President Obama issued a directive calling for a target list of potential overseas targets for U.S. cyberattacks, according to The Guardian.
The Guardian reported that an 18-page top-secret presidential policy directive issued last October instructed intelligence and Defense officials to draw up plans for Offensive Cyber Effects Operations (OCEO) that “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.”
The directive calls for identifying “potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power.”
The development comes as President Obama is set to meet with Chinese President Xi Jinping in California.
The Guardian posted the full text of the classified directive, citing an intelligence source with knowledge of the NSA’s systems who said that the U.S. had conducted offensive cyber operations and hacked into foreign computer systems to mine information.
The source said that the United States blames China publicly for “doing what we do every day.”
"We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world,” the source said.
In January, the administration had published declassified talking points about the directive, but it did not include ramping up offensive cyber operations or selecting potential targets.
National Security Council spokeswoman Caitlin Hayden, said in a statement that the directive was issued in response to evolving cybersecurity threats.
“The directive will establish principles and processes that can enable more effective planning, development and use of our capabilities,” Hayden said.
“It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action.”