On Wednesday, President Trump signed an order to reverse an Obama-era memorandum, dictating the U.S. governments use of cyberweapons. By reversing the rules outlined in the classified memorandum known as Presidential Policy Directive 20, President Trump is making it easier for U.S. Cyber Command to deploy cyberweapons and interfere with adversarial cyberattacks on the United States.
The Presidential Policy Directive 20 (PPD-20) was signed in secret by President Obama after the Senate failed to pass the Cybersecurity Act of 2012. PPD-20 provided a framework for U.S. cybersecurity and established processes to be followed before the U.S. utilized cyberattacks on foreign adversaries. Offensive operations were often obstructed by a burdensome approval process whose chain of command extended across many agencies in the federal government.
Following the 2016 presidential election, some lawmakers questioned whether the bureaucratic hurdles in PPD-20 had restricted U.S. Cyber Commands ability to respond to Russian attempts to interfere in the election. By loosening restrictions on the use of cyberweapons, U.S. Cyber Command will be able to more forcefully deter foreign election influence and stymie intellectual property theft by meeting such threats head-on with a strong response.
Without fear of repercussions, foreign adversaries have been pillaging intellectual property from every sector of the American economy. High-value industries such as manufacturing are huge targets as was displayed with the recent theft of wind turbine technology from GE.
When you look at what’s happened since PPD-20 was signed (IP theft, Russian meddling in our election, and adversarial ransomware attacks like Petya and WannaCry) it becomes clear that the directive was constructed in ignorance by people who lacked an understanding of the threats we face in modern cyberspace. By reversing the directive, the United States should be able to operate with greater agility and deploy proactive defensive measures.