Obama's secret order draws up overseas target list for cyberattacks

Obama's secret order draws up overseas target list for cyberattacks

Summary: U.S. President Obama signed an directive that orders senior intelligence and defense staff to determine which foreign targets should be attacked with cyberweapons should the country come under attack.

TOPICS: Government US
U.S. President Obama giving a speech in February, just hours after signing an executive order on cybersecurity. (Image: CBS News)

Another day, another leak — in what has been a week of unauthorized disclosures that continues to envelop the White House in a privacy storm.

The U.S. government has drawn up a secret list of targets it can attack either preemptively or offensively if it came under attack, reports The Guardian.

The London, U.K.-based newspaper continues its leak streak by publishing a secret 18-page order, which describes how his national security team and intelligence officials were told to draw up a list of overseas targets the U.S. government could attack if it were necessary.

Dubbed "Presidential Policy Directive 20," written in October — just months before President Obama signed an executive order on cybersecurity — the document describes how the U.S. government could take offensive measures against a hostile country or system "with little or no warning," and with "potential effects ranging from subtle to severely damaging."

In simple terms, the directive gives U.S. federal agencies the authority to "put in place tools and a framework to enable government to make decisions."

Detailed in the document, the Offensive Cyber Effects Operations (OCEO) can be used to identify valuable foreign targets in which the U.S. can employ a cyberattack instead of a targeted, surgical drone strike, for instance.

The key quote as follows:


In the document, it describes how "offensive cyber effects" are defined by "operations and related programs or activities [...] in or through cyberspace, that are intended to enable or produce cyber effects outside the U.S. government networks."

Obama himself must give the final order, according to the order. This ties in with an earlier report, citing The New York Times, that the President could launch a "pre-emptive" cyberattack against a state or government if required.

These attacks against foreign nations can be conducted without the authority of that government whenever "U.S. national interests and equities" warrant such assaults. Such attacks are described as "anticipatory action taken against imminent threats."

Perhaps more worryingly, the order can also be used domestically against networks within the U.S., but this must be given as an explicit order from the President — except in dire circumstances or emergencies, such as when imminent loss of life may occur.

Some of the caveats included in the document is that any cyberattack must fall within the principles of international law, and not exceed the values that the U.S. government promotes both domestically and internationally. 

The document remains classified as "top secret," with a declassification date of October 16, 2037. Security markings on the document confirm the classification, and that it should not be distributed to foreign nationals.

Topic: Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Well....

    It's very unlikely there *any* developed country doesn't have a similar cyber policy these days (and maybe not with as many caveats.)

    The reaction to these not very surprising and not very newsy Guardian reports has been more curious and interesting than the documents themselves. It's been already pretty well documented, both by privacy organizations like the Electronic Frontier Foundation and even by the mainstream media (Google up the 2006 USA Today report titled "NSA secret database report triggers fierce debate in Washington"), that U.S. agencies, especially the NSA, have long ago implemented massive data gathering projects involving both phone records and Internet stuff. But somehow, an awful lot of people, including many news media folks, are acting like this is all startlingly, brand new revelations that is going to bring about "1984," even though "1984" pretty much already happened in 1984.
  • Plans

    There are preemptive plans that you would not even think of to take care of foreseeable attacks, disasters and other occurrences.
    People are tucked away somewhere thinking all that what if? stuff up and others are coming up with plausible reactions for it.
  • Newsworthy?

    The President takes an oath of office. It includes the clause "I will support and defend the Constitution of the United States against all enemies, foreign and domestic". It seems to me that the preparations for cyber war described in these leaks fall under the heading of fulfilling this oath just as much as maintaining the military for more conventional warfare. Could these preparations be abused? Sure. Read some history about J. Edgar Hoover and Richard Nixon. Part of what a presidential candidate has to do these days to get elected is to convince people that he won't abuse the powers available when in office. That these powers exist isn't news. If there were evidence they had been abused, well, that would be news. So far, I haven't seen anything like that.
    Sir Name
  • Save the Internet!

    I say we finally draw the line in the sand. Why isn't there a movement to maintain digital privacy? Why can't we decide what type of world we live it? I think the ball is already set into motion and our time to act is now!

    Let's save the internet!

  • about time

    IMO, this is something we should have been doing for the past 10-15 years. Not to attack, but if we are attacked we need to have a plan of action.
    Adam Russell