Officials declined to describe potential offensive operations, but said they now viewed cyberspace as comparable to more traditional battlefields.
“We are not comfortable discussing the question of offensive cyberoperations, but we consider cyberspace a war-fighting domain,“ said Bryan Whitman, a Pentagon spokesman. “We need to be able to operate within that domain just like on any battlefield, which includes protecting our freedom of movement and preserving our capability to perform in that environment.”
It was kept separate from the military debate over whether the Pentagon or the N.S.A. is best equipped to engage in offensive operations. Part of that debate hinges on the question of how much control should be given to American spy agencies, since they are prohibited from acting on American soil.
“It’s the domestic spying problem writ large,” one senior intelligence official said recently. “These attacks start in other countries, but they know no borders. So how do you fight them if you can’t act both inside and outside the United States?”
Will the White House give the cyberczar authority over defending civilian targets, even though it’s easy to imagine that an attack on the New York Stock Exchange could come from terrorist or foreign militaries rather than the proverbial teenage hacker or individuals with criminal intentions? And should the Pentagon treat all attacks on military information infrastructure as triggering cyberwarfare questions, including those that come from U.S. citizens like our proverbial teenage hacker? Similarly, if we look to offensive cyberoperations, how much of a cyberattack can the Pentagon pursue without affecting civilian information networks (think, the Internet) and how often can it do so without risk of affecting U.S. resources or civilians in ways that might trod on the cyberczar’s turf?