Strauss Director Chesney Dissects the Recent Discovery of a Revision to CIA Cyber Operations Procedures
Jul 30, 2020 | Cybersecurity
Professor Robert M. Chesney, Director of the Strauss Center, James A. Baker Chair in the Rule of Law and World Affairs, and Associate Dean for Academic Affairs at the University of Texas School of Law, recently published a Lawfare piece titled “The CIA, Covert Action and Operations in Cyberspace.” In it, Chesney lays out the implication of the recent discovery of a 2018 presidential covert action finding which altered “the terms on which CIA can (and should) engage adversaries via cyber means.” He first delineates the substance of the story, noting that the alteration is procedural in nature in that it enables the CIA to engage in cyber operations against particular adversaries without going through the usual National Security Council screening process—a revision which significantly speeds up approval time for cyber operations. Chesney then discusses the inherent risk-reward tradeoff in this decision, noting that all in all, the previous lengthy approval time suggests that such an alteration was indeed necessary. Chesney also briefly discusses whether or not the policy revision has been a success or failure, noting that the Yahoo article which disclosed this revision did not pose instances of either success or failure. Chesney then engages with a particularly interesting component of the revision: the apparent removal or weakening of the prior prohibition of CIA operations which might harm critical infrastructure. Chesney concludes by noting that the breaking news serves as “an important reminder that, despite the much greater visibility of U.S. Cyber Command’s defend-forward activities, the CIA continues to play a critical role in the increasingly fierce gray zone competition that characterizes statecraft in cyberspace these days.” Read the full article here.