Just yesterday I wrote how about our infamous President (and I use the term sarcastically) signed into Federal Law a bill that is supposed to help the Small to Medium sized Businesses (SMBs) to fight off Cyber threats and the attackers. Essentially, small business owners will now have the resources to craft Security Policies and to create Disaster Recovery/Backup & Restoration plans with the generous assistance of the Federal Government.
I am actually a proponent for this, largely because SMB simply just don’t have the financial resources like the Fortune 500 companies when it comes to doing this kind of stuff. So, as I was trolling the news headlines this morning, I came across Trump and Cyber security once again. But this time, rather than taking something months to pass through Congress and the Senate, this was a direct Executive Order.
On Wednesday of last week, Trump signed an Executive Order that authorizes the Secretary of Defense to launch cyber operations that can disrupt or degrade a Cyber attacker’s network or choke off attacks that are underway. This is actually a roll back of one of Obama’s Executive Orders, known as “Presidential Policy Directive 20”.
Apparently, the Trump Administration felt that the law enacted by Obama had too many bureaucratic obstacles that the top military brass viewed as overly restrictive. By reversing it, this will now them to move quickly and efficiently to combat Cyber threats from nation-states and other sophisticated Cyber attackers.
But of course, there are critics of this rollback, by stating that it may interfere with a sort of covert intelligence or diplomatic efforts that are currently taking place. For example, “ . . . a Department of Defense operation could theoretically compromise an ongoing intelligence collection effort . . . . similarly, a Department of Defense operation could frustrate an international partner that wasn’t consulted, leading to negative diplomatic ramifications.” (SOURCE: https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/08/17/the-cybersecurity-202-trump-just-gave-the-military-a-lot-more-leeway-to-launch-cyber-operations/5b75a7551b326b7234392972/?utm_term=.55cbbb9d7854).
But one of the side effects of this rollback is that the President and his Cabinet are no longer consulted on Cyber actions going forward. It is now up to the military brass can now take full charge, and to consult about any actions with other competing agencies that may be involved with covert Cyber actions, such as the CIA.
In other words, the intention of the Obama Administration was to create a set of checks and balances before lunging forward with any actions, military or covert. But with the roll back, this system is no longer in place. This is where critics are having their field day at.
One of the primary reasons that was cited for why Trump decided to move so drastically and quickly with this rollback is the continuing investigation by Mueller, and also to avoid any more Cyber attacks by Russia, especially as the midterm elections are coming up in just a matter of three months or so.
Also, another reason for this action is to give the top military leaders the ability to make split second decisions as the Cyber threat landscape becomes much more complex and stealthier on a daily basis.
My thoughts on this? Well, I have mixed views on this. First, I do applaud Trump yet once again for making a bold decision like this. In today’s times, we must be able to act quickly and decisively in order to fend off any potential Cyber-attacks. Crucial time could be wasted by having to consult other Federal Government agency leaders on this.
But at the same time, there are probably many covert, intelligence activities that are going on that we don’t even know about. Any drastic action by the military could thwart off those efforts, and also greatly anger any other countries whom have allied with us on the war on Cyberterrorism.
I feel that there should be some sort of balance here. Yes, we do need to move quickly, but there should be some sort of checks and balances as well. Perhaps not everybody needs to be consulted, but the key leaders should be, even Trump himself, before a strategic decision. This is where the role of a “Security Czar” should come into play, and this is a position which I believe has not been filled yet.
In other words, we should act upon a Cyber-attack like it could be a nuclear war situation. In just a matter of minutes, top leaders are consulted, and the President makes the final decision. That way, we are not wasting time, but yet there is a consultation process in place.
This tweet from Christopher Painter, the former top cyber diplomat at the State Department sums it up nicely: “We need to have & use cyber tools when appropriate & the most effective option, including for deterrence, but we also need to take account of all our national equities including working to build coalitions of countries to collectively respond to cyber threats.” (SOURCE: https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/08/17/the-cybersecurity-202-trump-just-gave-the-military-a-lot-more-leeway-to-launch-cyber-operations/5b75a7551b326b7234392972/?utm_term=.55cbbb9d7854).
In the end, hopefully we can strike this balance sooner rather than later.