Presidential Policy Directive 20 (PPD-20), provides a framework for U.S. cybersecurity by establishing principles and processes. Signed by President Barack Obama in October 2012, this directive supersedes National Security Presidential Directive NSPD-38. Integrating cyber tools with those of national security, [1] the directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.
Classified and unreleased by the National Security Agency (NSA), NSPD-54 was authorized by George W. Bush. [1] It gives the U.S. government power to conduct surveillance [2] through monitoring. [1]
Its existence was made public in June 2013 by former intelligence NSA infrastructure analyst Edward Snowden.
Because of private industry, and issues surrounding international and domestic law, [3] public-private-partnership became the, "cornerstone of America's cybersecurity strategy". [4] Suggestions for the private sector were detailed in the declassified 2003, [5] National Strategy to Secure Cyberspace. Its companion document, National Security Presidential Directive (NSPD-38), was signed in secret by George W. Bush the following year. [5]
Although the contents of NSPD 38 are still undisclosed, [1] the U.S. military did not recognize cyberspace as a "theater of operations" until the U.S. National Defense Strategy of 2005. [3] The report declared that the, "ability to operate in and from the global commons-space, international waters and airspace, and cyberspace is important ... to project power anywhere in the world from secure bases of operation." [6] Three years later, George W. Bush formed the classified Comprehensive National Cybersecurity Initiative (CNCI).
Citing economic and national security, the Obama administration prioritized cybersecurity upon taking office. [7] After an in-depth review of the, "communications and information infrastructure," [8] the CNCI was partially declassified and expanded under President Obama. [9] It outlines "key elements of a broader, updated national U.S. cybersecurity strategy." [10] By 2011, the Pentagon announced its capability to run cyber attacks. [11]
After the U.S. Senate failed to pass the Cybersecurity Act of 2012 that August, [12] Presidential Policy Directive 20 (PPD-20) was signed in secret. The Electronic Privacy Information Center (EPIC) filed a Freedom of Information Request to see it, but the NSA would not comply. [13] Some details were reported in November 2012. [14] The Washington Post wrote that PPD-20, "is the most extensive White House effort to date to wrestle with what constitutes an 'offensive' and a 'defensive' action in the rapidly evolving world of cyberwar and cyberterrorism." [14] The following January, [15] the Obama administration released a ten-point factsheet. [16]
On June 7, 2013, PPD-20 became public. [15] Released by Edward Snowden and posted by The Guardian, [15] it is part of the 2013 Mass Surveillance Disclosures. While the U.S. factsheet claims PPD-20 acts within the law and is, "consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace", [16] it doesn't reveal cyber operations in the directive. [15]
Snowden's disclosure called attention to passages noting cyberwarfare policy and its possible consequences. [15] [17] The directive calls both defensive and offensive measures as Defensive Cyber Effects Operations (DCEO) and Offensive Cyber Effects Operations (OCEO), respectively.
Presidential Policy Directive 20 (PPD-20), provides a framework for U.S. cybersecurity by establishing principles and processes. Signed by President Barack Obama in October 2012, this directive supersedes National Security Presidential Directive NSPD-38. Integrating cyber tools with those of national security, [1] the directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.
Classified and unreleased by the National Security Agency (NSA), NSPD-54 was authorized by George W. Bush. [1] It gives the U.S. government power to conduct surveillance [2] through monitoring. [1]
Its existence was made public in June 2013 by former intelligence NSA infrastructure analyst Edward Snowden.
Because of private industry, and issues surrounding international and domestic law, [3] public-private-partnership became the, "cornerstone of America's cybersecurity strategy". [4] Suggestions for the private sector were detailed in the declassified 2003, [5] National Strategy to Secure Cyberspace. Its companion document, National Security Presidential Directive (NSPD-38), was signed in secret by George W. Bush the following year. [5]
Although the contents of NSPD 38 are still undisclosed, [1] the U.S. military did not recognize cyberspace as a "theater of operations" until the U.S. National Defense Strategy of 2005. [3] The report declared that the, "ability to operate in and from the global commons-space, international waters and airspace, and cyberspace is important ... to project power anywhere in the world from secure bases of operation." [6] Three years later, George W. Bush formed the classified Comprehensive National Cybersecurity Initiative (CNCI).
Citing economic and national security, the Obama administration prioritized cybersecurity upon taking office. [7] After an in-depth review of the, "communications and information infrastructure," [8] the CNCI was partially declassified and expanded under President Obama. [9] It outlines "key elements of a broader, updated national U.S. cybersecurity strategy." [10] By 2011, the Pentagon announced its capability to run cyber attacks. [11]
After the U.S. Senate failed to pass the Cybersecurity Act of 2012 that August, [12] Presidential Policy Directive 20 (PPD-20) was signed in secret. The Electronic Privacy Information Center (EPIC) filed a Freedom of Information Request to see it, but the NSA would not comply. [13] Some details were reported in November 2012. [14] The Washington Post wrote that PPD-20, "is the most extensive White House effort to date to wrestle with what constitutes an 'offensive' and a 'defensive' action in the rapidly evolving world of cyberwar and cyberterrorism." [14] The following January, [15] the Obama administration released a ten-point factsheet. [16]
On June 7, 2013, PPD-20 became public. [15] Released by Edward Snowden and posted by The Guardian, [15] it is part of the 2013 Mass Surveillance Disclosures. While the U.S. factsheet claims PPD-20 acts within the law and is, "consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace", [16] it doesn't reveal cyber operations in the directive. [15]
Snowden's disclosure called attention to passages noting cyberwarfare policy and its possible consequences. [15] [17] The directive calls both defensive and offensive measures as Defensive Cyber Effects Operations (DCEO) and Offensive Cyber Effects Operations (OCEO), respectively.