Cyber Rules of Engagement

The Defense Department is expected to release updated rules of engagement for operating in and defending cyberspace in the next few months, said Army Gen. Keith Alexander, head of US Cyber Command. The existing rules have been in place since 2005, but there have been dramatic changes in the cyber domain since then, Alexander told members of the Senate Armed Services Committee Tuesday. Specifically, the rules—which are going through a “thorough review” with the Joint Staff—are expected to identify the authorities that the Defense Department needs “to maximize pre-authorization of defense responses and empower activity at the lowest level,” said Alexander. In other words, they will address how the Pentagon will react to a cyber attack, he said. DOD is “maturing the standing rules of engagement that would allow us to stop some of the exploits as they’re going on,” said Alexander. “I think we can do that with minimal risk.” He said while he expects some authority to stop attacks at a lower level, going “after a computer in foreign space” likely will require the President and/or Defense Secretary to step in. “That makes a lot of sense from my perspective,” he noted. (Alexander’s prepared testimony)