Here’s something you didn’t hear amidst all the shouting about the economy, Benghazi and whether or not Chris Christie should have been so warm towards the President before last week’s US Presidential Election: President Obama signed off on what’s being described as a “secret directive” that allows American forces to more aggressively go after cyberattacks on the US in mid-October, effectively redrawing the government’s definition of cyberterrorism and its appropriate response.
The Washington Post broke the story earlier today, reporting on what is officially called “Presidential Policy Directive 20,” a classified directive that, the newspaper explains, “establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace.” Termed “the most extensive White House effort to date” in dealing with cyberattacks on the country, PPD20 attempts to redefine what constitutes “offensive” and “defensive” responses to such attacks, explicitly making clear where the line is between the two, as well as laying out a process to ensure that network operations outside direct governmental or defense control are protected in the case of attack.
According to one anonymous source described as “a senior administration official,” what PPD 20 does “really for the first time, is it explicitly talks about how we will use cyber operations. Network defense is what you’re doing inside your own networks. . . . Cyber operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes.” A second anonymous source within the administration says that it is “an enormous step forward,” in part because “it should enable people to arrive at more effective decisions.” (It shouldn’t be considered a license to over-reach, however; one of the anonymous sources is also quoted as saying that “We always want to be taking the least action necessary to mitigate the threat… We don’t want to have more consequences than we intend”).
Amongst the changes made clear in PPD 20, the report says, is the shift from severing a link between a targeted domestic computer and an overseas server responsible for an attack. “[Previously] that was seen as something that was aggressive, particularly by some at the State Department,” said a defense official, pointing to the belief that such a move could be seen by some as affecting other Internet services or somehow stepping on the toes of the country responsible for hosting the offensive server.
Presidential Policy Directive 20 is an attempt to update the previous administration’s guidelines on how to deal with cyber terrorism, “National Security Presidential Directive 38: National Strategy to Secure Cyberspace,” which President George W. Bush signed in July 2004, and has been reportedly welcomed by cyber defense experts as a necessary boost to the US’ cyber security efforts.
- North Korea denies accusations of WannaCry attack involvement
- At CES, Harman shows how it’s fighting cyberattacks on autonomous vehicles
- Pennsylvania wants a paper trail on all voting machines, but money is an issue
- The U.S. bans Kaspersky Lab software and services in federal agencies
- Alphabet’s new cybersecurity unit focuses on faster threat responses