Broad Powers Seen for Obama in Cyberstrikes (http://www.nytimes.com)
02/03/2013 – Cyber Security
A secret legal review on the use of America’s growing arsenal of cyber weapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review.
That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules for how the military can defend, or retaliate, against a major cyber-attack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.
Cyber weaponry is the newest and perhaps most complex arms race under way. The Pentagon has created a new Cyber Command, and computer network warfare is one of the few parts of the military budget that is expected to grow. Officials said that the new cyber policies had been guided by a decade of evolution in counterterrorism policy, particularly on the division of authority between the military and the intelligence agencies in deploying cyber weapons. Officials spoke on condition of anonymity because they were not authorized to talk on the record.
The Obama administration has urged stronger firewalls and other systems to provide a first line of defense, and then resiliency in the face of cyberattacks. It failed to get Congress to pass cybersecurity legislation that would have allowed the government to mandate standards.
(Continue reading at http://www.nytimes.com)
My Two Cents: Every year that goes by I see more and more everyday systems being exposed to the internet. This is a good thing, as long as they are protected. Security standards do exist (we don’t need Congress to mandate standards), and thinking out of the box to secure your cyber infrastructure is a must these days. However, I would like some kind of international\national legal action or law for private corporations to be able to retaliate after an attack. We could stage our servers at our datacenters and our maximized bandwidth at these bad guys and take them out. Legal prevents me from doing this..lol, even though we have the technology and systems to do it. They argue “What if we target the wrong system by mistake?” FYI: We get thousands of Denial of Service attacks every hour. We track where they come from, we know where and who they are. I am tired of everyone here in the USA being re-active then being pro-active. I hate to say it, but it will take a Pearl Harbor cyber attack event to make everyone wake up and see how vulnerable their systems are!