According to news reports, this secret Directive enables the military to act more aggressively to thwart cyberattacks on the nation's government and private computer networks. It establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace.
The Directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats. The policy also lays out a process to vet any operations outside government and defense networks and ensure that U.S. citizens' and foreign allies' data and privacy are protected and international laws of war are followed.
The Directive states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging." It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power."
The Directive also contemplates the possible use of cyber actions inside the United States, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.
The aim of the Directive was "to put in place tools and a framework to enable government to make decisions" on cyber actions.
This Directive superseded National Security Presidential Directive 38 and complements but does not affect NSPD-54/Homeland Security Presidential Directive 23, National Security Presidential Directive 42 and PPD-8.