Another day, another leak — in what has been a week of unauthorized disclosures that continues to envelop the White House in a privacy storm.
The U.S. government has drawn up a secret list of targets it can attack either preemptively or offensively if it came under attack, reports The Guardian.
The London, U.K.-based newspaper continues its leak streak by publishing a secret 18-page order, which describes how his national security team and intelligence officials were told to draw up a list of overseas targets the U.S. government could attack if it were necessary.
Dubbed "Presidential Policy Directive 20," written in October — just months before President Obama signed an executive order on cybersecurity — the document describes how the U.S. government could take offensive measures against a hostile country or system "with little or no warning," and with "potential effects ranging from subtle to severely damaging."
In simple terms, the directive gives U.S. federal agencies the authority to "put in place tools and a framework to enable government to make decisions."
Detailed in the document, the Offensive Cyber Effects Operations (OCEO) can be used to identify valuable foreign targets in which the U.S. can employ a cyberattack instead of a targeted, surgical drone strike, for instance.
The key quote as follows:
In the document, it describes how "offensive cyber effects" are defined by "operations and related programs or activities [...] in or through cyberspace, that are intended to enable or produce cyber effects outside the U.S. government networks."
Obama himself must give the final order, according to the order. This ties in with an earlier report, citing The New York Times, that the President could launch a "pre-emptive" cyberattack against a state or government if required.
These attacks against foreign nations can be conducted without the authority of that government whenever "U.S. national interests and equities" warrant such assaults. Such attacks are described as "anticipatory action taken against imminent threats."
Perhaps more worryingly, the order can also be used domestically against networks within the U.S., but this must be given as an explicit order from the President — except in dire circumstances or emergencies, such as when imminent loss of life may occur.
Some of the caveats included in the document is that any cyberattack must fall within the principles of international law, and not exceed the values that the U.S. government promotes both domestically and internationally.
The document remains classified as "top secret," with a declassification date of October 16, 2037. Security markings on the document confirm the classification, and that it should not be distributed to foreign nationals.