agency, played a central role in developing the administration's policies regarding cyberwarfare.
Obama is known to have approved the use of cyberweapons only once, when he ordered an escalating series of cyber-attacks against Iran's nuclear enrichment facilities, The Times said.
The operation was code-named Olympic Games, and began inside the Pentagon when George W Bush was still president, according to the paper.
The attacks on Iran illustrated that a nation's infrastructure can be destroyed without bombing it or sending in saboteurs, the report said.
One senior American official said that the reviewers had quickly determined that the cyberweapons were so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander in chief, The Times noted.
International law allows any nation to defend itself from threats, and the United States has applied that concept to conduct pre-emptive attacks, the paper noted.
Under the new guidelines, the Pentagon would not be involved in defending against ordinary cyber-attacks on American companies or individuals, The Times said. That responsibility falls to the Department of Homeland Security.
But the military would become involved in cases of a major cyberattack within the United States, the paper noted.