President Obama called on national security leaders to develop destructive cyberwarfare capabilities that could be triggered with “little or no warning” against adversaries around the world, according to a top-secret document obtained by The Washington Post.
Presidential Policy Directive 20, issued to national security and intelligence officials in October, includes an array of procedures to ensure that cyberattacks are lawful and minimize damage. But in bureaucratic language, the directive indicates the government believes cyberattacks, known as “Offensive Cyber Effects Operations,” or OCEO, are becoming common and that cyberwar could be just around the corner.
“OCEO can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging,” the document said. “The United States government shall identify potential targets of national importance where OCEO can offer favorable balance of effectiveness and risk as compared with other instruments of national power.”
The leak of the document could complicate Saturday summit talks between Obama and Chinese President Xi Jinping, during which Obama is expected to complain about Chinese cyberspying and theft of American trade secrets. Cyber-specialists take it for granted that the United States and China are already engaged in a struggle in cyberspace.
Those summit talks come just days after Defense Secretary Chuck Hagel, speaking to troops in Hawaii, warned, “Cyber is one of those quiet, deadly, insidious unknowns you can’t see.”
“It’s in the ether — it’s not one big navy sailing into a port or one big army crossing a border or squadrons of fighter planes,” he said. “This is a very difficult but real and dangerous threat. There is no higher priority for our country than this issue.”
The Post first reported about the existence of the directive in November. White House sources then said it was the most extensive effort to date to define the lines between offensive and defensive cyber operations.
The Obama administration later released an unclassified overview of the directive’s highlights.
“As we have already publicly acknowledged, last year the President signed a classified Presidential directive relating to cyber operations, updating a similar directive dating back to 2004,” National Security Council spokeswoman Caitlin Hayden said in a statement Friday.
She added that the directive is part of a push to make cybersecurity a “top priority.”
“The cyber threat has evolved, and we have new experiences to take into account,” Hayden said. “This directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal.”
Hayden said the directive “provides a whole-of-government approach consistent with the values that we promote domestically and internationally. She said it is aimed at establishing “principles and processes that can enable more effective planning, development, and use of our capabilities.”
The top-secret 18-page document “provides a procedure for cyber collection operations that are reasonably likely to result in ‘significant consequences,’ ” also known in the national security world as “sensitive offensive cyber operations.”
It also offers glimpses into a burgeoning military and intelligence world that has been blanketed by top secrecy. Among other things, the document indicates that the government deploys people who use online personas for intelligence, counterintelligence and law-enforcement operations.
The document acknowledges that cyber operations could come with collateral damage. Cyber operations, “even for subtle and clandestine operations, may generate cyber effects in locations other than the intended target, with potential unintended or collateral consequences that may effect U.S. national interests in many locations.”
It states that only the president can authorize cyber operations inside the United States unless “it qualifies as an Emergency Cyber Action.” A secret 13-page document, obtained by The Post, is called “Procedures for Department and Agency Conduct of Emergency Cyber Operations.”
The document outlines emergency procedures “necessary to mitigate an imminent threat or ongoing attack against U.S. national interests.”