Pentagon seeks to expand rules of engagement in cyber war

By Ellen Nakashima

The Washington Post

WASHINGTON — The Pentagon has proposed that military cyber-specialists be given permission to take action outside its computer networks to defend critical U.S. computer systems — a move that officials say would set a significant precedent.

The proposal is part of a pending revision of the military’s standing rules of engagement. The secretary of defense has not decided whether to approve the proposal, but officials said adopting the new rules would be within his authority.

“Without a doubt it would be a very big and significant step forward,” said a senior defense official, speaking on the condition of anonymity to discuss a sensitive topic. “It would account for changes in technology that will give more flexibility in defending the nation from cyberattack.”

Currently, the military is permitted to take defensive actions or to block malicious software – such as code that can sabotage another computer – only inside or at the boundaries of its own networks. But advances in technology and mounting concern about the potential for a cyberattack to damage power stations, water-treatment plants and other critical systems have prompted senior officials to seek a more robust role for the department’s Cyber Command.

The proposed rules would open the door for U.S. defense officials to act outside the confines of military-related computer networks to try to combat cyberattacks on private computers, including those in foreign countries.

In establishing the new regulations, officials have sought to overcome concerns that action in another country’s networks could violate international law, upset allies or result in unintended consequences, such as the disruption of civilian networks.

The Pentagon, in consultation with the White House and other agencies, has developed strict conditions governing when military cyber-specialists could take action outside U.S. networks. Some officials said these conditions are so stringent that the new capability to go outside military boundaries might never be used.

Pentagon and other officials say such military action is meant to be taken only in extreme emergencies and with great care.

The proposed revision to Cyber Command’s standing rules is significantly narrower than what the military originally sought, officials said. But, one senior Pentagon official said, “we want to have something approved that starts the dialogue that allows us to start seeking more.”

Generally, the new rules would allow the two-year-old Cyber Command to take defensive action in a foreign country or in the United States if reliable intelligence indicates that a threat is imminent and could have certain consequences, such as deaths, severe injury or damage to national security, said several current and former officials.

“We’re not talking about shooting back, not talking about tit-for-tat,” said the Pentagon official, who like many interviewed for this article spoke on the condition of anonymity and would not discuss operational details. “We’re talking about stopping the bleeding, lest something really bad happens to the country.”

The standing rules of engagement, or SROE, were last revised in 2005. They are intended to give military commanders guidance on what they can do when they find their troops or systems under attack and they need to act quickly without having to consult the president or defense secretary.

While the rules for air, sea and land operations are fairly straightforward, the rules for cyberspace have posed great challenges for policymakers. For one thing, cyberattacks can take place in milliseconds. The assailant may be unknown. The attack route may be hard to trace, crossing multiple countries.

“The legal and policy entanglement in cyber is far, far more difficult than it is in some of the other domains” of warfare, William J. Lynn III, a former deputy defense secretary, said at a global security conference this year.

The SROE discussion is part of a larger interagency policy debate over the role of government in fighting attacks on the nation’s privately owned critical computer systems.

Ideally, current and former officials say, the Pentagon would like Cyber Command to be able to undertake a range of activities, from blocking or redirecting viruses to disabling a computer server in another country to prevent destructive malware from being launched.

But something as aggressive as shutting down a server in another country is probably going to require presidential permission, Gen. Keith Alexander, the head of Cyber Command, has said.

Indeed, “going after something outside the network in defense of the nation, which may still be characterized as offensive, is definitely the hardest policy part,” a senior U.S. official said.

Even actions on networks in the United States would involve an integrated cyber operations center with personnel from all relevant agencies: the National Security Agency, Cyber Command, the Department of Homeland Security and the FBI. When a cyber threat is detected, whichever agency has the lead by law – FBI for criminal and counterintelligence cases, Cyber Command for foreign adversary and terrorist attacks – would take over, officials said.

DHS has the lead for working with critical industries. NSA and Cyber Command are able to lend their expertise to DHS and other agencies, officials said.

“We’re very careful about roles and responsibilities between Justice, DHS and DOD,” the U.S. official said. “Those are being carefully reviewed. But in every domain, ultimately DOD has the responsibility to defend the nation.”

A variety of blocking techniques can be used that are not destructive to networks, officials said. They include diverting malware into a “sinkhole,” effectively a cyber black hole, which is something Internet service providers do now to protect their own networks.

Alexander, who is also director of the NSA, has pushed publicly for new rules on rules of engagement. Officials “need standing rules of engagement and execute orders that allow the government to do defense that is reasonable and proportionate,” he said at a recent conference in Aspen.

Earlier efforts to establish the ability for the military to defend private critical networks failed in the face of opposition from the Justice Department, which did not want to set a legal precedent for military action in domestic networks, and the State Department, which feared the military might accidentally disrupt a server in a friendly country, undermining future cooperation.

Alexander said an enhanced ability for the Pentagon to take action to defend the nation rests in part on expanded cyberthreat data-sharing.

He said that in debating the rules, policymakers are “trying to do the job right.” But what concerns him is the discussion over whether “you can use this tool, but not that one, without understanding what that really means.”

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Traffic idles while waiting for the lights to change along 33rd Avenue West on Tuesday, April 2, 2024 in Lynnwood, Washington. (Olivia Vanni / The Herald)
Lynnwood seeks solutions to Costco traffic boondoggle

Let’s take a look at the troublesome intersection of 33rd Avenue W and 30th Place W, as Lynnwood weighs options for better traffic flow.

A memorial with small gifts surrounded a utility pole with a photograph of Ariel Garcia at the corner of Alpine Drive and Vesper Drive ion Wednesday, April 10, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Death of Everett boy, 4, spurs questions over lack of Amber Alert

Local police and court authorities were reluctant to address some key questions, when asked by a Daily Herald reporter this week.

The new Amazon fulfillment center under construction along 172nd Street NE in Arlington, just south of Arlington Municipal Airport. (Chuck Taylor / The Herald) 20210708
Frito-Lay leases massive building at Marysville business park

The company will move next door to Tesla and occupy a 300,0000-square-foot building at the Marysville business park.

A closed road at the Heather Lake Trail parking lot along the Mountain Loop Highway in Snohomish County, Washington on Wednesday, July 20, 2023. (Annie Barker / The Herald)
Mountain Loop Highway partially reopens Friday

Closed since December, part of the route to some of the region’s best hikes remains closed due to construction.

Emma Dilemma, a makeup artist and bikini barista for the last year and a half, serves a drink to a customer while dressed as Lily Munster Tuesday, Oct. 25, 2022, at XO Espresso on 41st Street in Everett, Washington. (Ryan Berry / The Herald)
After long legal battle, Everett rewrites bikini barista dress code

Employees now have to follow the same lewd conduct laws as everyone else, after a judge ruled the old dress code unconstitutional.

The oldest known meteor shower, Lyrid, will be falling across the skies in mid- to late April 2024. (Photo courtesy of Pixabay)
Clouds to dampen Lyrid meteor shower views in Western Washington

Forecasters expect a storm will obstruct peak viewing Sunday. Locals’ best chance at viewing could be on the coast. Or east.

AquaSox's Travis Kuhn and Emerald's Ryan Jensen an hour after the game between the two teams on Sunday continue standing in salute to the National Anthem at Funko Field on Sunday, Aug. 25, 2019 in Everett, Wash. (Olivia Vanni / The Herald)
New AquaSox stadium downtown could cost up to $120M

That’s $40 million more than an earlier estimate. Alternatively, remodeling Funko Field could cost nearly $70 million.

Downtown Everett, looking east-southeast. (Chuck Taylor / The Herald) 20191022
5 key takeaways from hearing on Everett property tax increase

Next week, City Council members will narrow down the levy rates they may put to voters on the August ballot.

Everett police officers on the scene of a single-vehicle collision on Evergreen Way and Olivia Park Road Wednesday, July 5, 2023 in Everett, Washington. (Photo provided by Everett Police Department)
Everett man gets 3 years for driving high on fentanyl, killing passenger

In July, Hunter Gidney crashed into a traffic pole on Evergreen Way. A passenger, Drew Hallam, died at the scene.

FILE - Then-Rep. Dave Reichert, R-Wash., speaks on Nov. 6, 2018, at a Republican party election night gathering in Issaquah, Wash. Reichert filed campaign paperwork with the state Public Disclosure Commission on Friday, June 30, 2023, to run as a Republican candidate. (AP Photo/Ted S. Warren, File)
6 storylines to watch with Washington GOP convention this weekend

Purist or pragmatist? That may be the biggest question as Republicans decide who to endorse in the upcoming elections.

Keyshawn Whitehorse moves with the bull Tijuana Two-Step to stay on during PBR Everett at Angel of the Winds Arena on Wednesday, April 17, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
PBR bull riders kick up dirt in Everett Stampede headliner

Angel of the Winds Arena played host to the first night of the PBR’s two-day competition in Everett, part of a new weeklong event.

Simreet Dhaliwal speaks after winning during the 2024 Snohomish County Emerging Leaders Awards Presentation on Wednesday, April 17, 2024, in Everett, Washington. (Ryan Berry / The Herald)
Simreet Dhaliwal wins The Herald’s 2024 Emerging Leaders Award

Dhaliwal, an economic development and tourism specialist, was one of 12 finalists for the award celebrating young leaders in Snohomish County.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.