The White House has just confirmed that President Obama signed a classified order in October "establishing principles and processes" for the U.S. government's cyber operations around the globe.
While the order establishes these rules of the road, it doesn't give the military, intelligence or law enforcement communities any new powers or change anything about the government' current operations, according to a Nov. 14 email from a senior administration official.
Instead, it provides an approach to cyber operations that are consistent with "values we promote domestically and internationally," said the official. Based on Killer Apps' previous conversations with government officials, this likely means that the order emphasizes privacy rights of citizens.
The order also emphasizes what sounds like a very measured approach to cyber deterrence.
"It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action," the official said.
Here's the full text of the official's message:
The President recently signed a new classified Presidential directive relating to cyber operations, updating a similar directive that dated back to 2004. This step is part of the Administration's focus on cybersecurity as a top priority. The cyber threat has evolved since 2004, and we have new experiences to take into account.
The directive itself is classified, so we cannot discuss all of the elements contained in it. We can describe what it is intended to do, and what it does not do.
Presidential directives do not provide new authorities to agencies or departments. The U.S. military, intelligence community and law enforcement agencies obtain no new authorities in the issuance of this directive. Nor does this directive cover or change the actions we undertake with the consent of private network owners. Rather, the directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the fully array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.
This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the U.S. Constitution, including the President's role as commander in chief, and other applicable law and policies.