ROBERT SIEGEL, host:
From NPR News, this is ALL THINGS CONSIDERED. I'm Robert Siegel.
MICHELE NORRIS, host:
And I'm Michele Norris.
The United States has a new military command, this one focused on cyber war. Two weeks ago, Congress affirmed Army General Keith Alexander as head of U.S. cyber command. Today, in his first public comments since his confirmation, General Alexander laid out some of the challenges he faces. Among them, deciding when and how to wage cyber war.
NPR's Tom Gjelten reports.
TOM GJELTEN: The U.S. military is organized around a series of commands. Central command is in charge of all war fighting in the Middle East. It's mostly on land. Pacific command focuses on Asia, that's largely about sea power. Special Forces command has the expertise on clandestine operations. But war in cyberspace would be like nothing that has come before it. What does territory mean? What is legal? What is ethical?
General Alexander says he's concerned about the lack of cyber war fighting guidelines. One example he cited: What if a country launches a cyber attack against the United States or someone else from computers based in a third country?
General KEITH ALEXANDER (U.S. Army): It's not unlike warfare where you have armed conflict going in one state and somebody attacks from a neutral state in. There are laws of land warfare that deal with that. He now have to look at that in light of cyberspace.
GJELTEN: Conventional war fighting is governed by internationally agreed laws of war. And U.S. commanders in the field are given so-called rules of engagement specifying what they can do in particular situations, who can be attacked under what circumstances, with what level of force. But cyber commanders have not been told how exactly they should respond to an attack on U.S. computer networks.
Gen. ALEXANDER: What we have to establish are clear rules of engagement that say what we can stop.
GJELTEN: Here's an example of something that's not clear. The United States years ago made clear it might strike preemptively against a terrorist group or enemy state if it's necessary to stop an attack against the United States. But could General Alexander order a preemptive cyber attack to stop someone from penetrating our computer defenses?
Mr. JEFFREY SMITH (Former CIA General Counsel): He needs clear guidance.
GJELTEN: Jeffrey Smith is a former CIA general counsel.
Mr. SMITH: From the president, secretary of state, director of national intelligence, attorney general and so on, as to how cyber assets may be employed. What may he as the commander of cyber command do?
GJELTEN: General Alexander, for example, might be inclined to order an attack against a computer network in another country if there's evidence those computers are attacking the United States.
But just as commanders need to worry about civilian casualties from an air strike, General Alexander would also need to worry about collateral damage to innocent computer users. An important issue here is whether U.S. cyber command, which is under the National Security Agency, gets the authority to identify computer users at home and abroad who have malicious intent. That raises privacy issues.
General Alexander says he'll depend on good oversight so he can demonstrate that his cyber war fighters are abiding by U.S. law.
Gen. ALEXANDER: I think the real key to the issue, how do we build the confidence that we're doing it right with the American people, with Congress and everyone else? That's going to be the hard part.
GJELTEN: The overseers here, General Alexander said, will be the U.S. courts and the U.S. Congress.
Tom GJELTEN, NPR News, Washington.