Bolton rewrote a draft of the strategy after joining the administration in April. Many of his remarks Thursday focused on a secret order — which Trump signed in August but which has never been publicly described — that appears to give far more latitude for the newly elevated U.S. Cyber Command to act with minimal consultation from a number of other government agencies.

The order essentially delegates more power to Gen. Paul M. Nakasone, who took over this year as director of the National Security Agency and commander of U.S. Cyber Command. During his Senate confirmation hearing in March, Nakasone complained that America’s online adversaries attacked with little concern about retaliation.

“I would say right now they do not think that much will happen to them,” said Nakasone, who previously oversaw the Army’s cybercommand. “They don’t fear us.”

But this month, Nakasone said he was more comfortable with the new guidance issued by the White House, even though the administration has not made any of it public.

Senior officials have said it eliminates a lengthy process of consensus-building across the government — the departments of Commerce, Treasury and Homeland Security among them — before the United States conducts an offensive action.

It is not clear whether Trump must still approve every major offensive online operation, as Presidents George W. Bush and Barack Obama did.

Bolton did not shed much light. “Our presidential directive effectively reversed those restraints, effectively enabling offensive cyberoperations through the relevant departments,” he said.

He said that since Trump took office, the administration has “authorized cyberoperations” against rivals, though he gave no details.

Much of the strategy that was made public Thursday strongly echoes similar documents issued by Obama and Bush. They focus on improving digital defenses for the government, bettering training, working with private industry to share information about vulnerabilities and working with allies.

While the words in the strategy differ from the past, the impetus is the same. It did, however, identify specific countries as adversaries.

“Russia, Iran and North Korea conducted reckless cyberattacks that harmed U.S. and international businesses and our allies and partners without paying costs likely to deter future cyberaggression,” the strategy read. “China engaged in cyberenabled economic espionage and trillions of dollars of intellectual property theft.”

But the classified directive appears to be significantly different, as Bolton said Thursday.

His indictment of the previous administration omitted the fact that Obama continued or initiated three of the most aggressive cyberoperations in U.S. history: one to disable Iran’s nuclear fuel production, another to attack North Korea’s missile programs and a third against online recruitment and communications by the Islamic State.

The first, code-named Olympic Games, was judged successful at destroying about 1,000 nuclear centrifuges for a year. The Korea operation had mixed results at best, and Obama’s own defense secretary later wrote that the operation against the Islamic State proved largely ineffective.

But Obama hesitated to strike back at Russia in 2016 after revelations of its breach into the Democratic National Committee, and acted only after the presidential election.

And, as Bolton noted, the United States declined to name other attackers, including the Chinese, for stealing roughly 22 million files on Americans with security clearances from the Office of Personnel Management. He noted that those files, “my own included, maybe yours, found a new residence in Beijing.”

Bolton became the first official to formally acknowledge what was widely known: that the Chinese government was behind that intrusion.

Additionally, the Trump administration accused North Korea of mounting the WannaCry attack that brought down the British health care system, and Russia of initiating the NotPetya attack that was aimed at Ukraine and cost hundreds of millions of dollars in damage, including to shipping companies like Maersk.

But Bolton, whose concepts of deterrence were formed in the Cold War, is likely to discover what his predecessors learned: Almost every strategy that worked in deterring nuclear attacks does not fit the digital era, and even figuring out where an attack originated can be a challenge.

The government has grown more skilled at attributing the source of a cyberattack, but the process remains lengthy. By the time a conclusion is reached, it is often too late to mount a successful counterstrike.

Trump has particularly muddied the waters in assigning blame for attacks, repeatedly expressing doubts that Russia was behind the hacking of the Democratic National Committee and members of Hillary Clinton’s 2016 presidential campaign. The Justice Department has indicted officers of Russia’s military intelligence unit, once known as the GRU, and the Internet Research Agency, in those attacks.

Part of the strategy calls for the United States to develop what it describes as an international cyberdeterrence initiative, which sounds similar to efforts to develop a theory of nuclear deterrence. The document provides few details, but says the Trump administration will build “a coalition and develop tailored strategies to ensure adversaries understand the consequences of their malicious cyberbehavior.”

Some of those efforts have begun: The U.S. accusations against North Korea and Russia last year were immediately echoed by Britain and other Western powers.

Rep. Jim Langevin, D-R.I., who has been active in developing new cyberstrategies, said the White House approach was focused “in starkly offensive terms.”

“I agree that our adversaries need to know that we can — and will — challenge them in cyberspace,” Langevin said. “But as the country with the most innovative economy in the world, we must also acknowledge the abiding interest of the United States in encouraging stability in this domain.”

This article originally appeared in The New York Times.

David E. Sanger © 2018 The New York Times