President Obama: The (Unilateral) Cyber Warrior

President Obama: The (Unilateral) Cyber Warrior

The NYT has another big expose today on one of the Obama Administration’s secret war, this time detailing the President’s authorization of cyberattacks on Iran’s nuclear facilities.

 From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

According to the article, the President was aware that he was breaking new ground in expanding and defining the rules (and perhaps the laws) of cyber warfare.

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.

One interesting sidenote not discussed in the article: No one quoted in the article (which is based it seems on self-serving leaks by top Obama aides) seems to have wondered as to whether the President has the constitutional authority to launch cyberattacks on Iran. Congress hasn’t authorized any such attacks (whereas it arguably has done so for the drone program).

Like the drone program, President Bush laid the legal precedents by authorizing cyberattacks on Iran during his term.  But Obama, who used to criticize Bush’s expansive notions of executive powers, does not seem to have been troubled by using that authority here. And I am guessing that the emerging bipartisan consensus in the U.S. will be that such attacks fall well within the President’s inherent powers as commander in chief.

Notify of
Benjamin Davis
Benjamin Davis

I find this simply amazing that no one mentions whether this kind of intentional targeting of Iranian facilities means that we are already in jus in bello.  The Obama logic of the Libyan intervention and its rationale for action without Congressional authorization has even more meaning when you see it in the context of these cyberattacks on Iran.

WWIII may have started several years ago.

It is a shooting war whether we are shooting ones and zeroes or shooting weapons.  One can only hope that reason prevails in the capitals or Israel, Iran, US, Russia and China now that the bag is out of the cat in a very big way.



I agree with Ben that there are some fundamental issues here (as others who explore the contours of “cyber-war” have noted), such as when does such an attack consitute an “armed attack” (e.g., with a weapon?) under Article 51 of the U.N. Charter?, is article 2(4) of the Charter violated by use of such (i.e., is it “armed” “force” “against” the “territorial integrity” or “politicla independence” of Iran or “in any other manner inconsistent with” the purposes of the U.N.?), and do such actions trigger “war”?
Julian: how can the commander in chief power be the basis for such attacks if the U.S. and Iran are not at war?  And in this case, Art. II of the Const.’s faithful execution of the “Laws,” including international law such as the law of self-defense in case of an armed attack by Iran on the U.S., its embassies, its military or other nationals abroad does not seem to apply.
I am not sure that emplacement of a computer virus constitues an “armed attack” or “use of armed force” under the Charter.  What happens when the virus is emplaced and operates? Is it even a violation of international law? what international law?  


[…] can read two early analyses of this issue here and here. Share this:TwitterFacebookLike this:LikeBe the first to like this post. from → Chapter Nine […]