While the Senate was making a feint at legislation yesterday, far more significant cyber news was disclosed. According to the Washington Post President Obama has signed a new Presidential Policy Directive that assigns roles and responsibilities for military and civilian activity in cyber operations outside the Federal network. As the Post reports:
President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyberattacks on the nation’s web of government and private computer networks.
A few quick thoughts:
1) This is a big deal — far bigger than the Cybersecurity Act in some ways. Depending on the details this directive portends a significant military role in the civilian networks. I think, honestly, that it is remarkable how little push-back there has been to this development and also how unlikely it is that a “Liberal” President would be taking these steps (though as Jack, Trevor and Ben have pointed out, perhaps not so remarkable);
2) Key to the directive is a new “process to vet any operations outside government and defense networks and ensure that U.S. citizens’ and foreign allies’ data and privacy are protected and international laws of war are followed.” This suggests to me that the decision making is about cyber as a strategic weapon, not as a tactical one. I can’t imagine a cyber policy process that is sufficiently nimble to operate in a tactical environment. I’m guessing this will be a bit of a difficult line to draw going forward.
3) It seems that most of the legal debates have been resolved in favor of a robust authority to act rather than a legalistic restriction on action. Consider for example this tidbit, which is a non-obvious but pro-action conclusion: “An example of a defensive cyber-operation that once would have been considered an offensive act, for instance, might include stopping a computer attack by severing the link between an overseas server and a targeted domestic computer.”
4) Finally, I can’t help but remark that this story also is evidence of another theme that Jack Goldsmith has written about — the pervasive disclosure of classified material. I would have thought, after recent events, that there might be some hesitancy, but apparently not.