The guidelines were codified in a new White House directive signed by President Obama in mid-October, according to the The Washington Post. A senior Obama administration official confirmed to The Hill that the president has signed a directive on “cyber operations.”
“This step is part of the administration’s focus on cybersecurity as a top priority. The cyber threat has evolved since 2004, and we have new experiences to take into account,” the official said.
The senior administration official stressed that the directive does not create new powers for federal agencies or the military.
“The directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal,” the official said. “It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.”
The new directive also closes a critical policy gap at the DOD on cyber warfare that Congress failed to close earlier this year.
In August, White House chief counterterrorism adviser John Brennan told reporters that the administration was considering exercising presidential authority to impose cybersecurity mandates after lawmakers failed to adopt legislation to implement those measures.
Passing cybersecurity legislation was near the top of Defense Secretary Leon Panetta's legislative to-do list for Congress in the lame-duck session, behind a sequestration deal and approval of a Defense authorization bill.
A cybersecurity bill co-sponsored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) has remained stalled on Capitol Hill for months.
Senate Majority Leader Harry Reid (D-Nev.) has called for a vote on the legislation in November, but observers are not optimistic that a final product will reach the president's desk, given ongoing partisan fighting over the legislation.
Specifically, the new presidential directive differentiates between network defense capabilities and other so-called "cyber operations" which address DOD's recently disclosed offensive capabilities in the digital realm.
“What [the directive] does, really for the first time, is it explicitly talks about how we will use cyber operations,” a senior White House official told the Post on Wednesday.
“Network defense is what you’re doing inside your own networks. ... Cyber operations is stuff outside that space," the official added.
The Pentagon in October acknowledged that U.S. military forces are able to carry out preemptive or retaliatory acts of cyber warfare.
"Our mission is to defend this nation. We defend. We deter. And if called upon, we take decisive action," Defense Secretary Leon Panetta said during his keynote address to the Business Executives For National Security conference in New York.
"If a crippling cyber attack were launched against our nation, the American people must be defended," he said. "And if the commander in chief orders a response, the Defense Department must be ready to act."
The senior administration official said the directive signed by Obama would enable the administration to be “flexible” in dealing with cyber threats.
“It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action.”
— This story was updated at 3:41 p.m.