A leading cybersecurity expert has called for clarity from the Trump administration after it reportedly abolished an Obama-era directive that restricted when the US government can deploy cyber weapons against adversaries.
As reported by the Wall Street Journal, President Trump signed an order reversing Presidential Policy Directive 20. The directive required an interagency process before the US could engage in cyber warfare.
US officials confirmed the directive has been overturned. The directive had previously been classified but was made public in 2013 after it was leaked by former intelligence contractor Edward Snowden.
It is unclear what rules the Trump administration is adopting in its place, prompting chief security officer at Cybereason Sam Curry to call for “more fleshed out guidance and clarity”.
Curry said that it’s likely the move is intended to support the military by giving them more options in the event of a cyberattack or interference.
Cybersecurity experts have warned that Iran could engage in extensive cyberattacks against the US in response to recent sanctions.
How well do you really know your competitors?
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
US intelligence agencies have also unanimously agreed that Russia meddled in the 2016 US elections. Last month Trump came under fire for seemingly contradicting this conclusion.
“The move is likely intended to support the military and increase options in the event of interference during the mid-term elections on November 6,” said Curry.
“It gives the government the opportunity to be fast in its response to any major threats. The adage that offence is the best defence rings true in sports and most certainly in cyber warfare.”
Trump cybersecurity directive: bolstering election security?
However, the White House is yet to comment on the details of the new directive.
“Hopefully it won’t take another Snowden-like leakage or a massive conflict where new offensive cyber powers are exercised to give us more insight into the new rules of engagement and foreign policy stance,” said Curry.
While there are treaties, rules and protocols for physical warfare, cyber conflict has no rules of engagement.
“The military, diplomats and those across the table from the United States need to know what the new normal is now that the old has been thrown out.”
The abolition could be seen as a pre-emptive move by Trump to bolster security ahead of the midterm elections. A recent poll among cybersecurity professionals found that 93% of those surveyed were concerned about election hacking.
“During the 2016 primaries, cyber was not really something that Mr Trump cared about,” said Curry. “His administration has been slow to bring out cyber guidance but took it moderately seriously.
“Now with all the attention on cyber incidents and the increase in the relevance of cyber, this news is saying that cyber matters and that it is a more significant tool for foreign policy. It deserves more fleshed out guidance and clarity sooner rather than later.”