Pres Obama Unilaterally Gives Cybersec Powers to Military

[Panzersharkcat]

From Reason

Yesterday, the Washington Post reported that the president signed a hush-hush directive granting the military additional power to respond to cyberattacks. The directive was signed as Congress debated — and, ultimately, rejected — controversial legislation dealing with the same issue. While the Post would have it that the president is simply bypassing nasty bipartisan gridlock in Congress to get important stuff done, that glosses over the unpleasant reality that many knowledgeable people argue against the policies that dear leader just implemented unilaterally. With the stroke of a pen, we now have two problems: Potentially bad policy inflicted on the nation through an abuse of executive power.

Reports the Washington Post:

President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyberattacks on the nation’s web of government and private computer networks.

Presidential Policy Directive 20 establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace, according to several U.S. officials who have seen the classified document and are not authorized to speak on the record. The president signed it in mid-October.

The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route. For the first time, the directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats.

The details of Presidential Policy Directive 20 are a bit vague, partially because the Pentagon is supposed to fill in the details itself, and (probably) partially because the "leak" about the directive may well be controlled and deliberate, given that the Senate killed Senator Joe Lieberman's Cybersecurity Act yesterday, as well. Suffice it to say that "cybersecurity" is a broad and vague term that can cover everything from the government making sure its own computers are tucked in snugly behind their firewalls, to mandated policies for the private sector and even intrusive snooping.

In fact, the Washington Post reported in September:

The White House has drafted a preliminary executive order aimed at strengthening the nation’s computer systems against attack, an effort to begin to accomplish through fiat what could not be achieved through Congress.

The draft order, whose contours are being debated, would create voluntary standards to guide companies in guarding themselves against cyberattacks, according to administration officials. It would also establish a special council made up of key government agencies to identify threats that could compromise critical sectors.

It's not clear whether any parts of that draft executive order were incorporated in the directive reportedly signed by the president. In September, the Post did report that the components of the draft order, and the legislation on which it was based, were opposed by businesses and GOP lawmakers "who decried even voluntary standards as a regulatory burden on business." Yesterday's article made no mention of opposition at all. But civil liberties groups also opposed Lieberman's bill upon which the draft executive order appears to be based, and the Electronic Frontier Foundation celebrated its demise with a press release:

With your help last summer we helped defeat Senator Lieberman's Cybersecurity Act. But for some reason, Senate Majority Leader Reid decided to call for another vote on the bill in the lame duck session today. After an hour's debate, the full Senate voted 51 to 47 against cloture for the Cybersecurity Act, meaning it can't move forward for a vote.

We've spent months going over the various faults in the bill—and of the faults in the other proposed Cybersecurity bills. We were particularly concerned because the Cybersecurity Act included overly vague definitions for key terms like "cybersecurity threat," "cybersecurity threat indicator," and even "countermeasures."

CNet notes that what little we know about the signed directive also points to controversial elements:

The nuts and bolts of the directive will most likely be met with criticism from many sides of the cybersecurity debate. While some will want to strengthen the directive and give free rein to the military to act quickly against cyberthreats, others will warn that the U.S. could step on international legal issues, Internet freedom, and other countries' sovereignty.

The details of the directive and the criticism of the same are less important here than noting that debate and delay over government power is both natural and healthy. People really do have legitimately different opinions on proposed legislation. Those opinions, when aired and debated, allow for better-informed decisions and a fuller understanding of the ultimate impact of policy changes. Mr. Obama is old enough to remember Schoolhouse Rock. Add in a few rough patches and some cynicism, and "I'm just a bill on Capitol Hill" is how it's supposed to work.

So sorry if the process of debating stuff and maybe losing a vote on favored policies is too drawn-out and annoying for you, Mr. President. But you really aren't supposed to be able "to accomplish through fiat what could not be achieved through Congress," as the Post put it so well, in an open and (still somewhat) free society.

Update: The Electronic Privacy Information Center would like to know just what in hell the administration thinks it's doing. EPIC filed a FOIA request to see what's in Presidential Policy Directive 20.

One excuse I've heard a lot from his apologists is that his heart's in the right place and once he secures reelection, he'll be free to move left. From the looks of things, that's not happening.

[ryacko]

Bafflingly, this makes for a good argument for 2nd amendment protection of 4chan.
As they may very well be our cybermilitia. If they weren't such weaboos.

[AniThyng]

Free to move left you say? To hear the right tell it, this is moving left

[TheHammer]

What is supposed to terrify me in that article? What's so unprecedented or over-reaching about the government developing polcieis for cyberwarfare? Considering there are no details in the article about what powers were granted the Military, attemping to bash Obama for "not moving left" on this issue is fucking ridiculous.

[Panzersharkcat]

What is supposed to terrify me in that article? What's so unprecedented or over-reaching about the government developing polcieis for cyberwarfare? Considering there are no details in the article about what powers were granted the Military, attemping to bash Obama for "not moving left" on this issue is fucking ridiculous.

This part: "The details of Presidential Policy Directive 20 are a bit vague, partially because the Pentagon is supposed to fill in the details itself, and (probably) partially because the "leak" about the directive may well be controlled and deliberate, given that the Senate killed Senator Joe Lieberman's Cybersecurity Act yesterday, as well. Suffice it to say that "cybersecurity" is a broad and vague term that can cover everything from the government making sure its own computers are tucked in snugly behind their firewalls, to mandated policies for the private sector and even intrusive snooping." That, plus the fact he did it after Congress already shot it down. Hurray for the imperial presidency.

[The Romulan Republic]

According to Wikipedia, this site is affiliated with the Reason Foundation, a libertarian think tank with a board of trustees that includes David Koch.

http://en.wikipedia.org/wiki/Reason_Foundation

Does that sound like an unbiased source?

[Gaidin]

Cybersecurity is a fact of life in modern society. Until the legislature figures out the law that doesn't mean the executive magically doesn't need to or have to worry about cybersecurity. Them shooting down the bill that proposed what is frankly only one of the many ways that could've been used to handle cybersecurity only guaranteed that the executive would do something on its own. I'm not totally clear on whether he ripped off the law that was shot down or went his own direction, but it was bound to happen, as the problem wasn't going to magically disappear. "Imperial" presidency indeed.

[TheHammer]

What is supposed to terrify me in that article? What's so unprecedented or over-reaching about the government developing polcieis for cyberwarfare? Considering there are no details in the article about what powers were granted the Military, attemping to bash Obama for "not moving left" on this issue is fucking ridiculous.

This part: "The details of Presidential Policy Directive 20 are a bit vague, partially because the Pentagon is supposed to fill in the details itself, and (probably) partially because the "leak" about the directive may well be controlled and deliberate, given that the Senate killed Senator Joe Lieberman's Cybersecurity Act yesterday, as well. Suffice it to say that "cybersecurity" is a broad and vague term that can cover everything from the government making sure its own computers are tucked in snugly behind their firewalls, to mandated policies for the private sector and even intrusive snooping." That, plus the fact he did it after Congress already shot it down. Hurray for the imperial presidency.

So i'm supposed to be afraid because we don't have all the details of how cyber-warefare/cyber-defense will be conducted? That is pretty much the case with everything the military does. The internet is another battlefield, and quite frankly I'd be more concerned if there WEREN'T any defense of that arena.

So the senate shot down *a* bill on cybersecurity. One that might have fuck all to do with the President's order. Apparently some people think the President should sit on his hands until Congress with all their competing agenda's actually comes up with a solution that is the be-all end-all of cybersecurity. That's simply not realistic, nor is it in the best interests of the people of this nation. Unless you can show me some law that is broken, or freedom infringed, I see no reason for concern.

The excerpt from the article you just quoted states "cybersecurity" is a broad and vague term that can cover everything from the government making sure its own computers are tucked in snugly behind their firewalls, to mandated policies for the private sector and even intrusive snooping." Apparently you assume the most extreme interpretation, that the President's order must be some sort of Orweillian conspiracy against freedom, rather than a rational decision to protect the nation. I hope you've got a fresh supply of tin foil hats.

As for me, I'll wait til there is some actual evidence of something rather than let my wild imagination come up with internet boogeymen working at the behest of an evil government.

[Irbis]

Yup, as much as I hate anything limiting individual freedom, military getting capability to act against cyberattacks is pretty much a given, and the debate will be how the powers should be defined, not if they should get the powers. It's no different to President setting up air defence units after invention of airplane, despite the protests of cavalrymen they are still the most important force on battlefield.

The fact that congress stuck the bill means jack squat, we're talking about the band that was willing to hit debt wall with speeding car that is US economy. Unless we get some confirmation from organization really concerned with freedoms, I'd take every single thing coming out of the mouths of these right wing assholes with a few kilotons of salt.

[White Haven]

To me, this reads like another 'do your fucking jobs, or I will' moment, much like the whole Fiscal Cliff nonsense. It's the president removing the 'do nothing' option from the table after the legislature dropped the ball, so the options instead become 'legislate something' versus 'the military gets it done.' All Congress has to do to take that power back away from the military is its job, which is to bloody well make laws regarding issues. And if Congress can't do its job, should modern, pressing issues just go un-addressed because everyone's afraid of executive power?

Obama gave the legislature first crack at it, they did nothing, then his response amounted to 'fine, I'll do it. Assholes.'

[Zaune]

This part: "The details of Presidential Policy Directive 20 are a bit vague, partially because the Pentagon is supposed to fill in the details itself, and (probably) partially because the "leak" about the directive may well be controlled and deliberate, given that the Senate killed Senator Joe Lieberman's Cybersecurity Act yesterday, as well. Suffice it to say that "cybersecurity" is a broad and vague term that can cover everything from the government making sure its own computers are tucked in snugly behind their firewalls, to mandated policies for the private sector and even intrusive snooping." That, plus the fact he did it after Congress already shot it down. Hurray for the imperial presidency.

Personally, I'd be reluctantly okay with that if "cyberwarfare" as a threat wasn't massively exaggerated. It is not possible to make a nuclear reactor melt down, crash an airliner or in fact do much of anything else that a sane society would treat as terrorism; you can significantly inconvenience a lot of people, cost both the public and private sector a hell of a lot of money and maybe do some blackmail, but actually killing someone by mere computer hacking only happens in bad movies. The one exception to this is the storage of sensitive military intelligence, but if it takes the President to unilaterally signing something into law to get them to bother giving a shit about encrypting their data and establishing a proper chain-of-custody procedure for anything it's stored on, you've got much bigger problems than terrorists with broadband.

[Irbis]

Personally, I'd be reluctantly okay with that if "cyberwarfare" as a threat wasn't massively exaggerated. It is not possible to make a nuclear reactor melt down, crash an airliner or in fact do much of anything else that a sane society would treat as terrorism; you can significantly inconvenience a lot of people, cost both the public and private sector a hell of a lot of money and maybe do some blackmail, but actually killing someone by mere computer hacking only happens in bad movies. The one exception to this is the storage of sensitive military intelligence, but if it takes the President to unilaterally signing something into law to get them to bother giving a shit about encrypting their data and establishing a proper chain-of-custody procedure for anything it's stored on, you've got much bigger problems than terrorists with broadband.

Um, Natanz, anyone? Stuxnet already proved that it is indeed possible to wreck a lot of shit with a few lines of code, and that was in the best defended part of Iran. Would you call disabling, say, a dozen electric power plants at once, something far easier to achieve and something that would probably cause catastrophical grid shutdown, a terrorist attack? If not, why? Would all people dying due to lack of electricity count? Would economical damage easily surpassing 9/11 count?

Same as attack in Taranto was copied on larger scale in Pearl Harbour, Natanz can pave way to something far more serious - would you say preventative measures to something proven to work are stupid?

[TheHammer]

This part: "The details of Presidential Policy Directive 20 are a bit vague, partially because the Pentagon is supposed to fill in the details itself, and (probably) partially because the "leak" about the directive may well be controlled and deliberate, given that the Senate killed Senator Joe Lieberman's Cybersecurity Act yesterday, as well. Suffice it to say that "cybersecurity" is a broad and vague term that can cover everything from the government making sure its own computers are tucked in snugly behind their firewalls, to mandated policies for the private sector and even intrusive snooping." That, plus the fact he did it after Congress already shot it down. Hurray for the imperial presidency.

Personally, I'd be reluctantly okay with that if "cyberwarfare" as a threat wasn't massively exaggerated. It is not possible to make a nuclear reactor melt down, crash an airliner or in fact do much of anything else that a sane society would treat as terrorism; you can significantly inconvenience a lot of people, cost both the public and private sector a hell of a lot of money and maybe do some blackmail, but actually killing someone by mere computer hacking only happens in bad movies. The one exception to this is the storage of sensitive military intelligence, but if it takes the President to unilaterally signing something into law to get them to bother giving a shit about encrypting their data and establishing a proper chain-of-custody procedure for anything it's stored on, you've got much bigger problems than terrorists with broadband.

Um actually you could do all of those things via hacking. It hasn't happened yet because there are safeguards in place. That doesn't mean those safeguards are foolproof. Further, "terrorists" aren't the only players in this field. The bigger threats in this field would be China, Russia etc. If they wanted to shrink American influence then they could target our economic interests via cyber attacks. You can do a lot of damage to a nation without directly "killing" someone.