A top-secret presidential memo published Friday marked the latest sign that the Obama administration is ready to go on the offensive in a potential cyberwar.
On Friday, the Guardian published a secret presidential directive calling on national security and intelligence officials to create a list of potential foreign targets for U.S. cyber attacks. The 18-page document, known as Presidential Policy Directive 20, aims "to put in place tools and a framework to enable government to make decisions" on cyber actions, a senior administration official told the Guardian.
The directive states that cyber attacks can be launched as part of "anticipatory action taken against imminent threats," but should comply with U.S. and international law and receive approval from the president if they are "reasonably likely to result in significant consequences," according to the Guardian.
The memo is the latest sign that the Obama administration is laying the groundwork to retaliate in a potential cyber conflict. Earlier this year, Gen. Keith Alexander, who runs the Pentagon's Cyber Command, told Congress he is establishing "an offensive team" of 13 teams of experts to carry out cyberattacks against foreign countries that target the United States with destructive computer code.
President Barack Obama has directed the United States, along with Israel, to launch a series of cyber attacks known as Stuxnet that damaged Iran's nuclear program, according to The New York Times.
Last year, the Washington Post reported on Plan X, a Pentagon effort to develop new technologies to launch cyber attacks, including a plan to map the entirety of cyberspace and build a system that can launch cyberweapons without human operators typing in the code.
But while the U.S. takes steps to build its offensive cyber muscle, its digital defenses remain weak, officials say. Last month, the deputy inspector for the Department of Homeland Security told a Congressional committee that the nation's critical infrastructure "are increasingly under attack by a variety of malicious sources," and that a majority of the companies in the energy sector had experienced cyber attacks.