The Defense Department is quietly taking on an expanding role in cybersecurity, delicately navigating historic rules that restrict military action on U.S. soil. Under the new rules, the president would approve the use of the military's expertise in computer-network warfare, and the Department of Homeland Security would direct the work.
The Obama administration has adopted new procedures for using the Defense Department's vast array of cyberwarfare capabilities in case of an attack on vital computer networks inside the United States, delicately navigating historic rules that restrict military action on U.S. soil.
The system would mirror that used when the military is called on in natural disasters like hurricanes or wildfires. A presidential order dispatches the military forces, working under the control of the Federal Emergency Management Agency.
Under the new rules, the president would approve the use of the military's expertise in computer-network warfare, and the Department of Homeland Security would direct the work.
Officials involved in drafting the rules said the goal was to ensure a rapid response to a cyberthreat while balancing concerns that civil liberties might be at risk should the military take over such domestic operations.
The rules were deemed essential because most of the government's computer-network capabilities reside within the Pentagon -- while most of the important targets are on domestic soil, whether within the government or in critical private operations like financial networks or a regional power grid.
The new approach will begin with a Department of Homeland Security team deploying to Fort Meade, Md., home to both the National Security Agency, which specializes in electronic espionage, and the military's new Cyber Command. In exchange, a team of networking experts from the Defense Department would be assigned to the operations center at the Department of Homeland Security .
The rules were detailed in a memorandum of agreement signed in late September by Janet Napolitano, the secretary of homeland security, and Defense Secretary Robert Gates, but they were not released until last week.
Robert J. Butler, the Pentagon's deputy assistant secretary for cyber policy, said the memorandum was intended to cut through legal debates about the authority for operating domestically and to focus on how best to respond to the threat of attack on critical computer networks. Butler said teams of lawyers would watch for potential violations of civil liberties.
"We have put protection measures in place," he said.
The Pentagon is expected to release a full National Defense Strategy for Cyber Operations by the end of the year, to be followed by broader interagency guidance from the White House, perhaps in the form of a presidential directive, in 2011.Congress also is weighing legislation that would update domestic law to deal with advances in computer-based surveillance and cyberwarfare.