The Obama Presidential Policy Directive 20 (PPD-20) that outlined the interagency communications required for the US to deploy cyber-weapons was reversed by President Trump, according to the report from Wall Street Journal Wednesday 15 August.
The Infosecurity Magazine has contacted with the White House for comment, but Trump administration reportedly has not issued an official statement on the decision to reverse the PPD-20. A National Security Council spokesman told Inside Cybersecurity that the administration was not planning on issuing a public statement.
The cyber-threats and cyber-attacks from the nation-state actors requires the action, as well as planning and executing the offensive actions which is important to protect the US interests and assets from the foreign aggressions who can take months or years, said John Gunn, chief marketing officer at OneSpan. “With proper safeguards, this is a positive initiative that will raise our security.”
Well, US is of course not the very first country to permit the offensive techniques in order to prevent the cyber attacks from reaching its borders. Many of experts, including the Joseph Carson, chief security scientist at Thycotic, are in the favor of cyber-offensive capabilities. Yet challenges exist in the cyberspace.
“The biggest problem we have is absolute attribution to knowing who exactly carried out the dyber-attack and is it possible that it was a misdirection to put political pressure on two or more countries,” Carson said.
“We have AI and other techniques, but cyber-criminals have the ability to make it look like someone else committed the crime,” Carson Continued. “With cyber-mercenaries on the increase, the only way to get attribution is to go back to the old methods of having human spies who can confirm the attack happened and was initiated by aggressive cyber-countries. Many countries are already committing cyber-attacks on a large scale, and the US has been poor at responding to such an attack. For example, the attack on the DNC and OPM. My personal stance is that cyber-offensive should only be carried out by government agencies and not permitted by citizens.”
The reverse for PPD-20 has also sends a global message at a critical time for the US. “The change in the US government stance on cyber weapons being used for cyber-offensive against the adversaries comes just ahead of the US midterm elections. This is very likely a public indication that any nation-state who tries to hack or manipulate the upcoming elections, the US government has taken the gloves off and will respond,” Carson said.