A secret internal review has concluded that President Barack Obama can lawfully engage in pre-emptive cyber attacks in the event that the U.S. faces an imminent threat, according to The New York Times.
The legal guidance was key to rules the administration hopes to adopt in the coming weeks to govern cyber warfare operations. The Times added that those rules will classified similarly to the policies governing the nation’s drone warfare program.
The president is only known to have launched one cyberwar operation, against Iran. It was codenamed “Olympic Games,” and focused on developing computer viruses that caused havoc within the country’s nuclear program. That’s where the Stuxnet virus came from, the Times reported last June.
Rules governing the use of cyberweapons are largely undetermined, but levels of sophistication exist that could enable manipulation of whole economies, attacks that cripple electric grids and take down telephone networks, or worse.
Still, the determination that the U.S. may legally use cyber warfare capabilities on other countries without first having been attacked is an eerie echo of President George W. Bush’s precedent-setting insistence that pre-emptive action was the United States’ right, then against former Iraqi dictator Saddam Hussein.
The secrecy of the law has also got civil liberties advocates worried. The ACLU warned in November that the president’s recent directive to vet critics infrastructure for cyber security flaws may actually allow military deployment within the United States. Similar proposals have been stopped up in Congress for years, leading the president to suggest he will use executive authority to shore up the nation’s cyber defenses if Congress cannot.