'Little or no warning': Obama draws up worldwide cyber-attack target list
The 18-page, classified document, entitled Presidential Policy
Directive 20, outlines plans for
Offensive Cyber Effects Operations (OCEO), cyber-attacks which would target US adversaries around the world.
“OCEO can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging,” the Washington Post cites the document as saying. “The United States government shall identify potential targets of national importance where OCEO can offer favorable balance of effectiveness and risk as compared with other instruments of national power,” it continues.
The directive also mulls the potential use of cyber actions
within the US, though any such operations must be conducted with
prior authorization of the White House, unless “it qualifies
as an Emergency Cyber Action.”
Under the heading "Policy Reviews and Preparation", a section
marked "TS/NF" - top secret/no foreign - states: "The
secretary of defense, the DNI [Director of National
Intelligence], and the director of the CIA … shall prepare for
approval by the president through the National Security Advisor a
plan that identifies potential systems, processes and
infrastructure against which the United States should establish
and maintain OCEO capabilities…," the Guardian reports. The
deadline for the plan is six months after the approval of the
It further recognizes the potential for collateral damage in the wake of cyber operations, noting: “even subtle and clandestine operations, may generate cyber effects in locations other than the intended target, with potential unintended or collateral consequences that may effect [sic] US national interests in many locations.”
The document states that all cyber operations should conform with
US and international law, noting that any operations which are
"reasonably likely to result in significant consequences
require specific presidential approval."
The directive, which was distributed to virtually every high-ranking member of the US Executive, was first signed by President Obama in mid-October though it was never published.
In November, a senior administration official told the Post how the directive was part and parcel of the White House effort to delineate between what constitutes an “offensive” or “defensive” action in the mercurial world of cyber-war and cyber-terrorism.
“What it does, really for the first time, is it explicitly talks about how we will use cyber-
operations,” the official said. “Network defense is what you’re doing inside your own networks. . . . Cyber-operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes.”
Select statements from the memo were declassified in January, though no mention was made of US efforts to draw up a target list or bolster its offensive capability.
When asked about efforts to ratchet up US offensive capabilities
as outlined in the directive, a senior administration official
told the Guardian: "Once humans develop the capacity to build
boats, we build navies. Once you build airplanes, we build air
The official added: "As a citizen, you expect your government to plan for scenarios. We're very interested in having a discussion with our international partners about what the appropriate boundaries are."
Reports of the directive came as Chinese President Xi Jinping met with President Obama for an informal two-day summit in the resort city of Rancho Mirage, California on Friday.
In a bid to rebuff media reports that China regularly targeted
the US military and corporations with cyber-attacks, President Xi
told reporters with Obama at his side: “China is a victim of
cyber- attacks and we hope that earnest measures can be taken to
resolve this matter.”
Obama opted not to publicly accuse China of being behind a raft
of cyber-attacks targeting US facilities and institutions.
Rather, he called for “common rules of the road,” adding
that China and the US should work together for a mutually
beneficial cyber-security regime.
“As China continues in its development process and more of its economy is based on research and innovation and entrepreneurship, they’re going to have similar concerns, which is why I believe we can work together on this rather than at cross-purposes,” Obama said.
Despite Obama’s reticence to challenge China, Secretary of Defense Chuck Hagel recently issued a stern warning to China over its alleged cyber-attacks against the US: “We are also clear-eyed about the challenges in cyber. The United States has expressed our concerns about the growing threat of cyber intrusions, some of which appear to be tied to the Chinese government and military.”
Hagel’s comments came in the wake of a US Defense Science Board report which claimed around 40 Pentagon weapons programs and almost 30 other defense technologies had been compromised by Chinese hackers, some purportedly tied to the military or government.
In April, Gen. Keith Alexander, who heads both the National Security Agency and the new Cyber Command, signaled that the United States would more aggressively counter cyber-attacks from abroad with offensive operations.
Alexander told Congress that of 40 new CYBERCOM teams currently being assembled, 13 were being established to counter foreign cyber-attacks. Regarding the 13 teams of programmers and computer experts, the NSA chief stressed: “this defend-the-nation team, is not a defensive team.”