U.S. prepares cyberwar policy

Obama ordered development of destructive capabilities last year


WASHINGTON — President Obama called on national security leaders to develop destructive cyberwarfare capabilities that could be triggered with “little or no warning” against adversaries around the world, according to a top-secret document obtained by the Washington Post.

Presidential Policy Directive 20, issued to national security and intelligence officials in October, includes an array of procedures to ensure cyberattacks are lawful and minimize damage.

But the directive indicates the government believes cyberattacks, known as “Offensive Cyber Effects Operations,” or OCEO, are becoming common and that cyberwar could be just around the corner.

“OCEO can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging,” the document said.

“The United States government shall identify potential targets of national importance where OCEO can offer favorable balance of effectiveness and risk as compared with other instruments of national power.”

Defense Secretary Chuck Hagel recently addressed the cyberwarfare issue while speaking to troops in Hawaii.

“Cyber is one of those quiet, deadly, insidious unknowns you can’t see,” Mr. Hagel said.

“It’s in the ether — it’s not one big navy sailing into a port or one big army crossing a border or squadrons of fighter planes,” he said. “This is a very difficult but real and dangerous threat. There is no higher priority for our country than this issue.”

The Washington Post first reported about the existence of the directive in November. White House sources then said it was the most extensive effort to date to define the lines between offensive and defensive cyber operations.

The Obama Administration later released an unclassified overview of the directive’s highlights.

“As we have already publicly acknowledged, last year the President signed a classified presidential directive relating to cyber operations, updating a similar directive dating back to 2004,” National Security Council spokesman Caitlin Hayden said Friday.

She added that the directive is part of a push to make cybersecurity a “top priority.”

“The cyber threat has evolved, and we have new experiences to take into account,” Ms. Hayden said. “This directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal.”

The top-secret 18-page document “provides a procedure for cyber collection operations that are reasonably likely to result in ‘significant consequences,’ ” also known in the national security world as “sensitive offensive cyber operations.”

It also offers glimpses into a burgeoning military and intelligence world that has been blanketed by top secrecy. Among other things, the document indicates that the government deploys people who use online personas for intelligence, counterintelligence, and law-enforcement operations.

The document acknowledges that cyber operations could come with collateral damage.

It states that only the President can authorize cyber operations inside the United States unless “it qualifies as an Emergency Cyber Action.”