For example, there is only an implied legal "right to general self-defense" following cyberattacks, and there isn't exactly a protocol for handling breaches of U.S. networks that are launched domestically. It also isn't entirely clear how the U.S. would respond to cyberattacks that are not in some way bound by geography, according to Alexander's remarks.
"There is, undoubtedly, much uncharted territory in the world of cyberpolicy, law and doctrine," Alexander told the committee on Thursday. He later stressed he would work closely with committee members and Pentagon leaders to fill in the many legal holes that currently pervade cybersecurity policy.
The Department of Defense pushed for the creation of CYBERCOM by October 2009, seeking to address the increasing frequency of cyberthreats targeting the United States. While the military has emphasized the command's primary role is to defend the military's networks -- a focus Alexander echoed on Thursday -- the new structure is also likely to double as the central hub for the U.S. military's online offensive hub.
"We face a growing array of cyber threats... who are capable of stealing, manipulating or destroying information that could compromise our national security," he told lawmakers, who seemed mostly receptive of his nomination and early testimony.
"If confirmed, my main focus will be on building the capacity, capabilities and critical partnerships required for security," he added.