Story continued below
The guidelines approved by President Barack Obama, known as Presidential Policy Di rective 20, high level discussions required between many agencies for the army could carry out a considerable cyber operation s. When recreating PPD-20, Trump placed cyber attacks at the same level as kinetic operations, which do not require high-level approval or discussions between different agencies. [USECyberExecutionofKickoffattacksonthebasisofstrategicdecisionsoftheadministrationwithoutanynoticeofNotificationoftheWhiteHouseforindividualdigitattacks
"There is a high level of accident in DoD and in Cyber Command with the interagency process and the structure set up by PPD-20 to approve attacking cyber operations," said a former US official who, like others interviewed for this story, asked for anonymity to discuss classified matters.
During the Obama administration, this person said the Department of Foreign Affairs "had succeeded in blocking or slowing down Cyber Command in doing things that it wanted to do, even against targets that you would think no one there would object, such as ISIS. "
According to Obama, according to a former FBI official, "there was no clear guidance from the administration" about the use of cyber capabilities "against major threats."
The former US official played the meaning of the move, which was first reported by The Wall Street Journal. "It's not so much to leave Cyber Command on the leash, or to have [the head of] Cyber Command act like any other warring commander."
It remains unclear what new policy PPD-20 has replaced, and the White House refused to comment
A former DoD cyber official said that bodies such as state and trade, with their understanding of diplomatic and economic consequences , still have to be involved in important decisions.
"There must still be checks and balances, given that the internet is a broader ecosystem of which the military is just one actor," said this person.
Another former DoD official agreed and said the US "should be very careful not to go too far over our ski's to our cybersecurity stance" as a nation is stronger because it not the army or government that will answer. It will be our soft civil underbelly. "
The intelligence community has also rejected some military operations, especially those who run the risk of unmasking the bugging programs that American spies spend years developing and planting in hostile networks.
The bureaucratic bickering that resulted PPD-20 had serious, practical consequences, said the former US official, Last year, Cyber Command and its British counterpart developed a plan to carry out cyber operations, but debates between US agencies delayed the mission.
"The British eventually got bored and went on and left without us because our interagency process was so turgid, "said the former official, who refused to specify the purpose or provide more details." They started their activities three months before the US came to an agreement – about something that had been an American proposal. "
The White House of Trump seems determined not to repeat that scenario. Trump's decision to give the army a freer hand "is consistent with the decentralized approach to the administration of other military and security actions," said an official working on cyber policy in George W. Bush's government, "and PPD-20 was seen as a typical exercise in the Obama era in group stasis. "
Nevertheless, the decision is a big blow for the Foreign Office, which will now have less influence on whether the army is carrying out specific digital attacks that diplomatic negotiations or other international priorities.
State officials "do not think there is a need for change," said the former US official. "DoD wants to have less need to discuss every operation." State says, no, that must, this is so important. "
The White House has considered the change for months. While John Bolton, a national security adviser, is usually seen as an aggressive influence within the administration, discussions began on the demolition of PPD-20 before he took over the lieutenant general, Mr. McMaster.
Homeland security adviser Tom Bossert, who turned Bolton off when he arrived, "began a thoughtful PPD-20 assessment based on principles" and the interaction with the retention or dissolution of it, according to a second former US official.
The elimination of PPD-20 did not know the constellation of legal challenges for cyber operations that have digested meetings between Pentagon planners and lawyers from the US State Department
"That policy piece became a scapegoat for bigger problems," said the former FBI official. "Whether people liked it or not, in the PPD-20 process some very real legal issues were raised with regard to the extent to which Cyber [Command’s] could take certain actions in cyberspace."
The most recent defense policy bill attempted to address some of those actions, declaring that cyber attacks & traditional military activities & # 39; and do not oblige the president to sign a "secret action" finding before they can continue. The former FBI official said there was "an attempt to remove real and perceived legal and policy barriers to enable Cyber [Command’s] actions."
R. David Edelman, who served as director of international cyber policy on the National Security Council during the Obama administration, said that what PPD-20 also replaced, had to include non-military considerations.
"In military affairs, blaming the lawyers, or the process, is often easier than having good ideas," he told POLITICO. "Although it is reasonable to say that the cyber policy in the US was cautious and made a mistake in the early days, unless it goes better in predicting the consequences of cyber attacks, taking the alternative recklessly and crossing our fingers."
Edelman, now the director of the MIT project on technology, economics and national security, noted that after the elimination of both PPD-20 and the cyber coordinator role of the White House, the need for a broad vision was greater than ever.
"What we need now is to know that a new plan is in place," he said, "and to understand how it will maintain the impulsiveness to become the norm in our cyber policy." [19659034] This article tagged under:
Source link