Trump’s Looser Reins on Offensive Cyber Get Positive Reviews from Army

Evan Vucci/AP

Featured eBooks

Digital First
Cloud Smarter
Cybersecurity & the Road Ahead

Trump rescinded Obama-era rules that required White House sign off for most offensive cyber operations.

President Donald Trump’s loosening of the reins on offensive cyber operations is getting positive reviews from Army Cyber Command’s offensive team, the battalion’s senior civilian told Nextgov Thursday.

The Obama-era Presidential Policy Directive 20 set out a strict decision-making process for offensive cyber operations that required White House approval in most cases.

Trump rescinded that directive last month. The ultimate authority to launch offensive cyber operations now resides with the agencies that launch them, National Security Adviser John Bolton has said. In practice, that means the Defense Department and the intelligence agencies.

The change is part of a broader Trump administration move to ratchet up consequences for U.S. cyber adversaries, Bolton said.

Most offensive military cyber operations are still authorized by the Secretary of Defense, ReCharde Johnson told Nextgov during a press event at Fort Meade, the Maryland Base that houses U.S. Cyber Command.

There are some instances in which that authority rests lower down the chain of command, but details are classified, said Johnson who is senior civilian for the Army’s 781st Military Intelligence Battalion, which is the Army’s offensive cyber wing.

“It makes it a little bit quicker to get things done,” Johnson said, adding that under the old rules his battalion often planned extensive operations that would be scuttled somewhere up the chain of command.

“It’s kind of frustrating when you come up with something and have this plan and somewhere between you and the president someone says ‘no,’” he said. “Now we’ve taken that a couple of layers down.”

Johnson understands the necessity of external checks, he said, noting that it’s important for lawyers to review plans and that leaders need to be aware of the risks a mission will fail or have unintended consequences.

By lowering the threshold for operations, though, “there are a lot of things that can be done,” he said. “Not in the full fashion we envisioned, but at least to the point that our adversaries know we’re coming after them.”

The relaxing of rules may also help with recruiting, Johnson said, noting that new military and civilian employees are attracted by the idea of fighting back in cyberspace and frustrated by some restraints.

Johnson’s division is trying to fill about 100 cyber jobs now, he said, though much of the slow hiring pace is also due to the long lag time for security clearances.