Cyberattacks and the Covert Action Statute: Toward a Domestic Legal Framework for Offensive Cyberoperations

30 Pages Posted: 2 Oct 2012 Last revised: 7 Mar 2016

See all articles by Aaron Brecher

Aaron Brecher

Orrick, Herrington & Sutcliffe LLP

Date Written: January 6, 2012


Cyberattacks are capable of penetrating and disabling vital national infra-structure, causing catastrophic economic harms, and approximating the effects of war, all from remote locations and without the use of conventional weapons. They can be nearly impossible to attribute definitively to their sources and require relatively few resources to launch. The United States is vulnerable to cyberattacks but also uniquely capable of carrying out cyberattacks of its own. To do so effectively, the United States requires a legal regime that is well suited to cyberattacks’ unique attributes and that preserves executive discretion while inducing the executive branch to coordinate with Congress. The trouble is that it is unclear which domestic legal framework should govern these attacks. The military and intelligence communities have disputed which of their respective legal regimes should control. The choice between these frameworks raises important issues about the policy benefits of the executive branch keeping Congress informed regarding cyberattacks that it conducts. It also raises constitutional questions about the branches’ respective roles in war-making when the chosen course of conduct blurs the line between an intelligence operation and an act of war. This Note argues that, in the absence of an independent congressional authorization to use force against a target, the covert action statute, which demands written reports from the president to the congressional intelligence committees in advance of operations, should presumptively govern, and that the president should issue an executive order to that effect.

Please note that since this paper's publication, 50 U.S.C. section 413b, governing covert actions, has been editorially reclassified as 50 U.S.C. section 3093.

Keywords: cybersecurity, cyber attack, cyber war, covert action, war powers, separation of powers, oversight, traditional military activity

Suggested Citation

Brecher, Aaron, Cyberattacks and the Covert Action Statute: Toward a Domestic Legal Framework for Offensive Cyberoperations (January 6, 2012). 111 Michigan Law Review, No. 3, p. 423, 2012. Available at SSRN:

Aaron Brecher (Contact Author)

Orrick, Herrington & Sutcliffe LLP ( email )

Seattle, WA
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics