February 06, 2012, 3:11 PM — The National Defense Authorization Act that funded the 2012 U.S. military budget, included language to make it possible for the military to arrest and hold even U.S. citizens indefinitely without charge, also included permission for the Pentagon to wage cyberwar as it sees fit.
A report from international-relations newsletter DiploNews points out that an amendment to NDAA includes permission from Congress to do whatever it likes in the virtual trenches, though it can do so only on orders from the president, within legal limitations it has to follow under other circumstances and in accordance with the War Powers Resolution, which outlines the power of Congress and the Presdent to declare war.
Briefly, the Dept. of Defense can wage cyberwar to protect the U.S., its allies or its interests.
Congress gave the DoD more leeway on cyberwar than the regular kind because the nature of both the technology and the combat conducted with it change so quickly.
There are dangers in that of both diplomatic and military varieties, however.
Even if the U.S. is able to identify the true source of an attack, knowing how to respond in a measured and legal way will be a challenge. For instance, under whose jurisdiction does an attack fall under and which laws apply to an offender if an attack is waged from a different country or multiple countries, with data traveling through even more countries to reach its destination? Internationally, codified law regarding cyberwar and the rules of engagement is in a state of underdevelopment. There is no one body with the responsibility to coordinate global cyber security policy – DiploNews report NDAA cyberwar provisions, Feb. 6, 2012.
Among other powers, however, is the real-world destructive capabiilty of the U.S. military to respond to cyberattacks, though the problem of adequately establishing who actually launched the attack and what kind of counterattack might work best leaves a dangerous gap in the policy.
If anything, the Pentagon is too meek about using new cyberwar techniques, the DiploNews report found.
During the 2003 invasion of Iraq the Pentagon planned attacks that would have blocked access by Saddam Hussein from bank accounts overseas, the DiploNews report said. They were never used.
During the rebellion in Libya earlier this year, press reports warned that the U.S. was planning to attack Libyan electronic warning systems, an idea that was shot down because it would set a precedent that would encourage other countries to do the same to the U.S.