WASHINGTON -- The Pentagon has quietly empowered the United States Cyber Command to take a far more aggressive approach to defending the nation against cyberattacks, a shift in strategy that threatens to increase the risk of conflict with the foreign states that sponsor malicious hacking groups.
Until now, the Cyber Command has assumed a largely defensive posture, trying to counter attackers as they enter American networks. In the relatively few instances when it has gone on the offensive, particularly in trying to disrupt the online activities of the Islamic State and its recruiters in the past several years, the results have been mixed.
But in the spring, as the Pentagon elevated the command's status, it opened the door to nearly daily raids on foreign networks, seeking to disable cyberweapons before they can be unleashed, according to strategy documents and military and intelligence officials.
The change in approach was not formally debated inside the White House before it was issued, according to current and former administration officials. But it reflects the greater authority given to military commanders by President Donald Trump, as well as a widespread view that the United States has mounted an inadequate defense against the rising number of attacks aimed at America.
It is unclear how carefully the administration has weighed the various risks involved if the plan is acted on in classified operations. Adversaries like Russia, China and North Korea, all nuclear-armed states, have been behind major cyberattacks, and the United States has struggled with the question of how to avoid an unforeseen escalation as it wields its growing cyberarsenal.
The new strategy envisions constant, disruptive "short of war" activities in foreign computer networks. It is born, officials said, of more than a decade of counterterrorism operations, where the United States learned that the best way to take on al-Qaida or the Islamic State was by destroying the militants in their bases or their living rooms.
The objective, according to the new "vision statement" issued by the command, is to "contest dangerous adversary activity before it impairs our national power."
Another Pentagon document, dated May 2017, provides a legal basis for attacking nuclear missiles on the launchpad using "nonkinetic options" -- meaning a cyberattack or some other means that does not involve bombing a missile on the pad or otherwise blowing it up.
The policy was issued two months after The New York Times revealed that the Obama administration had developed an extensive "left of launch" capability to attack North Korea's missiles using cyber and electronic warfare, though it was unclear how well the strategy was working. The new Pentagon legal strategy was first reported by The Daily Beast.
As the Defense Department elevated the Cyber Command, it declared that most of its 133 "cyber mission teams" were combat-ready after years of development.
But most of those teams protect Defense Department networks. Offensive cyberaction by the United States has been relatively rare, a reflection of the time it takes to mount operations and the fact that only the president can approve any use of a cyberweapon that is likely to have significant effects. Those operations have included disabling another nation's nuclear facilities or its missiles, as the United States has attempted in Iran and North Korea, or disrupting the communications of groups like the Islamic State.
The president's sole authority to authorize the use of those weapons is similar to his authority to launch nuclear weapons, a recognition that cyberweapons, even if less powerful than nuclear arms, can have broad, unintended effects.
U.S. intelligence agencies have identified cyberthreats as the No. 1 risk facing the United States -- it has ranked ahead of terrorism for years now in the annual assessment provided to Congress, even before the Russian intrusion into the election. But the White House declared that it did not need a separate cybercoordinator because the issues are included in many other programs. A young National Security Council staff member, with scant experience in the topic, now oversees offensive cyberissues.
There is little debate inside the government's community of cyberwarriors and defenders that the United States needs to step up its game: It did not see the Russian hack of the 2016 election coming, nor North Korea's "WannaCry" attack last year that crippled the National Health Service in Britain and rippled around the world, partly driven by stolen U.S. cyberweapons.
But the risks of escalation -- of U.S. action in foreign networks leading to retaliatory strikes against U.S. banks, dams, financial markets or communications networks -- are considerable, according to current and former officials. Trump has shown only a cursory interest in the subject, former aides say.
A Section on 06/19/2018