December 20, 2011

Congress gives DoD green light on cyber attacks

Congress has given the Defense Department explicit authority to launch offensive operations in cyberspace.

The provision included in the National Defense Authorization Act passed by lawmakers last week affirms that DoD has offensive cyber capabilities and that the department "may conduct offensive operations in cyberspace" when directed to do so by the president.

"This is a positive step, but there is nothing remarkable about it, and that's as it should be," said Kristin Lord, vice president and director of studies at the Center for a New American Security, a nonpartisan national security think tank in Washington.

Lord said there is a move by other governments to develop international standards for cyber warfare.

Alan Paller, director of research at the SANS Institute, a Maryland-based computer security research and training organization, said the law now gives DoD "explicit permission to do what needs to be done and what has been done."

The legislation calls on DoD to select at least one official to coordinate, oversee and carry out collaborative cyber activities with the Department of Homeland Security. DHS is likewise required to assign a director of cybersecurity coordination to work with DoD.

Lord said the authority to conduct offensive operations is clearly directed at DoD, not DHS or the intelligence community.