Secret legal review grants US president broad power to launch internet attacks

Filed Under: Featured, Law & order, Malware, Security threats

Barack Obama. Image from ShutterstockWhat's the difference between US presidential power to fire drones or to launch a pre-emptive cyberattack?

Not much.

According to the New York Times, relying on input from unnamed officials, a secret legal review of the US's growing pile of cyberweapons has concluded that President Obama has "broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad."

And just as the rules regarding drone strikes have been kept under wraps, so too will the rules about cyber strikes be "highly classified," according to the NYT.

The decision that the president is authorized to launch pre-emptive cyber attacks lays the groundwork for the administration's coming move to create the country's first rules regarding how the military can defend itself or retaliate against a major cyberattack.

Such rules will outline how US intelligence agencies can ransack far-flung computer networks as they try to sniff out coming attacks and how to inject perceived adversaries with destructive code, even in the absence of a declared war, a la the Stuxnet virus.

The White HouseStuxnet, in fact, was allegedly authorized by two US presidents.

As Naked Security previously recounted, the Stuxnet virus is largely believed to have been created and launched during the regime of President George W. Bush to target Iran's nuclear facility in Natanz, with the help of Israel.

Subsequently, in spite of the virus going maverick, spinning out of control and escaping to damage systems well beyond Iran, President Barack Obama secretly authorized continued attacks, according to the NYT.

Outside of closed-door, secret legal reviews such as this one, the administration is also gearing up in the next few weeks to publicly strengthen the country's cybersecurity defenses.

President Obama is expected to issue a cybersecurity executive order soon after his Feb. 12 State of the Union address.

The executive order, long in the making, will create a voluntary program wherein companies in critical infrastructure industries will adopt a minimum set of security standards crafted by the government.

Graham Cluley's warning to proceed cautiously when planning attacks on overseas computer systems, given how difficult it is to decisively pin down the origin of an Internet attack, stands as true for the US now as it did for the UK when it rattled its own cyber saber in 2011.

The Sun interview with William Hague

Not to downplay the importance of defending against destructive attacks on the US's critical infrastructure, but as Naked Security often notes, it's easy for adversaries to hide behind a wall of compromised computers when they launch attacks, obscuring the true origin.

Regarding attacks on nations against whom the US has not declared war, the US administration should bear in mind that acts of aggression invite acts of retaliation.

If we don't want Stuxnet or its kin unleashed upon the US, we should tread softly.


Barack Obama image from Shutterstock.

, , , , , ,

You might like

2 Responses to Secret legal review grants US president broad power to launch internet attacks

  1. Bart · 538 days ago

    This isn't going to end well.

  2. Gavin · 538 days ago

    This isn't going to end at all.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.