[ad_1]
The White House has "authorized cyber-offensive operations" against US opponents, according to a new policy to relax the rules of using digital weapons to protect the nation, said Thursday National Security Advisor John Bolton.
"Our hands are not tied as they were in the Obama administration," Bolton said at a news briefing to unveil a new national cybernetic strategy.
[Read the Trump administration cyber strategy]
It did not specify the nature of the offensive operations, their importance or their specific malignant behavior.
The Trump administration focuses on attempts by foreign governments to target US networks and to interfere in the November elections. The strategy incorporates a new presidential directive that replaces the Obama administration, Bolton said. It allows armed forces and other organizations to undertake computer operations to protect their critical systems and networks in the country.
Bolton's remarks are consistent with the Trump administration's stance on cyber-deterrence, which is seen as more aggressive than the positions of the old administrations. He launched the latest initiative as part of an effort to "create deterrence structures that will demonstrate to opponents that the cost of their operations against us is higher than they want."
In general, the President's directive – called the Presidential Memorandum on National Security 13, or NSPM 13 – frees the military to engage, without a protracted approval process, with actions that are inferior to "the use of force" or Significant economic impacts, said people familiar with the policy who spoke on condition of anonymity to discuss non-public information.
"In terms of policy, Bolton's remarks probably mean that the administration is willing to take more risks than previous administrations, but the evidence will be in the results," said Michael Daniel, who was the cyber coordinator for the administration. Obama.
Trump's strategy builds on those put forward by previous administrations and incorporates initiatives already underway, such as the use of a "risk management" approach to address critical infrastructure vulnerabilities.
Overall, the strategy almost mirrors the Obama administration 's 2016 national cyber security action plan, derived from best practices developed in the cyber security and trade sector. said Ari Schwartz, former senior Obama administration official. .
The strategy "does not go far enough in accelerating the reforms to be made," said Representative Jim Langevin (D-R.I.), Who co-chairs the Congressional Caucus on Cybersecurity. It is good to clarify the roles of federal agencies in the protection of critical infrastructure, he said, but "the document often does not provide strategic advice on the trade-offs between regulation and responding to the needs of operators. . critical systems.
Mr. Langevin said it was ironic that Mr. Bolton eliminated the position of coordinator of White House activities when he took office early this year. Langevin said the cyber-coordinator was "the best position to deal with these compromises at the national level".
Bolton said he had done it to "eliminate the duplication and overlap" of the National Security Council staff. He said other directorates – intelligence and counter-proliferation, for example – were led by directors but did not have a coordinator over this position.
The question of the response to cyber provocations has been hotly debated for years. The Obama administration has been criticized for being too slow and timid. Some former leaders have rebuffed, saying that the obstacle to an aggressive response to a foreign cyberattack was not politics, but the agencies' inability to provide a forceful response.
"When you got to the point of saying," What do you have for us? " "There was not much to do," said Schwartz, now director of cybersecurity services at Venable Law Firm.
The new White House document follows a Pentagon cyber strategy released this week that focuses on China and Russia as the main opponents of the United States. "This is attributed to their respective roles, respectively, in the erosion of US military and economic vitality and in challenging our democratic processes," said Kate Charlet, a former Pentagon senior official at Carnegie Endowment for International Peace.
The Department of Defense's strategy also calls for "facing threats before they reach US networks." The US Cyber Command has always been tasked with defending the nation from attack while operating outside of the United States. From now on, the defensive activities will take place in the context of a "competition of great power on a daily basis" rather than in a crisis situation.
"The new approach stems from a growing consensus that lower-level malicious campaigns represent a major and cumulative risk and must be challenged," said Charlet. That's right, she said, but the Pentagon "should not be so focused on the day-to-day life that it is preparing for a major conflict."
The strategy also makes more explicit the role of the Department of Defense in preventing or repressing cyber-operations targeting US critical infrastructure "likely to cause a significant cyber incident".
[ad_2]
Source link