PPD-20 successor has yielded ‘operational success,’ Federal CISO says

A revamped policy framework for offensive U.S. cyber operations is much quicker than its predecessor and has yielded “operational success,” a top White House cybersecurity official said Tuesday.

Last August, President Donald Trump rescinded the Obama-era policy, known as Presidential Policy Directive 20, which governed U.S. hacking operations, and replaced it with the new framework. Critics said PPD-20’s intricate interagency process unnecessarily delayed offensive operations, while advocates called it an important mechanism for accounting for all of the potential repercussions of a cyberattack.

The new structure “gives more authority to the people who need to actually make those decisions” about offensive operations, Grant Schneider, the federal information security officer, said at an event hosted by the nonprofit Intelligence and National Security Alliance. U.S. officials are focused on ensuring that the Pentagon “has the tools available to leverage offensive cyber capabilities,” he added.

The remarks from Schneider, the National Security Council’s top defensive-focused cybersecurity official, were some of his most extensive yet on the new policy and legal framework for green-lighting government cyberattacks.

Schneider said the new framework, dubbed National Security Presidential Memorandum 13, is “far more streamlined,” while still allowing for a deliberative interagency process for approving operations.

Trump administration officials have emphasized publicly what they say is a greater willingness than their predecessors to conduct hacking operations against U.S. adversaries. “Our hands are not tied as they were in the Obama administration,” national security adviser John Bolton boasted in September.

While welcoming the policy changes, Schneider indicated that digital offensives would only do so much to deter some adversaries.

“I personally don’t think there’s an offensive cyber panacea,” Schneider said. “I do not think deterrence in a nuclear context translates well to a cyber context. I don’t think [Russian President] Vladimir Putin is going to roll up his cyber tools and go away because we have a bigger, potentially, cyber offensive tool.”

At the same time, however, those cyber tools are “an element of national power,” he added. “We have to focus on it. It presents a tremendous opportunity for us, just like it presents a tremendous opportunity for our adversary.”

Wielding that power has meant actively using Cyber Command’s maturing capabilities. On the eve of the 2018 midterm elections, the command reportedly knocked an infamous Russian troll farm offline as part of the command’s operation to protect the vote.