PPD-20 successor has yielded ‘operational success,’ Federal CISO says

The new structure “gives more authority to the people who need to actually make those decisions," Grant Schneider said.
Grant Schneider speaks Oct. 26 at Dell Technologies' Digital Transformation Summit, presented by FedScoop. (CyberScoop)

A revamped policy framework for offensive U.S. cyber operations is much quicker than its predecessor and has yielded “operational success,” a top White House cybersecurity official said Tuesday.

Last August, President Donald Trump rescinded the Obama-era policy, known as Presidential Policy Directive 20, which governed U.S. hacking operations, and replaced it with the new framework. Critics said PPD-20’s intricate interagency process unnecessarily delayed offensive operations, while advocates called it an important mechanism for accounting for all of the potential repercussions of a cyberattack.

The new structure “gives more authority to the people who need to actually make those decisions” about offensive operations, Grant Schneider, the federal information security officer, said at an event hosted by the nonprofit Intelligence and National Security Alliance. U.S. officials are focused on ensuring that the Pentagon “has the tools available to leverage offensive cyber capabilities,” he added.

The remarks from Schneider, the National Security Council’s top defensive-focused cybersecurity official, were some of his most extensive yet on the new policy and legal framework for green-lighting government cyberattacks.


Schneider said the new framework, dubbed National Security Presidential Memorandum 13, is “far more streamlined,” while still allowing for a deliberative interagency process for approving operations.

Trump administration officials have emphasized publicly what they say is a greater willingness than their predecessors to conduct hacking operations against U.S. adversaries. “Our hands are not tied as they were in the Obama administration,” national security adviser John Bolton boasted in September.

While welcoming the policy changes, Schneider indicated that digital offensives would only do so much to deter some adversaries.

“I personally don’t think there’s an offensive cyber panacea,” Schneider said. “I do not think deterrence in a nuclear context translates well to a cyber context. I don’t think [Russian President] Vladimir Putin is going to roll up his cyber tools and go away because we have a bigger, potentially, cyber offensive tool.”

At the same time, however, those cyber tools are “an element of national power,” he added. “We have to focus on it. It presents a tremendous opportunity for us, just like it presents a tremendous opportunity for our adversary.”


Wielding that power has meant actively using Cyber Command’s maturing capabilities. On the eve of the 2018 midterm elections, the command reportedly knocked an infamous Russian troll farm offline as part of the command’s operation to protect the vote.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts