By Carlo Muñoz - 10/12/12 02:52 PM EDT
The Pentagon has for the first time acknowledged that U.S. military forces are able to carry out preemptive or retaliatory acts of cyber warfare.
In a speech Thursday night in New York, Defense Secretary Leon Panetta said the Pentagon stands ready "to help defend the nation in cyberspace" in the same way it wages war in on land, at sea and in the air.
"Our mission is to defend this nation. We defend. We deter. And if called upon, we take decisive action," Panetta said during his keynote address to the Business Executives For National Security conference.
"If a crippling cyber attack were launched against our nation, the American people must be defended," he said. "And if the commander in chief orders a response, the Defense Department must be ready to act."
Prior to his speech, Pentagon officials have remained virtually silent on the department's ability to wage cyber war against nations or non-state actors, such as al Qaeda.
Cyber warfare experts inside the Pentagon are currently drafting new rules of engagement for the cyber realm. Those new rules will also include clear guidance on when, where and how U.S. forces can carry out a cyber attack, Panetta said on Thursday.
Led by Cyber Command chief Gen. Keith Alexander, the new "standing rules of engagement" will look to expand existing Pentagon protocols regarding cyber attacks beyond military networks, he told Congress in March.
"We need to have the option to take action ... when directed by the president," he said.
"For these kinds of scenarios, [DOD] has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace," Panetta added.
The rules of engagement being assembled by Alexander and his staff will help DOD "understand where the lines of responsibility in cyber defense will be drawn and how those responsibilities will be executed," according to the DOD chief.
Panetta's comments on offensive cyber operations were not intended to be an outward show of force to America's enemies, a senior defense official told reporters on Wednesday — they were meant to "put the [offensive] capabilities into the broader context" of cyberwarfare options available to the Pentagon and White House.
That said, DOD has been busily revamping its current cyber-warfare capabilities and steadily building up its cadre of cyber warriors.
"Just as DOD developed the world's finest counterterrorism force over the past decade, we need to build and maintain the finest cyber operators," Panetta said.
Pentagon officials have also made "significant investments" in technologies that will allow U.S. military officials to pinpoint the origins of a given cyberattack against American networks. In the past, DOD has argued the biggest challenge in carrying out offensive cyber operations has been the inability to locate where exactly an attack originated from.
But according to Panetta, the department officials "are seeing returns on those investments" to locate attackers in the cyber realm.
"Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America," he said.
DOD remained mum on where the majority of the attacks are originating from, but remains "very concerned" over growing cyber warfare capabilities under development by Russia, Iran and especially China, the first defense official said Wednesday.
Cyber warfare was a main topic of discussion between Panetta and Chinese Defense Minister Gen. Liang Guanglie during bilateral security talks held in Beijing earlier this year, the defense official said.
Though the Pentagon's aggressive new cyber warfare strategy finally endorses offensive operations, the strategy does not open the door to unfettered cyber attacks against U.S. adversaries, a second senior defense official said.
U.S.-led cyber attacks, like any other offensive operation, will be at the discretion of the White House, the official said.
Under the department's new cyber rules of engagement, cyber strikes will only be considered when a potential cyber threat rises to the level of an actual armed attack against U.S. interests, the first official said.