At the Washington Post, Ellen Nakashima has a story this evening about a list of cyber-weapons and tools (for instance, malware with which to attack an enemy state's infrastructure networks) for computer warfare. The list of capabilities is classified, and has been in use for several months. Other US agencies, including the CIA, have approved it, and the list is now of the Pentagon's set of weapons or "fires" approved for use against an adversary. Snip:
"So whether it's a tank, an M-16 or a computer virus, it's going to follow the same rules so that we can understand how to employ it, when you can use it, when you can't, what you can and can't use," a senior military official said.
The integration of cyber-technologies into a formal structure of approved capabilities is perhaps the most significant operational development in military cyber-doctrine in years, the senior military official said.
The framework clarifies, for instance, that the military needs presidential authorization to penetrate a foreign computer network and leave a cyber-virus that can be activated later. The military does not need such approval, however, to penetrate foreign networks for a variety of other activities. These include studying the cyber-capabilities of adversaries or examining how power plants or other networks operate. Military cyber-warriors can also, without presidential authorization, leave beacons to mark spots for later targeting by viruses, the official said.