WASHINGTON – A secret legal review has concluded that the U.S. president has the power to order pre-emptive cyberstrikes if the United States discovers credible evidence of a major digital attack against it is in the offing, The New York Times reported Monday.
Citing unnamed officials involved in the review, the newspaper said the new policy will also govern how the intelligence agencies can carry out searches of overseas computer networks for signs of potential attacks on the U.S. and, if the president approves, attack adversaries with a destructive code — even if there is no declared war.
The review came as the U.S. Department of Defense approved a five-fold expansion of its cybersecurity force over the coming years in a bid to increase its ability to defend critical computer networks.
The seriousness of the threat has been underscored by a string of sabotage attacks, including one in which a virus was used to wipe data from more than 30,000 computers at a Saudi Arabian state oil company last summer.
According to The Times, John Brennan, who has been nominated to run the CIA, played a central role in developing the administration’s policies regarding cyberwarfare.
Obama is known to have approved the use of cyberweapons only once, when he ordered an escalating series of cyber-attacks against Iran’s nuclear enrichment facilities, The Times said.
The operation was code-named Olympic Games, and began inside the Pentagon when George W. Bush was still president, according to the paper.
The attacks on Iran illustrated that a nation’s infrastructure can be destroyed without bombing it or sending in saboteurs, the report said.
One senior American official said the reviewers had quickly determined the cyberweapons were so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander in chief, The Times noted.
International law allows any nation to defend itself from threats, and the U.S. has applied that concept to conduct pre-emptive attacks, the paper noted.