Obama has signed a highly secret directive that will allow the military to act more aggressively when it comes to stopping cyber attacks striking the US.
The Washington Post reports that Policy Directive 20 outlines a series of broad but strict standards, which federal agencies will uses to guide them when dealing with online attacks. Due to the nature of the directive, it’s unclear exactly what it contains — US officials who’ve seen the document weren’t able to explain to the Washington Post what it contained — but the newspaper claims it’s the “most extensive White House effort to date to wrestle with what constitutes an ‘offensive’ and a ‘defensive’ action in the rapidly evolving world of cyberwar and cyberterrorism”. A senior administration official has explained:
“What it does, really for the first time, is it explicitly talks about how we will use cyber-operations… Network defence is what you’re doing inside your own networks. . . . Cyber-operations is stuff outside that space, and recognising that you could be doing that for what might be called defensive purposes.”
The Washington Post then has at least managed to glean that the directive finally “makes a distinction between network defence and cyber-operations”, as well as laying out “a process to vet any operations outside government and defence networks”. All told, the aim is to protect US data and privacy while following international law.
The policy is actually an update of a 2004 directive, but seems to dramatically tighten up US online policy. At the very least, it’s a welcome sign that the Obama administration is continuing to take cyber security seriously. [Washington Post]