Presidential Policy Directive 20


Presidential Policy Directive 20 , provides a framework for U.S. cybersecurity by establishing principles and processes. Signed by President Barack Obama in October 2012, this directive supersedes National Security Presidential Directive NSPD-38. Integrating cyber tools with those of national security, the directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.
Classified and unreleased by the National Security Agency, NSPD-54 was authorized by George W. Bush. It gives the U.S. government power to conduct surveillance through monitoring.
Its existence was made public in June 2013 by former intelligence NSA infrastructure analyst Edward Snowden.

Background

Because of private industry, and issues surrounding international and domestic law, public-private-partnership became the, "cornerstone of America's cybersecurity strategy". Suggestions for the private sector were detailed in the declassified 2003, National Strategy to Secure Cyberspace. Its companion document, National Security Presidential Directive, was signed in secret by George W. Bush the following year.
Although the contents of NSPD 38 are still undisclosed, the U.S. military did not recognize cyberspace as a "theater of operations" until the U.S. National Defense Strategy of 2005. The report declared that the, "ability to operate in and from the global commons-space, international waters and airspace, and cyberspace is important... to project power anywhere in the world from secure bases of operation." Three years later, George W. Bush formed the classified Comprehensive National Cybersecurity Initiative.
Citing economic and national security, the Obama administration prioritized cybersecurity upon taking office. After an in-depth review of the, "communications and information infrastructure," the CNCI was partially declassified and expanded under President Obama. It outlines "key elements of a broader, updated national U.S. cybersecurity strategy." By 2011, the Pentagon announced its capability to run cyber attacks.

General

After the U.S. Senate failed to pass the Cybersecurity Act of 2012 that August, Presidential Policy Directive 20 was signed in secret. The Electronic Privacy Information Center filed a Freedom of Information Request to see it, but the NSA would not comply. Some details were reported in November 2012. The Washington Post wrote that PPD-20, "is the most extensive White House effort to date to wrestle with what constitutes an 'offensive' and a 'defensive' action in the rapidly evolving world of cyberwar and cyberterrorism." The following January, the Obama administration released a ten-point factsheet.

Controversy

On June 7, 2013, PPD-20 became public. Released by Edward Snowden and posted by The Guardian, it is part of the 2013 Mass Surveillance Disclosures. While the U.S. factsheet claims PPD-20 acts within the law and is, "consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace", it doesn't reveal cyber operations in the directive.
Snowden's disclosure called attention to passages noting cyberwarfare policy and its possible consequences. The directive calls both defensive and offensive measures as Defensive Cyber Effects Operations and Offensive Cyber Effects Operations, respectively.

Notable points