Neena Kapur | The IT Ambassador
Finally, some cyber policy
Published: Monday, November 19, 2012
Updated: Monday, November 19, 2012 08:11
The implications of Barack Obama’s renewed status as President of the United States are numerous. And, believe it or not, he’s already gotten down to business on some major issues, including reforming the tech sector in regards to cybersecurity.
Though the topic of cyberwarfare and security were only briefly touched upon during the election process, these defense threats are ones Obama has been pushing to address for the past two years. And now that he has won the presidency for the next four years, he has made it clear that he will not put the issues of the cyberworld in the backseat.
In October, Obama signed Presidential Policy Directive 20, the most comprehensive federal accomplishment in the realm of cybersecurity. This secretive directive establishes strict guidelines for the effective actions of federal agencies in response to cyber attacks.
What’s important is that the directive directly addresses the rut that cybersecurity has fallen into regarding offensive and defensive actions — is it better for us to respond to cyberattacks by launching offensive attacks, or by building up our defensive networks? Though the directive doesn’t provide an answer to this question, it still makes a clear distinction between “network defense” and “cyber operations,” and emphasizes the necessity for federal agencies to consult with law enforcement on defense mechanisms before turning to the military for offensive approaches.
“Network defense is what you’re doing inside your own networks ... cyber operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes,” said a senior official in the Obama administration.
Policy Directive 20 updates a previous directive that had been put into effect in 2004 and has served as the catalyst for additional action in the federal government. Currently, the Pentagon is working on finalizing a set of rules of offensive action to guide military cyber operations. However, examining offensive cyber methods requires much more caution, as offensive cyber attacks can result in unintended consequences, such as cyber retaliation.
The head of the military’s Cyber Command, Gen. Keith Alexander, asserts that offensive cyber mechanisms risks the security of the private sector systems that control the nations’ critical infrastructure.
This issue becomes even more complicated when looking at the lack of agreement in Congress over how the federal government should work to protect the computer systems in private sector. The Cyber Security Act of 2012, which was shot down by Congress earlier this year, was again rejected last Wednesday. However, Obama is considering using executive powers to implement it, regardless of Congress’s indecision. This will be his next obstacle.
The strides that Presidential Policy Directive 20 made are immense, and they set an important precedent for future legislation on the cyber world. Once one policy comes into effect, its importance will hopefully encourage others to follow in creating effective policy. With this directive, the United States will no longer be a passive observer of cyber attack.
Neena Kapur is a sophomore majoring in international relations and computer science. She can be reached at Neena.Kapur@tufts.edu.