The Pentagon has proposed that military cyber-specialists be given permission to take action outside its computer networks to defend critical U.S. computer systems — a move that officials say would set a significant precedent.
The proposal is part of a pending revision of the military’s standing rules of engagement. The secretary of defense has not decided whether to approve the proposal, but officials said adopting the new rules would be within his authority.
“Without a doubt it would be a very big and significant step forward,” said a senior defense official, speaking on the condition of anonymity to discuss a sensitive topic. “It would account for changes in technology that will give more flexibility in defending the nation from cyberattack.”
Currently, the military is permitted to take defensive actions or to block malicious software — such as code that can sabotage another computer — only inside or at the boundaries of its own networks. But advances in technology and mounting concern about the potential for a cyberattack to damage power stations, water-treatment plants and other critical systems have prompted senior officials to seek a more robust role for the department’s Cyber Command.
The proposed rules would open the door for U.S. defense officials to act outside the confines of military-related computer networks to try to combat cyberattacks on private computers, including those in foreign countries.
CONTINUED at the Washington Post.