EU approves “offensive cyber operations” against possible foreign attacks

Trump Administration leans towards a more proactive approach on cybersecurity

The White House has authorized what it called “offensive cyber operations” against interests contrary to those of the United States, which complies with the new policy that eases the rules on the use of cyber weapons to protect the nation, as reported by specialists in ethical hacking.

“Our hands will no longer be tied, unlike they were in the Obama administration”, said John Bolton, national security adviser of the Trump administration, during a press conference to raise awareness of a new national cybersecurity strategy. The security adviser gave no further details on the nature of these offensive operations, how significant they are or what specific malicious behavior they are trying to counteract.

Bolton’s statements are consistent with the Trump administration’s approach on cybersecurity, which is considered a more aggressive one compared to previous administration positions. The Donald Trump Government launches this last movement as part of an effort to “create deterrence structures that show our adversaries that the cost of their participation in operations against the US is higher than they could afford”, mentioned Bolton.

Trump’s new guideline (National Security Presidential Memorandum No. 13) allows the military to undertake actions that fall below the “use of force” or to a level that would cause death and destruction or significant economic impacts, all without waiting for approval, as reported by people who work closely to the White House; they preferred to remain anonymous.

“Speaking of this policy, Bolton’s statements probably mean that this administration is willing to take more risks than previous administrations, but we won’t know anything until the results become visible”, said Michael Daniel, who was the Obama administration’s cybersecurity coordinator.

Trump’s strategy is based on those presented by previous administrations and incorporates initiatives already underway, such as the use of a “risk management” approach to addressing vulnerabilities in critical infrastructure, as mentioned by cybersecurity and ethical hacking specialists from the International Institute of Cyber Security.

Overall, the strategy reflects almost identically the Obama administration’s cybersecurity plan issued in 2016, developed from best practices recommended in the cybersecurity and ethical hacking industry, said Ari Schwartz, a former Cyber Officer of the Obama administration.

The capacity of the US government to respond to the cyber provocations of the foreigner has been the subject of heated debates for years. The Obama administration was criticized for being too slow and passive on this issue; some former officials rejected it, saying that the obstacle to aggressively responding to a cyber attack from another country was not a political issue, but were based on the agencies’ inability to give an energetic response.

That’s why the Defense Department’s strategy went through an approach shift, in which it is required to face threats before they reach American networks and systems. In other words, with this new guideline, defensive cybersecurity work will take place in the context of a force demonstration, rather than just crisis management.