President Trump has rolled back Obama-era regulations on how and when the United States can use cyberweapons on its adversaries. The administration claims Trump has replaced the rules but won't say what the new ones are.
Mr. Trump signed an order on Wednesday reversing the classified rules, known as Presidential Policy Directive 20, that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks, particularly those geared at foreign adversaries.
Although the policy was classified, its contents were made public when it was leaked in 2013 by former intelligence contractor Edward Snowden. It was signed by Mr. Trump’s predecessor, Barack Obama, in 2012.
It wasn’t clear what rules Trump is adopting to replace the Obama directive. A number of current U.S. officials confirmed the directive had been replaced but declined to comment further, citing the classified nature of the process.
(...)
The policy applies to the Defense Department as well as other federal agencies, the official said, while declining to specify which specific agencies would be affected. John Bolton, Mr. Trump’s national security adviser, began an effort to remove the Obama directive when he arrived at the White House in April, the official said.
(...)
Critics for years have seen Presidential Policy Directive 20 as a particular source of inertia, arguing that it handicaps or prevents important operations by involving too many federal agencies in potential attack plans. But some current and former U.S. officials have expressed concern that removing or replacing the order could sow further uncertainty about what offensive cyber operations are allowed.
The Obama directive, which replaced an earlier framework adopted during the George W. Bush administration, was “designed to ensure that all the appropriate equities got considered when you thought about doing an offensive cyber operation,” said Michael Daniel, who served as the White House cybersecurity coordinator during the Obama administration. “The idea that this is a simple problem is a naive one.”
“If you don’t have good coordination mechanisms, you could end up having an operation wreck a carefully crafted multiyear espionage operation to gain access to a foreign computer system,” added Mr. Daniel, now president and CEO of the Cyber Threat Alliance, a cybersecurity nonprofit.
(...)
“I am sympathetic to trying to make our cyber capabilities more nimble in their use,” said Joshua Geltzer, who was senior director of counterterrorism at the National Security Council until March of last year. “On the other hand, there were some very real and hard legal questions associated with cyber about what operations the government would take that still have not been resolved.”
Trump, Seeking to Relax Rules on U.S. Cyberattacks, Reverses Obama Directive (WSJ) *Note: All WSJ articles appear behind a paywall