Rules of Engagement.

[professor rat]

President Bush has signed a secret directive ordering the government to develop, for the first time, national-level guidance for determining when and how the United States would launch cyber-attacks against enemy computer networks, according to administration officials.
Similar to strategic doctrine that has guided the use of nuclear weapons since World War II, the cyber-warfare guidance would establish the rules under which the United States would penetrate and disrupt foreign computer systems.
The United States has never conducted a large-scale, strategic cyber-attack, according to several senior officials. But the Pentagon has stepped up development of cyber-weapons, envisioning a day when electrons might substitute for bombs and allow for more rapid and less bloody attacks on enemy targets. Instead of risking planes or troops, military planners imagine soldiers at computer terminals silently invading foreign networks to shut down radars, disable electrical facilities and disrupt phone services.
Bush's action highlights the administration's keen interest in pursuing a new form of weaponry that many specialists say has great potential for altering the means of waging war, but that until now has lacked presidential rules for deciding the circumstances under which such attacks would be launched, who should authorize and conduct them and what targets would be considered legitimate.
"We have capabilities, we have organizations; we do not yet have an elaborated strategy, doctrine, procedures," said Richard A. Clarke, who last week resigned as special adviser to the president on cyberspace security.
Bush signed the order, known as National Security Presidential Directive 16, last July but it has not been disclosed publicly until now. The guidance is being prepared amid speculation that the Pentagon is considering some offensive computer operations against Iraq if the president decides to go to war over Baghdad's chemical, biological and nuclear weapons development programs.
"Whatever might happen in Iraq, you can be assured that all the appropriate approval mechanisms for cyber-operations would be followed," said an administration official who declined to confirm or deny whether such planning was underway.
Despite months of discussions involving principally the Pentagon, CIA, FBI and National Security Agency, officials say a number of issues remain far from resolved. "There's been an initial step by the president to say we need to establish broad guidelines," a senior administration official said. "We're trying to be thorough and thoughtful about this. I expect the process will end in another directive, the first of its kind in this area, setting the foundation."
The current state of planning for cyber-warfare has frequently been likened to the early years following the invention of the atomic bomb more than a half-century ago, when thinking about how to wage nuclear war lagged the ability to launch one.
The full extent of the U.S. cyber-arsenal is among the most tightly held national security secrets, even more guarded than nuclear capabilities. Because of secrecy concerns, many of the programs remain known only to strictly compartmented groups, a situation that in the past has inhibited the drafting of general policy and specific rules of engagement.
In a first move last month to consult with experts from outside government, White House officials helped arrange a meeting at the Massachusetts Institute of Technology that attracted about 50 participants from academia and industry as well as government. But a number of participants expressed reservations about the United States engaging in cyber-attacks, arguing that the United States' own enormous dependence on computer networks makes it highly vulnerable to counterattack.
"There's a lot of inhibition over doing it," said Harvey M. Sapolsky, an MIT professor who hosted the Jan. 22 session. "A lot of institutions and people are worried about becoming subject to the same kinds of attack in reverse."
Government officials involved in drafting the new policy insist they are proceeding cautiously, recognizing the risks of crossing the threshold into cyber-warfare and acknowledging the difficulties still inherent in trying to model how a major cyber-attack might play out. By penetrating computer systems that control the communications, transportation, energy and other basic services in a country, cyber-weapons can have serious cascading effects, disrupting not only military operations but civilian life.
"There are questions about collateral damage," Clarke said. As an example, he cited the possibility that a computer attack on an electric power grid, intended to pull the plug on military facilities, might end up turning off electricity to hospitals on the same network.
"There also is an issue, frankly, that's similar to the strategic nuclear issue which is: Do you ever want to do it? Do you want to legitimize that kind of weaponry?" Clarke added.
http://www.washingtonpost.com/wp-dyn/articles/A38110-2003Feb6.html