The Washington Post reports President Obama signed a secret directive on cyberattack defense designed to enable military personal to act more aggressively in thwarting attacks on public and private networks, known as Presidential Policy Directive 20, in mid-October:
“The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route. For the first time, the directive explicitly makes a distinction between network defense and cyber operations to guide officials charged with making often rapid decisions when confronted with threats.”
The order updates a 2004 presidential directive by laying out a process to vet operations outside government owned systems. Under the directive, some cyber operations previously considered offensive because they entail going outside defended networks are recognized as defensive in nature, such as “severing the link between an overseas server and a targeted domestic computer.” With this clarification, the Pentagon is expected to finalize new rules of engagement for cyber warefare that will set guidelines for military commanders to be able to act outside of government networks to prevent cyberattacks.
The Obama administration has made a substantial push on cybersecurity policy in recent months, with Defense Secretary Leon Panetta warning of a “Cyber-Pearl Harbor” around the same time the secret order was reportedly signed. The directive comes out as the White House considers an cybersecurity executive order and Senate Majority Leader Harry Reid has announced a vote on Sen. Joe Lieberman’s (I-CT) cybersecurity proposal that stalled earlier than the year amid online privacy concerns.