Sputnik has discussed this with Bryan Seely, a cybersecurity expert and a McAfee board member.
Sputnik: Tell us what do you know about the Presidential Policy Directive 20?
Bryan Seely: President Trump just reversed it, in a move that’s pretty consistent with his sort of policy of removing everything President Obama did while he was in office whether it was good or bad he’s removing it.
He doesn’t want anything to do with it, and this has ultimately been graded as a fail from all experts across the board.
Bryan Seely: First instinct is to think removal of regulations will allow them to execute missions faster and respond to cybersecurity threats faster.
Instead it just takes away the chain of command, and now you’ve got 10 or 15 agencies who have no idea who they’re sharing information with, who they’re working with and what to do.
Sputnik: Critics of the original policy say that the restrictions were detrimental and I guess Trump has also been saying that were also detrimental to launching attacks quickly, can you tell us why that is not the case or why don’t believe that’s the case?
Bryan Seely: We’ve got all these different agencies they have to sign off on approval that sounds like a lot of work, but in reality that can happen in 15 minutes because it’s all electronic.
It’s not like the piece of paper is being handed off to a courier and then walked across the street. The approval process can go really quickly when you’re coordinating as a government and as intelligence agencies. For these guys this is their job, this is what they do.
Bryan Seely: From a defensive standpoint, the agencies that were working in harmony together and who knew what their roles were, you’ve got one guy doing this over here and you've got another agency doing this, now they don’t know what they’re doing. There’s not a clear standard of procedure for how they’re supposed to go and conduct themselves.
It is going to cause a lot of different chaos. We’re not going to have as good of an intelligence, we’re not going to see as swift of a response. Removing these regulations sounds like a way to free up red tape and get rid of all this unnecessary stuff, when in fact it does the exact opposite. It makes it more convoluted.
No one knows what’s going on and ultimately we're going to pay the price as government, governments, whoever is being attacked at the time.
Bryan Seely: This policy was hidden until 2013 and Edward Snowden actually revealed that it even existed. What it does it says that these agencies have to approve, at some point, it’s kind of like a chain of custody.
Or it’s like if I want to go and order a $1,000 part at my job I have to get my boss’ approval, he has to take it to his boss and then it’s got to go to accounting, then it's got to go to the accounting manager, and if it’s over $10,000, it has to go all the way up to the CFO — that’s eight or nine different people and departments.
So if you think of the government as this big business all of these other departments have to sign off and be part of the transaction which can lead to a lot of red tape, but when it comes to cybersecurity, and it comes to actually launching an offensive attack in retaliation for something that happened to us, these agencies coordinate really, really well.
Sputnik: So what has been the response to this so far? The press, groups, political parties what has been the response to this?
Bryan Seely: Even traditionally right or conservative-leaning media is not a fan. The Wall Street Journal did not come out going — this is a brilliant move — it’s not being accepted or regarded as brilliant strategy from cybersecurity experts. Over the last 12 hours I haven’t heard anyone who is a fan of it.
Views and opinions expressed in this article are those of Bryan Seely and do not necessarily reflect those of Sputnik.