Skip to: Content
Skip to: Site Navigation
Skip to: Search

Presidential cyberwar directive gives Pentagon long-awaited marching orders (+video)

The 18-page, Top Secret 'Presidential Policy Directive 20' instructs the Pentagon to draw up a cyberwar target list and to protect US infrastructure from foreign cyberattack.

(Page 2 of 2)

The procedures outlined in the directive are consistent with the US Constitution, including the president’s role as commander-in-chief, and other applicable law and policies, the White House said in a statement.

Skip to next paragraph

“As we have already publicly acknowledged, last year the president signed a classified presidential directive relating to cyberoperations, updating a similar directive dating back to 2004,” Caitlin Hayden, a spokeswoman for the National Security Council, said in a statement released Friday. “This step is part of the administration’s focus on cybersecurity as a top priority. The cyberthreat has evolved, and we have new experiences to take into account.”

This directive, she writes, will “establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action.”

Indeed, the top-secret document does in several places warn those using the roadmap to use cyberweapons only when absolutely necessary.  Because cyberspace is interconnected globally, cyberweapons threaten “collateral consequences that may affect US national interests in many locations.”

Yet it’s not only collateral damage from cyberweapons, but the fuel that unleashing them provides for the current global cyberarms race that worries Ralph Langner, the Hamburg-based cybersecurity expert who in 2010 first publicly identified the Stuxnet cyberweapon that was used to attack and destroy a substantial chunk of Iran’s centrifuge system for developing nuclear fuel.

Stuxnet, the first publicly identified weapons-grade digital warhead, was created and deployed by the US – an attack authorized by President Obama and dubbed “Operation Olympic Games,” according to news reports that the White House has still not formally corroborated.

The biggest threat posed by the PPD-20, Mr. Langner writes, is the model it creates for unleashing powerful cyberweapons into the global network that can then be reworked either by hackers or rogue nation states like Iran and North Korea and relaunched back at the US.

“Nobody actually is able to predict the mid- and long-term effect of cyberweapons,” Langner notes. “The big issue is proliferation: It is much easier to rebuild a cyberweapon that is out in the open than a kinetic weapon.”

For example, even after the design of the F-35 fighter jet is leaked, it still requires a nation state to actually build one, he writes in an e-mail interview. Not so for cyber. A cyberweapons workshop can operate completely under the radar of satellite surveillance. It could even operate in foreign locations or on hostile soil. And, while building a fighter jet based on stolen blueprints may take a decade or so, it would require a dedicated team of cyberweapons experts just months to reengineer a devastating cyberweapon against US critical infrastructure, he adds.

“It’s kind of a gamble,” Langner writes. “The US is betting the farm on a short-term win.... Nuclear weapons are the best-case example, here. They were used just twice. I’m afraid that won’t be the case with cyberweapons, if only because of their advantage. They are ideally suited for low-intensity conflict. This makes me project that they will be used much more often than kinetic force.”

At present, about 30 countries are actively building up offensive cyberpower, including rogue states like Iran and North Korea. Against that scenario, he envisions the US essentially supplying its adversaries with cyberweapon designs.

“It’s hard to believe that they will not try to take advantage of a new poor man’s tool for creating destruction,” Langner writes, “especially when it is so well suited to hitting technologically advanced adversaries like the United States.”


  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer


Doing Good


What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

Become a fan! Follow us! Google+ YouTube See our feeds!