By Barbara Starr
President Barack Obama has directed senior national security leadership to prepare a list of targets for potential cyberattacks, according to a "Top Secret" document published Friday by the British newspaper The Guardian.
The classified document marks the third time in three days that highly sensitive government information has been leaked to The Guardian.
The latest document, called Presidential Policy Directive/PPD-20, is marked "TOP SECRET/NOFORN" which means it is not to be shared with foreign nationals. CNN could not independently verify the directive but it appears in the same format as other government directive documents. "Top Secret" material is highly sensitive but it is not the highest level of classification in the government.
The presidential directive orders the federal government to "identify potential targets" for "offensive" cyberoperations - essentially cyberattacks.
Under U.S. law, presidential approval is required for all cyberoperations. In the event an attack is ordered, the president would specifically approve that use of force and troops specializing in cyberoperation, a senior Pentagon official told CNN.
The document spells out what has been known in far less detail until now - that the United States is increasingly developing cyberwarfare capability.
The leaked directive follows other presidential orders dating back to 1990. It was the growing concern about cyber vulnerabilities and cyberattack that led the Pentagon several years ago to establish the U.S. Cyber Command, a military unit specifically devoted to both using the military to defend against cyberattacks on U.S. targets, and developing the capability to launch cyberattacks on targets. There is also extensive cooperation with industry because of the need to protect civilian infrastructure such as power grids, pipelines and transportation networks.
The cyber realm remains one of the most sensitive areas for the U.S. military.
"We have developed a full range of capabilities to operate in the cyber-domain," the senior Pentagon official said. "But we are not going to talk about it." He emphasized the "same rules of engagement" apply in cyberattacks as with other targets the U.S. military might strike.
But in cyberattacks, there also is a unique need to assess the possibility of civilian damage because an attack to disable a computer network could have widespread, perhaps unintended, consequences beyond an initial military cybertarget.
Details of the capabilities are closely held.
The leak, though revealing, will likely not raise the alarm of Americans compared to the previous disclosure in The Guardian of a secret court order to Verizon to turn over its complete phone records for calls within the United States and overseas.
Similarly, a top-secret document disclosed to The Guardian and the Washington Post on Thursday suggested the U.S. government was tapping directly into the servers of major U.S. Internet companies including Google and Facebook to intercept e-mails, videos, photos and other data flowing through the United States.
Both newspapers wrote the program was done with the cooperation of nine companies, most of whom adamantly denied any knowledge of the secretive program. The Obama administration, including the president, insisted the program was legal, limited solely to hunting down information related to seeking out terrorists overseas, and was not seeking data on Americans.
On Thursday, the director of national intelligence called the leaks "reprehensible" and said the situation "threatens potentially long-lasting and irreversible harm" to efforts to defend the country.
The Washington Post described the source who provided the documents on the Internet surveillance program as "a career intelligence officer" who sought to "expose what he believes to be a gross intrusion on privacy."