Trump Administration Rolls Back Limits on U.S. Cyberattacks

by: The Knowledge Group

August 21, 2018


The Trump administration this month rolled back a set of rules from the prior administration, known as Presidential Policy Directive 20. U.S. Cyber Command will now presumably have authority to conduct strikes without a go-ahead from the White House.

We’ve seen PPD-20; it was leaked by Edward Snowden in 2013. It kept any government agency from launching cyberattacks to advance military operations, to shield elections from foreign meddling, or to guard U.S. intellectual property rights – except in emergency cases.

We don’t know what procedures will come into being after the president’s August 2018 rollback order, but we know they will be classified. And we know that the Pentagon has acquired stronger authority to use hacking technology – without needing to persuade State Department officials or other concerned agencies.

Checks and Balances

The State Department, the Department of Commerce, and other agencies have played an essential role in cyberattack decisions, particularly in charting out the possible geopolitical and financial ramifications. The intelligence community has exerted pressure against certain cyber operations by the U.S. military and allied forces, particularly if the operations could expose CIA eavesdropping software.

The decision to rescind current rules is a significant loosening of checks and balances, shifting influence away from the State Department and giving the Pentagon a freer hand.  R. David Edelman, who heads to Project on Technology, Economy and National Security for the Massachusetts Institute of Technology and worked as the international cyber policy director during Obama’s presidency, admits that U.S. cyber policy had been “cautious” but points out the highly unpredictable nature of cyberattacks‘ outcomes.

Undersea Hackers

In June 2018, the United States slapped sanctions on three Russian citizens and five Russian companies accused of assisting the central Russian intelligence agency.

All eight parties are now banned from any activities involving U.S. financial institutions, and U.S. companies are not allowed to carry out any transactions with them.

Several of the parties have connections to Divetechnoservices. The company is thought to have expertise hacking into undersea wires and transmitting intelligence to Russia’s cyber ops.

Be sure to stay updated with all of the latest cybersecurity developments all whilst earning Continuing Legal Education (CLE) credits by attending our latest cybersecurity webcast.  On August 28th we discuss Cloud-to-Cloud data protection and how to protect your business’s data. All of the registration information can be found by clicking here.  We look forward to seeing you there.