A legal review has concluded that the US president can order pre-emptive cyberstrikes if the country finds evidence of a digital attack against it.
Citing unnamed officials involved in the review, the New York Times reported on Monday that the new policy will also govern how the intelligence agencies can carry out searches of overseas computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries with a destructive code – even if there is no declared war.
The review came as the US department of defence approved a five-fold expansion of its cybersecurity force over the coming years in a bid to increase its ability to defend critical computer networks.
The Washington Post reported that the department's Cyber Command, which currently has a staff of about 900, will expand to about 4 900 troops and civilians.
Last November, Defence Secretary Leon Panetta conceded that US cybersecurity needed more financial support and human capital.
The seriousness of the threat has been underscored by a string of sabotage attacks, including one in which a virus was used to wipe data from more than 30 000 computers at a Saudi Arabian state oil company last summer.
'Washington Post' cyberattack
The official mouthpiece of China's ruling Communist Party on Monday roundly rejected claims of hacking attacks from China by American media outlets, hinting instead at ulterior motives by the US.
The People's Daily article echoed vehement government rejections last week after the New York Times and Wall Street Journal linked Beijing to cyberattacks.
In a fresh development, the Washington Post disclosed on Saturday that it had suffered an attack and suspects Chinese hackers were behind it.
"Even those with little understanding of the internet know that hacking attacks are transnational and concealable," said the signed Chinese-language commentary, which could not be found on the paper's English website.
"IP addresses simply do not constitute sufficient evidence to confirm the origins of hackers," it added.
The People's Daily accused the United States of fanning "fear of China" out of self-interest, saying that it has invoked national security as a justification for trade protectionism and economic sanctions.
The 'China threat'
"America keeps labelling China as hackers, simply playing up the rhetoric of the 'China threat' in cyberspace, providing new justification for America's strategy of containing China," it said.
The article repeated the Beijing government's position that China is also a victim of hacking, saying that there were more attacks from US-based IP addresses on Chinese websites in December than from any other country.
Despite this, it said, "China did not draw simple inferences or hasty conclusions about the attack source".
There were attacks from 3 000 foreign IP addresses in the month, it added.
The New York Times reported last week that hackers stole corporate passwords and accessed the personal computers of 53 employees after the newspaper published a report on the family fortune of China's premier Wen Jiabao.
Some security analysts said the media attacks were probably linked to the Beijing authorities, while others argued it was difficult to ascertain whether the attacks stemmed from China or if hackers acted on government orders.
Hackers from China have previously been linked to attacks on US defence giant Lockheed Martin, Google and Coca-Cola. Other reports say China's hackers have tried to infiltrate the Pentagon's computers and those of US lawmakers.
According to the Times, John Brennan, who has been nominated to run the Central Intelligence Agency, played a central role in developing the administration's policies regarding cyberwarfare.
US President Barack Obama is known to have approved the use of cyberweapons only once, when he ordered an escalating series of cyberattacks against Iran's nuclear enrichment facilities, the Times said.
The operation was code-named Olympic Games, and began inside the Pentagon when George W Bush was still president, according to the paper.
The attacks on Iran illustrated that a nation's infrastructure can be destroyed without bombing it or sending in saboteurs, the report said.
One senior American official said that the reviewers had quickly determined that the cyberweapons were so powerful that – like nuclear weapons – they should be unleashed only on the direct orders of the commander-in-chief, the Times noted.
International law allows any nation to defend itself from threats, and the United States has applied that concept to conduct pre-emptive attacks, the paper noted.
Under the new guidelines, the Pentagon would not be involved in defending against ordinary cyberattacks on American companies or individuals, the Times said. That responsibility falls to the department of homeland security.
But the military would become involved in cases of a major cyberattack within the United States, the paper noted. – AFP