The Trump Administration’s National Security Council want to scrap an Obama-era directive for approving government-sanctioned cyberattacks.
Presidential Policy Directive 20 (or PPD 20) was created to promote greater oversight on the government’s cyber activities, and requires executive approval on operations “of significant consequence.” It also installed a bureaucratic process of approval for smaller scale offensive actions that effectively added a layer of pause in actions that have the potential for serious repercussions.
PPD 20 has always been controversial, viewed by some to hamstring the U.S.’s ability to launch meaningful cyber operations, and/or execute them as quickly as circumstances dictate.
Part of the difficulty with establishing a coherent set of policies for the various branches and agencies of the United States government is the difficulty in deciding which agency’s purview is operative: the nature of Internet-based attacks blurring the typical boundaries between espionage and military actions, and this is further complicated by the fact that cyber ops often cross multiple geographical borders.
Further complicating the issue is that the content of PPD 20 is classified (although publicly known as a result of Edward Snowden’s leaks), which prevents officials from issuing a statement on these issues to the press.
Whatever the fate of PPD 20, the disagreement behind it reveals that the U.S. is still scrambling to catch up to the clear and present danger of cyberwarfare–both in terms of offense and defense.
Read more here.