New rules for cyber warfare put the military on the offense
President Obama signed guidance that clarifies the role of different agencies and departments in fighting cyber threats.
President Obama has signed a document clarifying the military's role in cyber skirmishes. (White House photo)
President Barack Obama has signed new cyber-warfare guidance that allows the military to go on the offensive when foiling web attacks on U.S. government and private computer networks, according to The Washington Post.
Known as the Presidential Policy Directive 20, the document was signed mid-October and sets standards to guide the operations of federal agencies in confronting cyber threats, Ellen Nakashima wrote Nov. 14. However, the document is classified and the Post report is based on unnamed sources.
According to those sources, the framework addresses both defensive and offensive action, and “attempts to settle years of debate among government agencies about who is authorized to take what sorts of actions in cyberspace and with what level of permission,” Nakashima wrote.
Cybersecurity has lately been a hot topic for the Obama administration and members of Congress, who long failed to agree on passing comprehensive legislation that would protect the nation’s networks and critical infrastructure from cyber threats.
But the new presidential directive might not be enough to fully protect from cyber adversaries.
“An executive order will help but we still need comprehensive cyber legislation,” Janet Napolitano, Homeland Security secretary, said in FCW on Sept. 28. “It’s something that Congress is going to have to come back and address.”
W. Hord Tipton, executive director at (ISC)2 and former CIO at the Interior Department, told FCW anything that can improve decision-making in the areas of cyber defense and offense has to be encouraging news for everyone.
“The U.S., by far, is the leader in traditional military power,” he said in a Nov. 14 interview. “I believe we also have very superior talents in our classified agencies that are looking into things for us, but at the same time, they have to know what the rules are. Drawing that line between the offensive abilities and actions and the defensive is also hard to do.”
However, Tipton said the new directive alone won’t be enough -- and neither would a law.
“Frankly, legislation isn’t going to solve this problem,” he said, “We have so many things to protect, we don’t know where to start. That’s the real issue.”
NEXT STORY: Cybersecurity bill’s outlook still bleak