A defense official quote in this report from the Washington Post says: “Al Qaeda is everywhere.”
That’s the same as saying that anyone who has a blog is “everywhere” — presence on the web is by its nature global. Still, it’s a dubious claim when coming out of the mouth of a US government official because it will inevitably be used to justify the extension of government powers in ways that vastly exceed the size or scope of the threat that they are designed to counter.
The Pentagon’s new Cyber Command is seeking authority to carry out computer network attacks around the globe to protect U.S. interests, drawing objections from administration lawyers uncertain about the legality of offensive operations.
Cyber Command’s chief, Gen. Keith B. Alexander, who also heads the National Security Agency, wants sufficient maneuvering room for his new command to mount what he has called “the full spectrum” of operations in cyberspace.
Offensive actions could include shutting down part of an opponent’s computer network to preempt a cyber-attack against a U.S. target or changing a line of code in an adversary’s computer to render malicious software harmless. They are operations that destroy, disrupt or degrade targeted computers or networks.
But current and former officials say that senior policymakers and administration lawyers want to limit the military’s offensive computer operations to war zones such as Afghanistan, in part because the CIA argues that covert operations outside the battle zone are its responsibility and the State Department is concerned about diplomatic backlash.
The administration debate is part of a larger effort to craft a coherent strategy to guide the government in defending the United States against attacks on computer and information systems that officials say could damage power grids, corrupt financial transactions or disable an Internet provider.
The effort is fraught because of the unpredictability of some cyber-operations. An action against a target in one country could unintentionally disrupt servers in another, as happened when a cyber-warfare unit under Alexander’s command disabled a jihadist Web site in 2008. Policymakers are also struggling to delineate Cyber Command’s role in defending critical domestic networks in a way that does not violate Americans’ privacy.