Less than a month before Election Day, President Obama signed a secret directive that clarifies what types of actions the military is allowed to take to protect the nation from cyber threats, the Washington Post reported Wednesday.
Called “Presidential Policy Directive 20,” the directive is an update to a 2004 directive issued by then President Bush. The new version “explicitly makes a distinction between network defense and cyber operations,” that is, attacks or offensive actions, a first for the government, according to The Post, which proceeds to outline just how the new directive might work in practice:
An example of a defensive cyber operation that once would have been considered an offensive act, for instance, might include stopping a computer attack by severing the link between an overseas server and a targeted domestic computer.
Defense and cyber experts at think tanks welcomed the directive as an important boost of the nation’s cyber defenses.
To be clear, the directive is separate from a contemplated executive order and cybersecurity legislation shot-down by the U.S. Senate earlier in the summer.
The Post also makes it clear that the government is concerned that something the like Stuxnet malware the U.S. reportedly developed in conjunction with Israel and is said to have unleashed on Iran could be turned against the U.S. The two countries were also reported earlier to have created another espionage type of malware known as Flame.
Meanwhile, separately on Tuesday, the Defense Advanced Research Projects Agency just annonced a new “national cyber range” for testing cyber capabilities.
