PPD-41
With cyber intrusions and foreign espionage in the news, it’s time to revisit July’s PPD-41, the Presidential Policy Directive describing our nation’s cyber incident response processes.Recall that Paragraph II of PPD-41 describes two kinds of cyber incidents to which the directive applies, and a Significant Cyber Incident (SCI) is one that is “likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.”
RUSSIAn INVASION
According to an article from the New York Times, the intelligence community has been tracking Russian cyber espionage for several years now, and in September 2015 found “the cryptic first sign of a cyberespionage and information-warfare campaign devised to disrupt the 2016 presidential election . . . .” With apt conventional warfare metaphors that put Russia’s alleged cyber-attack in the context of PPD-41 and broader Russian foreign policy, Eric Lipton, David E. Sanger, and Scott Shane write, “A low-cost, high-impact weapon that Russia had test-fired in elections from Ukraine to Europe was trained on the United States, with devastating effectiveness.” If, in fact, Russia has attempted—successfully or not—to affect election outcomes, that would be likely be a crystal-clear example of “demonstrable harm . . . to the public confidence [and] civil liberties.” In October, the White House made clear that our nation would retaliate proportionally.
PROFESSIONAL DEVELOPMENT
Cleared professionals should be carefully watching this 21st century cyber-Watergate unfold. The way our leaders respond to this new kind of warfare will be an education for all of us.
Read more about PPD-41 and its implications in “Cyberwar Order of Battle” and “Escalating Into Cyberwar.”