The Trump administration is using a new national cyber strategy, announced Sept. 20, to create fresh norms in cyberspace and increase the number of offensive operations.
President Donald Trump has put into place a new doctrine for how America operates in cyberspace that gives more authority to departments, national security advisor John Bolton told reporters.
“We are going to do a lot of things offensively. Our adversaries need to know that,” Bolton said. He added that the new policy is “not because we want more offensive operations, but precisely to create the structures of deterrence that will demonstrate to adversaries that the cost of their engaging in operations against us is higher than they want to bare.”
The announcement comes weeks after White House and defense officials told Fifth Domain that Trump “rescinded” the previous rules that governed America in cyberspace. Under those rules, often referred to Presidential Policy Directive 20, the government coordinated offensive operations through a process in which each agency had near veto power on operations, according to current and former officials.
“We will identify, counter, disrupt, deter and degrade behavior in cyberspace that is destabilizing and contrary to our national interest,” Bolton said. He added that the current strategy is “very different from PPD-20” and said that America’s “hands are not as tied as they were in the Obama administration.”
The new authorities are laid out in National Security Presidential Memorandum 13, which has not been released publicly.
A former White House official told Fifth Domain that the new authorities are more than a year in the making. Staffers inside the White House debated whether to work within the confines of PPD-20, or scrap the Obama policy altogether.
The Trump administration chose to chart a new path in cyberspace. But there are risks to the new plan.
"There are a lot of pros and cons with each approach,” Yonatan Striem-Amit, the co-founder and CTO of Cybereason, told Fifth Domain.
“A lot of nations feel that attacking U.S. targets is a no-risk game. Creating a quid pro quo situation where foreign adversaries are incentivized to reign in their operations can be very valuable.”
Striem-Amit warned that attributing cyberattacks can be difficult and many attackers can hide their identity. He said that some countries may pretend to be a third party to provoke a reaction.
The new national cyber strategy says the United States will “attribute and deter unacceptable behavior in cyberspace.” It aims to do this in part by launching “an international cyber deterrence initiative” to build a coalition of the willing to work with in cyberspace that can call out these bad actors.
For months, the State Department has been quietly meeting with countries around the world to build partnerships. Last month, Department of Homeland Security chief Kirstjen Nielsen penned an agreement with four of America’s closest intelligence allies to boost intelligence sharing and attribute bad actors in cyberspace.
The targets of the administration’s new plan in cyberspace were clear.
“Russia, Iran and North Korea conducted reckless cyberattacks that harmed American and international businesses and our allies and partners without paying costs likely to deter future cyber aggression,” the strategy reads.
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.