Back in November 2012, the Washington Post reported on a “secret” presidential directive that President Barack Obama had signed and characterized it as “the most extensive White House effort to date to wrestle with what constitutes an ‘offensive’ and a ‘defensive’ action in the rapidly evolving world of cyberwar and cyberterrorism.” This cybersecurity directive, which was classified “top secret,” has been published by The Guardian‘s Glenn Greenwald and is the latest in a series of leaks on government surveillance.
The directive is “Presidential Policy Directive 20.” Though some talking points were shared with media organizations last year, there was, as The Guardian highlights in their coverage, no mention of how the new policy called for the drawing up of a target list for “offensive” operations or cyber attacks.
The directive reads:
…The Secretary of Defense, the DNI, and the Director of the CIA – in coordination with the AG, the Secretaries of State and Homeland Security, and relevant IC And sector-specific agencies – shall prepare for approval by the President through the National Security Advisor a plan that identifies potential systems, processes, and infrastructure against which the United States should establish and maintain OCEO capabilities; proposes circumstances under which OCEO might be used; and proposes necessary resources and steps that would be needed for implementation, review, and updates as US national security needs change. [Action: DoD, Office of the DNI, and CIA update to Deputiess on scope of plans; 6 months after directive approval]…
OCEO or Offensive Cyber Effects Operations are defined as “operations and related programs or activities other than network defense, cyber collection or DCEO [which are Defense Cyber Effects Operations] — conducted by or on behalf of the United States government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States Government networks.”
“Cyber effects” is essentially a sanitized term developed by the Obama administration, similar to “enhanced interrogation techniques” or “kinetic operation,” that is used when referring to acts of cyber warfare.
According to the directive, “The United States Government shall identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power, establish and maintain OCEO capabilities integrated as appropriate with other US offensive capabilities and execute those capabilities in a manner consistent with the provisions of this directive.”
It would presumably give the Obama administration more ability to conjure up legal justifications to continue to engage in cyber attacks against the critical infrastructure of Iran.
This policy also provides guidance on when cyber warfare operations could be launched in the domestic United States. “Until such time as any additional criteria for domestic operations are approved by the President, authorization by department and agency heads for Emergency Cyber Actions that are intended or likely to produce cyber effects within the United States (or otherwise likely to adversely affect US network defense activities or US networks) shall be granted only if the President has provided prior approval for such activity,” according to the directive. And, if the president doesn’t approve, there are other “constraints” in the policy that supposedly define how to proceed.
When the Post reported on this directive, it was presented as something to help make cybersecurity more efficient and ensure that “US citizens’ and foreign allies’ data and privacy are protected and international laws of war are followed.” It was presented as a directive intended to institute a process for vetting “operations outside government and defense networks.” And, it does set out some parameters for doing that, but it also was designed to make it more possible to wage offensive cyber operations.
Also, in looking this over, it does not appear to include any mention of any sources or methods that agencies would use for operations. Specific details of how defensive or offensive operations would be carried out are not described. How agencies would cooperate with one another is suggested and what would be done to review operations and keep them within the boundaries of the law. So, the “top secret” classification would seem to be improper and it would seem to be reasonable to contend this kind of directive should always be made public by presidents who issue them.
As I highlighted back in November, this directive updated one by President George W. Bush that has remained secret.
Steven Aftergood of Secrecy News has urged Obama to release a “summary account” of each of the national security directives Bush signed, which remain secret:
…Of the 54 National Security Presidential Directives issued by the (George W.) Bush Administration to date, the titles of only about half have been publicly identified. There is descriptive material or actual text in the public domain for only about a third. In other words, there are dozens of undisclosed Presidential directives that define U.S. national security policy and task government agencies, but whose substance is unknown either to the public or, as a rule, to Congress…
One might recall Obama said in his first days of office his presidency was “the beginning of a new era of openness in our country.” He told reporters, “For a long time now there’s been too much secrecy in this city.” He paraphrased former Attorney General John Ashcroft and said, “The old rules said that if there was a defensible argument for not disclosing something to the American people, then it should not be disclosed… That era is now over.” He claimed his administration would be on the side of those that seek to make information known and he would hold himself to a ‘new standard of openness.’
Quite the opposite has occurred, as Obama has embraced a new standard of secrecy by seeking to carve out national security exceptions or exemptions in policies intended to protect whistleblowers or journalists or encourage transparency in government. He has embraced the Bush tactic of invoking the overly broad “state secrets” privilege in order to prevent the declassification or exposure of information. He has fought efforts by the American Civil Liberties Union to make public secret legal interpretations or opinions that form the basis of policies around the US’ “targeted killing” program and its interpretation of Section 215 of the PATRIOT Act (the “business records” provision).
He has zealously pursued alleged leakers or whistleblowers, even as his administration regularly discloses classified or sensitive information to major newspapers like the New York Times or the Washington Post. And, he’s presided over a government with a rampant overclassification problem that has only festered and opened criminal investigations into reporters and media organizations for publishing previously classified information, including the Associated Press, Fox News reporter James Rosen and WikiLeaks.
Furthermore, Obama claims to “welcome” debate, but that rhetorical posture sharply conflicts with the actions or record of his presidency. He has not wanted the press or public to debate because the Executive Branch is to set the national security policies and Congress is to be informed when the president decides to inform them and federal judges are not to make decisions about whether policies are lawful or not because the Obama administration sees having their power checked as an infringement on their authority to expand the national security state without any limitations whatsoever.
The Times‘ David Sanger, who published key information on the Obama administration’s cyber warfare against Iran (and is more than likely the subject of a leak investigation that has ensnared him and the Times), has posed the following questions based off his investigative journalism:
…What is the difference between attacking a country’s weapons-making machinery through a laptop computer or through bunker-busters? What happens when other states catch up with American technology—some already have—and turn these weapons on targets inside the United States or American troops abroad, arguing it was Washington that set the precedent for their use?… And as the White House gets more comfortable with the technology—because it mixes, in the words of one of Obama’s national security aides, “precision, economy and deniability”—what are the implications of relying on them so frequently as a permanent expression of American power?
These questions, as well as others journalists, non-governmental organizations and members of the public might have, should be addressed out in the open by Obama and other officials in the administration if he really welcomes a debate about policies of perpetual war that both the Bush and Obama administrations have entrenched into government.
Since it is unlikely the Obama administration, like the Bush administration, only wants to talk at the press and the public, and not have to present clear incontrovertible proof that any of these top secret surveillance programs or cybersecurity policies have prevented terrorism or will prevent terrorism, the world can expect conscientious individuals within government to continue to provide documents that show what NSA whistleblower Thomas Drake calls the “hoarding complex” of national security agencies and how this has all spiraled out of control.
It can expect whomever the source of these leaks, if he or she is identified, to become the victim of another leaks prosecution and the experience the politics of personal destruction and the kind of caricaturization of their personalities that whistleblowers have experienced under President Obama.