Offensive Cyber Restrictions Rescinded; Forcepoint VP Eric Trexler Comments

ExecutiveBiz reported that President Trump revoked an Obama-era policy requiring government agencies to seek approval from various federal stakeholders before engaging in offensive cyber operations. Issued Wednesday, the executive order reversed Presidential Policy Directive 20 as part of efforts to prevent foreign influence in U.S. election and address theft of intellectual property through cyberweapons.

   “If an operation is considered ‘of significant consequence,’ it requires the direct blessing of the president in addition to the interagency group [under PPD 20],” CyberScoop reported in May. This includes cyberhacking activities such as shutting off a power grids or making equipment explode, as well as deleting data or corrupting software “in a destructive manner,” the publication said.

   PPD 20 was signed into law by President Obama in 2012, succeeding a framework employed during the George W. Bush administration. Michael Daniel, a former White House cybersecurity coordinator, told the Wall Street Journal the directive was intended to ensure that the government considered “appropriate equities” prior to deployment of offensive measures against adversaries in the cyber domain.

   Joshua Geltzer, the National Security Council’s former senior director of counterterrorism, told the WSJ, “I am sympathetic to trying to make our cyber capabilities more nimble in their use. On the other hand, there were some very real and hard legal questions associated with cyber about what operations the government would take that still have not been resolved.”

   To gain additional perspective, we spoke with Forcepoint’s Eric Trexler, vice president of global government and critical infrastructure, who said this:

   “Cybersecurity today sits at the difficult intersection between nation state interests and financially motivated attackers – and that line is becoming more blurred with each passing day. Worse yet, cyberspace is filled with continual border skirmishes between state-level adversaries who are increasingly seeking entry into U.S. critical infrastructure targets. By all accounts these adversaries are driving us towards a ‘Cuban Missile Crisis’ situation in cyberspace – where nations get into a misguided shooting war due to a lack of international norms.

    Over the past nearly 250 years, America has been relatively invulnerable to attack based on our two-ocean buffer resulting in balance of power favoring the United States. However, the situation has changed; cyberattacks know no borders. While specifics on the new “offensive step forward” in cyber policy are not public, policy changes that enable agencies to strategically respond to cyber threats efficiently can mean the difference between saving hundreds of lives or losing millions of dollars in stolen trade secrets. The reversal of PPD 20 provides America a greater ability to convince adversaries of the significant costs of launching offensive cyberattacks. We must demonstrate that we will respond to cyberattacks and clearly outline off-limit areas.”

   The damage inflicted by cyberattacks is projected to reach $6T per year by 2021, with spending on cybersecurity surpassing $1T from 2017 to 2021, according to a January cybersecurity report by CSO. Though the administration hasn’t revealed any details yet, it is my hope that the U.S. can now deploy its exceptional cyber capabilities and put our adversaries on watch that cyberattacks will be met with forceful retaliation.