Cyber Command nominee lays out rules of engagement

Choice to lead new organization explains under which authorities the command would operate

The Defense Department wants to integrate its cyberspace operations under a new Cyber Command, but the command’s role in cyber defense would depend on the dynamics of an attack scenario, the nominee to lead the new organization has testified.

Army Lt. Gen. Keith Alexander, the nominee who also heads the National Security Agency, explained the authorities and roles of the Cyber Command in different hypothetical scenarios presented by Senator Carl Levin (D-Mich.), who chairs the Armed Services Committee, during the NSA chief's confirmation hearing.

That exchange before Levin's panel  on April 15, demonstrated how the command could support cyber defense in foreign and domestic settings, with the United States at peace or war. The questioning also provided a glimpse into the complex policy and legal questions that swirl around establishing the command.


Related story

Pick to lead cyber command lays out battle plans


To demonstrate how the command would operate, Levin asked Alexander about how it could respond in different attack scenarios:

Support during a traditional armed conflict

Levin: Assume the following: That U.S. forces are engaged in a traditional military conflict with a country – we’ll call it Country C – now how would you conduct cyber operations in that country in support of the combatant commander? Under what authorities, processes, and borders would you be operating in that particular scenario?

Alexander: We would be operating under Title 10 authorities under an execute order supporting, probably, that regional combatant commander. The execute order would have the authorities that we need to operate within that country and we’d have a standing rules of engagement of how to defend our networks. I think that’s the straightforward case, [it] would be an execute order that comes down that regional combatant commander that includes the authorities for cyber [that] are parsed out and approved by the president.

The complexity of neutrality and third parties

Levin: Now the second hypothetical, I want to add a complicating factor to the scenario. Assume that an adversary launches an attack on our forces through computers that are located in a neutral country. That’s what you determine – the attack is coming from computers in a neutral country – how does that alter the way you would operate and the authorities that you would operate under?

Alexander: So that does complicate it. It would still be the regional combatant commander that we’re supporting under Title 10 authorities. There would be an execute order. In that execute order…the standing rules of engagement, it talks about what we can do to defend our networks and where we can go and how we can block. The issue becomes more complicated when on the table are facts such as: We can’t stop the attacks getting into our computers, and if we don’t have the authorities…we’d go back up to a strategic command, to the [defense secretary], and the president for additional capabilities to stop [the attack]. But right now the authorities would be to block it in theater in the current standing rules of engagement, and it would be under and execute order, and again, under Title 10 in support of that regional combatant command.

Levin: Is that execute order likely to have any authority to do more than defend the networks or would you have to, in all likelihood, go back for that authority…?

Alexander: It would probably have the authority to attack within the area of conflict against the other military that we are fighting, and there would be a rules of engagement that articulate what you can do offensively and what you can do defensively…what you would not have the authority to do is reach out into a neutral country and do an attack, and therein lies the complication for a neutral country…

Levin: And neutral being a third country presumably, is that synonymous or does the word neutral mean literally neutral?

Alexander: Well it could be either, sir, it could be a third country or it could be one that we don’t know. I should have brought in [to the conversation] attribution, because it may or may not be a country that we could actually attribute [an attack] to, and that further complicates this. And the neutral country could be used by yet a different country, the adversary, and it’s only a path through. In physical space this is a little bit easier to see, firing from a neutral country, I think the Law of Armed Conflict has some of that in it. It’s much more difficult and this is much more complex when a cyberattack could bounce through a neutral country…

The complicated case of homeland security assistance

Levin: Now a third scenario, more complicated yet. Assume you’re in a peacetime setting [and] all of the sudden we’re hit with a major attack against the computers that manage the distribution of electric power in the United States. Now, the attacks appear to be coming from computers outside the United States, but they’re being routed to computers that are owned by U.S. persons located in thee United States, the routers [are] in the United States. How would [Cyber Command] respond to that situation and under what authorities?

Alexander: That brings in the real complexity of the problem...because there are many issues out there on the table that we can extend, many of which are not yet fully answered. Let me explain: First, the [Homeland Security Department] would have the responsibility for defense of that working with critical infrastructure. [DHS] could through the defense report for civilian authorities [construct] reach out to the Defense Department and ask [for] support. And, sir, one of our requirements in the unified command plan is to be prepared for that task. So we would have that responsibility if asked to do that, again we’d get an execute order and we’d have the standing rules of engagement that we operate under all the time. The issues now [however] are far more complex because you have U.S. persons, civil liberties and privacy all come into that equation, ensuring that privacy while you try to, on the same network potentially, take care of bad actors. A much more difficult problem.

As a consequence you have a joint interagency task force, the FBI [that] has a great joint-cyber investigative task force that would be brought in, all of these come to bear. This is the hardest problem because you have attribution issues, you have the neutrality issue that we mentioned in the second scenario, you have [interagency groups] working together with industry, and I think that’s one of the things that [President Barack Obama] is trying to address with DHS and with [DOD]: how do we actually do that with industry. That’s probably the most difficult and the one that we’re going to spend the most time trying to work our way through: How does the [DOD] help [DHS] in a crisis like that.

Editor's note: The exchanges were edited for clarity.

About the Author

Ben Bain is a reporter for Federal Computer Week.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Mon, Apr 19, 2010

Fed Gov needs their own internet, physically and logically seperate from the one the rest of the world uses. If they can't touch it, they can't attack it. Same is mostly true for 'critical infrastructure'. Never should have been on a public network in the first place. Sure, all these seperate networks would cost a lot more, but how much are we paying for all these cyber-defenses, and how much would it cost to recover from a successful attack?

Mon, Apr 19, 2010

The Posse Comitatus Act has been ignored when it is politically correct to do so, we have seen it a number of times using false flag operations under the "war of drugs" - "Look a Meth lab...gee no lab I guess..." - IMHO in this area, anything within the borders of the USA can be and should be addressed by DHS/FBI, the FBI already has a fine Public/Private partnership with Industry to protect CIP called the InfraGard, in each and every State. The Brass ignorance of this organization which is 10-12 years old now is interesting, or just part of a end game being played out.

Mon, Apr 19, 2010

There is one more “complication” that these folks need to consider, it is a federal law known as The Posse Comitatus Act (18 U.S.C. § 1385) passed on June 18, 1878.
This statute prohibits federal military personnel and units of the National Guard under federal authority from acting in a law enforcement capacity within the United States, unless it is on a federal government facility. The Coast Guard is exempt from the Act during peacetime.
Based upon Constitutional criteria, we have been operating under peacetime conditions since the end of World War II.

Fri, Apr 16, 2010 disKarazy

This is just disgusting. This is a front and a cover for more transgressions against the AMERICAN people... we already have enough law enforcement agencies to deal with this without bringing in the sociopathic NSA. People please WAKE UP ! These folks don't work for you, they have repeatedly proven that whatever interests they work for they are so far disconnected from what you would consider decent and right it would frighten you to NO END. These are the folks who ALREADY read all your e-mail ILLEGALLY. They have been implicated in no end of immoral activity and the national defense excuse is always what they use to justify their paranoia and psychosis. Just READ this ROBOTS answers.... please SAY NO to this sort of garbage !!!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above