Lawmakers are concerned that there isn’t an adequate replacement.
The Trump administration has reportedly reversed an Obama-era framework for how and when the US can use cyber attacks against foes. President Trump undid Presidential Policy Directive 20 yesterday according to the Wall Street Journal‘s sources, and with it reversed a classified framework detailing a multi-agency process that must be followed before carrying out an attack.
The directive was put in place to prevent against bungling multi-year cyber-espionage plans that may be in motion, thus having many agencies involved with the planning process of any attack.
“It wasn’t clear what rules the administration is adopting to replace the Obama directive,” WSJ writes. “A number of current US officials confirmed the directive had been replaced but declined to comment further, citing the classified nature of the progress.”
The moves to undo the directive apparently began in April when John Bolton took up the mantle of national security advisor. The previous administration’s cybersecurity coordinator Michael Daniel described the directive to the WSJ as “designed to ensure that all appropriate equities got considered when you thought about doing an offensive cyber operation.”
There’s a worry that the directive was dismantled too quickly, and as a result people are concerned because the Trump administration hasn’t outlined its replacement to those involved. Given this administration’s history of putting laws into place seemingly without considering the consequences, coupled with Trump’s contempt for the intelligence community, the lawmakers’ concerns aren’t unfounded.