The annual defense budget passed in December affirms that the Department of Defense may carry out offensive cyber attacks to defend U.S. interests and those of its allies. It also requires the military to take certain defensive cyber measures, including the creation of a new insider threat program.
The National Defense Authorization Act doesn’t give the military carte blanche to unleash malware across the Web. Rather, according to the act, such attacks must be carried out upon the President’s direction, and are subject to both the law of warfare and the War Powers Resolution.
The military has long been interested in developing offensive cyber capabilities, but has rarely been open about it in public. In recent months, however, that’s begun to change.
National Security Agency director and Cyber Command commander Gen. Keith Alexander said in October that “the advantage is on the offense” regarding cyber, and that the government should in some cases go after botnets and other malicious actors. Then, in November, the Defense Advanced Research Projects Agency (DARPA) for the first time publicly discussed the fact that it was doing research into offensive cyber capabilities.
via InformationWeek Government, continued here.