April 23, 2014

President Issues National Security Directive on Cyber Operations to Defend Government Networks; Executive Order Still Pending

According to news reports, President Obama has signed a directive to guide the actions of federal agencies in responding to cyber threats that explicitly permits actions outside government networks. President Policy Directive 20, which is not publicly available, reportedly directs agencies to take no more aggressive action than is necessary to address a threat. Under certain circumstances, however, the directive would permit the use of actions directed outside government networks—called “cyber operations”—but only for defensive purposes.

Traditional network defense strategies confined to government networks should continue to be the first response to cyber attacks, accompanied by outreach to law enforcement officials as needed. However, reports suggest that the presidential directive would permit defensive cyber actions outside government networks in some circumstances, subject to more stringent agency approval and, in many cases, the approval of the White House. This vetting process is intended to ensure that data and privacy are protected while also following the international laws of war.

The administration is still considering an executive order on cybersecurity issues that will likely address cybersecurity for private networks. Although the Senate had planned to take up cybersecurity legislation in the current lame-duck session, a vote to pass legislation in the Senate failed yesterday; the Senate may revisit the issue next month.

Copyright © 2014 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

About the Author


Stephen M. Spina is a partner in Morgan Lewis's Energy Practice. Mr. Spina represents electric utilities and other electric industry participants before the Federal Energy Regulatory Commission (FERC) on a variety of matters, including industry restructuring, market investigations, and regulatory issues under the Federal Power Act.


About the Author


J. Daniel Skees is an associate in Morgan Lewis's Energy Practice


Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of informat