WASHINGTON — The Army intelligence officer nominated to lead the Pentagon’s new command devoted to warfare in cyberspace has warned Congress that policy directives and legal controls over digital combat are outdated and have failed to keep pace with the military’s technical capabilities.
The officer, Lt. Gen. Keith B. Alexander, wrote to members of the Senate Armed Services Committee that computer network warfare was evolving so rapidly that there was a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.”
As he prepared for a confirmation hearing on Thursday as the first head of the Cyber Command, he pledged that the White House and Pentagon were “working hard to resolve the mismatch.”
In a 32-page response to questions from senators, General Alexander sketched out the broad battlefield envisioned for the computer warfare command and acknowledged the kind of targets that his new headquarters could be ordered to attack.
The target list included traditional battlefield prizes — command-and-control systems at military headquarters, air defense networks and weapons systems that require computers to operate.
Continue reading the main storyBut he agreed with a question submitted by the Senate that asked whether the target list would include civilian institutions and municipal infrastructure that are essential to state sovereignty and stability, including power grids, banks and financial networks, transportation and telecommunications.
General Alexander promised that the Cyber Command would be sensitive to the ripple effects from this kind of warfare, and would honor the laws of war that govern traditional combat in seeking to limit the impact on civilians.
“It is difficult for me to conceive of an instance where it would be appropriate to attack a bank or a financial institution, unless perhaps it was being used solely to support enemy military operations,” he wrote. General Alexander did not note it in his response, but the Bush administration considered exactly that kind of network attack on Iraq’s banking system before the invasion of 2003, but rejected the idea, fearing an unintended impact on global financial markets.
The confirmation hearing will be the public’s first opportunity to hear General Alexander describe the computer warfare command’s proposed objectives and responsibilities — and what safeguards he will pledge to protect privacy in the United States and to respect the interests of allies and neutral nations.
He is the first chief of the Pentagon’s newest global combatant headquarters, and the first whose sole mission is cyberspace.
If confirmed, General Alexander would receive a fourth star and be the first career military intelligence officer to lead a global combatant command. He would, in military jargon, be dual-hatted, a term to describe his role in charge of the Cyber Command while continuing to lead the National Security Agency, which specializes in electronic intelligence, including phone and computer espionage.
The N.S.A.’s role in intercepting international calls to and from the United States since the Sept. 11 attacks, first approved by secret orders from President George W. Bush and largely continued by President Obama with the blessing of Congress, generated intense contention — and scrutiny by Congress and the courts. Because the agency spies on the computer systems of foreign governments and terrorist groups, General Alexander would, in effect, be put in charge of both finding and, if need be, neutralizing cyberattacks in the making, as well as defending military computer networks.
“If confirmed, I will operate within applicable laws, policies and authorities,” General Alexander wrote to the senators. “I will also identify any gaps in doctrine, policy and law that may prevent national objectives from being fully realized or executed.”
The military is moving into uncharted territory as it seeks to defend national interests and carry out offensive operations inside computer networks, he wrote, with nations of the world not even agreeing on what constitutes a computer attack or the appropriate response.
He wrote that there was no theory of deterrence to guide planning for cyberwarfare similar to strategies that guided nuclear planning in the cold war, and that it remained difficult to assess exactly who carried out an attack over computer networks.
The new Cyber Command was announced last year, and the unusually long delay in scheduling a confirmation hearing for its proposed leader is evidence of the intense behind-the-scenes debate over the command’s role, missions, authorities and safeguards.
Another challenge highlighted by General Alexander is the role that the military’s Cyber Command would play on American soil, since it has far greater capabilities than the Department of Homeland Security. By tradition and law, the military only operates within the United States if ordered by the president. But a computer network attack on targets in the United States could happen instantaneously and with little warning.
General Alexander reiterated that a presidential order would be required for the Defense Department and the Cyber Command to take the leading role in responding to a computer network attack on American soil.
The world of computer network warfare remains highly secret, and many of General Alexander’s answers to the senators were excised from the 32 pages of responses, and placed in a separate classified addendum.
Continue reading the main story