WASHINGTON (Circa) — The Trump administration has changed the Obama administration policy on cyber warfare in order to put the U.S. on the offensive.
President Donald Trump signed an order reversing what is known as Presidential Policy Directive 20, a series of guidelines which outline when the U.S. can engage in offensive cyberattacks, according to the Wall Street Journal.
"These activities obviously have, at least potentially, very significant impacts, both intended and unintended," Klon Kitchen, a senior fellow with the Heritage Foundation and a former member of the intelligence community, told Circa. "So what the [Obama] administration was trying to do was bring some kind of structure to how the interagency was going to go about considering these kinds of activities."
PPD 20 put a heavy focus on risk mitigation, according to Kitchen. In addition to their immediate impacts, cyberattacks can have unintended consequences. Without proper collaboration, organizations are at risk of friendly-fire incidents. Additionally, there is a possibility that the source code of a deployed cyberweapon can be publicized after it is deployed. For example, the source code for the high-tech worm Stuxnet, which was used to attack Iran's nuclear program in 2010, made its way to hacker sites after it hit its target.
Critics of PPD 20 claim that the focus on risk mitigation limited the ability for the U.S. to respond. Obama's policy required approval from several U.S. officials across the government before an offensive operation could be given the go ahead. Additionally, Kitchen noted there was a requirement to notify third-party countries if operations would go through their networks.
"That's not a bad thing to do normally" he said. "But to have that as a requirement is absolutely a roadblock to agility."
It is unclear what new policy, if any, has replaced the old policy. Michael Daniel, who served as the White House cybersecurity coordinator for Obama, told the WSJ that doing away with the defensive rules could have blow back.
"If you don’t have good coordination mechanisms, you could end up having an operation wreck a carefully crafted multiyear espionage operation to gain access to a foreign computer system," said Daniel.
But Kitchen noted that as capabilities continue to become available, a new posture is necessary.
"While changing this policy may result in more risk, and may potentially be a problem, we know for a fact that the status quo will be that," said Kitchen. "So choosing a posture where we are more agile and more positioned to respond makes a lot more sense."