Solution

Presidential Policy Directive 20 (PPD 20)

• PPD 20 provides a framework for US cyber security by establishing principles and processes. Started in 2012, this directive supersedes National Security Presidential Directive NSPD-38.

• The directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.

• This directive pertains to cyber operations, including those that support or enable kinetic, information, or other types of operations.

• Most of this directive is directed exclusively to defensive and offensive cyber effects operations: DCEO and OCEO.

National Security Presidential Directive 54 (NSPD 54)

• Started in 2008, NSPD 54 was issued concurrently as Homeland Security Presidential Directive 23.

• The NSPD 54/HSPD 23 authorized the DHS (together with OMB) to set minimum operational standards for Federal Executive Branch civilian networks.

• It empowers DHS to lead and coordinate the national cyber security effort to protect cyberspace and the computers connected to it.

• The directive contains the Comprehensive National Cybersecurity Initiative (CNCI), (EPIC 2018).

Comprehensive National Cybersecurity Initiative (CNCI)

• Started in 2008, CNCI now works nationally to support full spectrum cyber operations.

• The main actions of the CNCI are, (Pernik and Wojtkowiak 2016):

  • Create or enhance shared situational awareness within federal government, and with other government agencies and the private sector.

  • Create or enhance the ability to respond quickly to prevent intrusions.

  • Enhance counterintelligence capabilities.

  • Increase the security of the supply chain for key information technologies.

  • Expand cyber education.

  • Coordinate and redirect research and development efforts.

  • Develop deterrence strategies.