With cyber attacks whistling by at an ever-increasing clip, it’s not surprising that the Obama administration is hard at work nailing down how to respond. The policies will remain hush-hush once they’re finalized, but the New York Times (which previously connected the president to the deployment of Stuxnet) has one juicy tidbit: A classified legal review has found that the president has “broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad.”
That’ll sound familiar to anyone who hasn’t entirely repressed the memory of the Bush administration! (Mr. President, a very agitated Colin Powell is on line two. Something about enriched uranium and the U.N.?)
Now, this does not mean that President Obama will be launching the cyber nukes to prevent “routine” attacks, like when some hacktivists wants to DDOS your online banking provider. That’s the province of Homeland Security and the F.B.I., because your inability to check your balance? Not actually an imminent national security threat.
But when someone launches an infrastructure-crippling attack on the power grid, for example (it’s always the power grid!), it becomes a military concern. In that instance, the president has the authority to act preemptively should he see fit.
However, as rationales go, it’s not totally airtight:
Pre-emption in the context of cyberwar raises a potentially bigger quandary, because a country hit by a pre-emptive cyberstrike could easily claim that it was innocent, undermining the justification for the attack. “It would be very hard to provide evidence to the world that you hit some deadly dangerous computer code,” one senior official said.
Glad to know diplomacy in the age of cyberwar hasn’t changed that much: It’s still mostly just throwing up one’s hands and shouting “wasn’t me!”