The Department of Defense is working to develop rules of engagement for online warfare, according to Pentagon officials. The news comes after a year that saw retaliatory, activist hacking rise to prominence on the coattails of perceived injustices associated with demonstrations and revolutions in the United States, the Middle East and worldwide.
General Keith Alexander, of U.S. Cyber Command, said before that the House Armed Services Subcommittee on Emerging Threats and Capabilities effectively defending against cyber attacks would require proactive threat management and proper oversight with regards to civil liberties.
“We are working within the Department and Administration on establishing the Rules of Engagement and criteria upon which Cyber Command will act,” Alexander said. “We are working with the Joint Staff to develop a decision framework that allows us to identify threats and ensure senior leaders can share information rapidly and take action, if necessary.”
The subcommittee acknowledged the increasing gravity of online security during the meeting.
“Despite the successes of Cyber Command over the past year, which I do not discount, it still seems to me that the dangers to our nation in cyberspace are growing faster than our ability to protect the country,” said subcommittee chairman Mac Thornberry during opening statements. U.S. Cyber Command currently has a staff of more than 900 service members, civilians, and federal partners.
Thornberry affirmed Alexander’s concerns about privacy rights, and expressed hope the initiative will codify the government’s online toolkit, arguing that the electorate expects that service.
“But we should not kid ourselves,” Thornberry said. “The American people expect that the Department of Defense to defend the country in whatever domain it is attacked. That means that Cyber Command must be ready, and Congress and the Administration must find a way to ensure that it has the legal authorities it needs and at the same time ensure that the constitutional rights of Americans are protected.”
The initiative comes at a time when the government has not definitively proven its cyber warfare capabilities in the public eye. Recently, the FBI tacitly conceded that it could not crack the standard pattern lock on an Android handset, which it needed to access for an investigation. It later issued a warrant to Android developer Google requesting that the company bypass the security system for them.
Also this week, telecom Verizon released an annual report (PDF) on data theft that found that the majority of breaches were by hackers with a political or ideological motive.
The rise of online “hacktivism” – non-malicious but politically motivated mischief – may have weighed on the subcommittee’s mind as well. After a year during which government agencies and local law enforcement sparred with such hackers, frequently with embarrassing results.