Chinese Spy Networks in Britain and United States

The agents are thought to have handed over secrets while still in service for France’s external DGSE intelligence agency, similar to Britain’s MI6 and America’s CIA, Ms Parly told CNews television. The third person – believed to be the wife – has been indicted for “concealment of treasonable crimes” and placed under “judicial control”, meaning judges keep close tabs on her pending trial. More here.

France arrests two spies for passing secrets to China photo

France has confirmed the arrest of two French intelligence officers who are accused of spying for the Chinese government. It appears that the two officers were captured and charged in December. However, their arrests were not publicized at the time, because French counterintelligence officials wanted to avoid alerting more members of a possible spy ring, which some say may include up to five French citizens. It was only last Friday, a day after French media published leaked reports of the arrests, that the French government spoke publicly about the case.

France’s Minister of the Armed Forces, Florence Parly, told France’s CNews television on Friday that two French intelligence officers were “accused of extremely serious acts of treason” against the French state. The two officers had been charged with delivering classified information to a foreign power”, she said. Parly added that the spouse of one of the officers was also being investigated for participating in acts of espionage on behalf of a foreign country. When asked to identify the country that the two officers are accused of spying for, the minister refused to respond. But the Agence France Presse news agency cited an anonymous “security source”, who said that the two intelligence officers were being suspected of spying for China and that they had been captured following a sting operation by French counterintelligence officers.

French television station TFI1 said on Friday that both spy suspects are officers in the General Directorate of External Security (DGSE), France’s primary external intelligence agency. The station added that at least one of the two suspects was stationed at the embassy of France in Beijing when French counterintelligence became aware of the alleged espionage. According to some reports, the two suspects had retired from the DGSE by the time they were arrested, but committed their alleged espionage while still in the service of the spy agency. French government officials have refused to provide information about the length of the alleged espionage or the nature of the classified information believed to have been compromised. Additionally, no information is available about whether the two alleged spies were working in cooperation with each other. The BBC asked China last week about the arrests in France, but the Chinese Ministry of Foreign Affairs said it was not aware of the incident.

*** As a reminder, the United States has it’s own Chinese spy network. Jerry Chun Shing Lee was charged with aiding China dismantle a U.S. informant network in China in exchange for money. He has plead not guilty.

a man smiling for the camera © Provided by South China Morning Post Publishers Limited

It was this past February that FBI Director Chris Wray provided testimony to the Senate Intelligence Committee that Chinese spies have fully infiltrated U.S. universities. Additionally, China continues to gain access and in many cases successfully, of U.S. technologies and intellectual properties through telecommunications companies, academia and most especially with joint business adventures.

China has launched an ‘all society’ approach to gain access to intellectual property and some universities are pushing back on the warnings put forth by Director Wray as there are an estimated 400,000 Chinese students studying in the United States, many attending cash strapped colleges.

Deep Throat, Deep State and #SpyGate is Old News

C’mon remember the Watergate break-in? Former CIA operatives were part of that. But wait, Nixon himself was being surveilled by the FBI. Anna Chennault, a GOP operative had interesting connections all throughout Asia. Those relationships were of big concern to the FBI and the Bureau was tracking those connections. That was all related to the Paris Peace talks on North and South Vietnam. Due to FBI eavesdropping and collections of diplomatic cables, Lyndon Johnson knew all about Nixon’s subterfuge. Have we forgotten the secret Nixon tapes? Too bad we can’t ask Mark Felt questions, dead men tell no tales.

Using intelligence agencies is an old habit yet Obama appears to have made an art of that exploitation. Obama spied on journalists including James Rosen of Fox News. Obama likely approved of John Brennan’s operation to spy on the senate staffers working on the enhanced interrogation techniques report headed by Senator Dianne Feinstein. Heck, Obama spied on Angela Merkel of Germany. Enter the NSA, they have everything. Edward Snowden proved that right? Not too sure FISA warrants were ever really needed in the first place, think about that.

Spies, informants and operatives come in many forms. They can be staffers, hired ladies, lawyers, lobbyists, policy wonks, people having cocktails at conventions, summits or conferences where business cards are exchanged for later email/phone call follow-up.

It is all old news. Old news and old tactics that get refined to due electronic communications, apps and encryption.

So, how do we know about these activities? Follow the money for starters. Remember the DNC and Hillary law firm, Perkins Coie.

The Obama for America committee paid Perkins Coie around $3 million during the 2012 election cycle, according to filings with the Federal Election Commission, A vast majority of the payments were earmarked for “Legal Services.”

Was Fusion GPS hired by Obama to surveil on Romney for opposition research? Was the media involved? Oh yeah, remember that debate and the advanced questions?  Then of course we have Fusion GPS and Trump.

Okay, this brings us to the current #Spygate and the names bubbling to the surface.

One such name is Stefan Halper. During the presidential transition, Donald Trump’s top trade advisor Peter Navarro, recommended Halper for an ambassadorship. Heck Halper was in the White House Executive Office wing last summer to discuss Asia with particular emphasis on China.

Stefan Halper goes all the way back to the Reagan/Carter days. Oh, wait, even Gerald Ford and George HW Bush were included in Halper’s political history. Is there a difference between spying, intelligence collection and being a political operative? You decide.

There is more, How about Paul Corbin? He was a communist. And yes, he was an campaign operative too. He worked on the John F. Kennedy campaign. There was also ‘Debategate‘.

 

 

Moving on and do NOT hang your hat on Carter Page. Remember the Washington Post editorial board doing an early interview with Trump and a question arose about his foreign policy team? Well, Trump threw out 2 names from the hip, Carter Page and George Stephanopoulos. In fact neither had any quality role in the Trump operation. Another was Zalmay Khalilzad, former U.S. ambassador to Afghanistan, Iraq and the United Nations. Heck Trump never met Khalilzad. He remains a back channel fella with concerns still with Pakistan, Afghanistan and Iraq. Khalilzad was part of a money laundering investigation in 2014. Could he be an operative too?

Now take a moment and see the issue of Russian operatives and spies in the United States to understand how the FBI tails these people. In 2010, there was a spy swap (10 operatives) that included 2 key people. One such person was Anna Chapman who was assigned to get inside the Hillary State Department operation(s) and she did. The other is Sergei Skripal. He is the former Russian military officer and double agent that Russia just attempted to kill with Novichok, a nerve agent. Then there was this other double agent in New York that was captured in a counter-intelligence operation as a result of spy operations that work out of the Russian Mission to the United Nations.

Are you beginning to understand the other work of the FBI? President Bush expelled 50 Russians, Reagan expelled 55 Soviets and both Obama and Trump have expelled 35 and 60 respectively.

With those facts, does it stand to reason that the FBI rank and file agents are very concerned about foreign operatives in politics and campaigns? There is for sure an argument to be made that informants and plants are not only used by required.

Will we ever know all the puzzle parts to these cases? NO

Is #Spygate a one off with regard to President Trump? NO

Perhaps there is something yet to be discovered in Hillary’s missing emails or Peter and Lisa’s text messages. Hello IG report by Michael Horowitz.

The tactics are tried and true…however, when will the media much less the Republicans call out the abuse of power the Obama administration on all of this? In summary, the Trump administration should fight back and impeach those Obama operatives, what say you?

 

 

Jones Day Legal Counsel to European Corps, Iran Deal

Let’s begin with Ploughshares, shall we? Make sure you check the credits at the end of the video. Those that contributed money to the effort are listed here.

Meanwhile, there is a meeting scheduled in Vienna where Germany, France, Britain, Russia and China are to discuss saving the Iran nuclear deal. It is being chaired by Helga Schmid. Will it soon be called the Vienna nuclear deal?

Impact of U.S. Withdrawal from the Iran Nuclear Deal

May 2018

In Short

The Situation: On Tuesday, May 8, 2018, President Trump announced that the United States has withdrawn from the Iran Nuclear Deal and will fully reimpose its suspended sanctions targeting Iran.

The Result: All currently suspended U.S. sanctions in respect of Iran, including sanctions applicable to non-U.S. persons, will be reimposed by November 5, 2018.

Looking Ahead: The reimposition of U.S. sanctions will have limited impact on U.S. companies. However, foreign companies majority-owned or controlled by U.S. persons must now begin winding down any Iran-related activities. In contrast, the impact of the reimposition of U.S. sanctions on non-U.S. companies is less clear, and as the international response develops, non-U.S. companies will increasingly face a complex compliance landscape.


As reported earlier this week, on May 8, 2018, President Trump announced that the United States will reimpose, after specified wind-down periods, all nuclear-related sanctions lifted under the Joint Comprehensive Plan of Action (“JCPOA”) (commonly known as the “Iran Nuclear Deal”). As a result, the U.S. sanctions regime will revert to its pre-JCPOA scope by November 5, 2018.

In light of the comprehensive U.S. primary sanctions that remained in place after implementation of the JCPOA, President Trump’s announcement will have little impact on U.S. companies. In contrast, foreign subsidiaries of U.S. organizations and their non-U.S. counterparts face a dramatically changed compliance landscape. With the reimposition of U.S. extraterritorial, or secondary, sanctions, non-U.S. companies must navigate increasingly complex terrain as they assess continued engagement with Iran, compliance with U.S. sanctions, and the pending response of the other JCPOA signatories.

Immediate Impact

The background of the JCPOA, the resulting international sanctions relief, and President Trump’s criticism of the deal are, at this point, well-known (seeIran Nuclear Deal Reached; Sanctions Remain in Place,” “Implementation Day Triggers Significant Changes to International Sanctions Against Iran,” and “Potential Options for U.S. Sanctions on Iran Under the Trump Administration“). Although the policy implications of President’s Trump’s announcement may be subject to debate, the immediate impact is clear. In connection with the announcement, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued Frequently Asked Questions setting out a staged reimposition of U.S. sanctions over the next 90 to 180 days (subject to any extension that may be put in place by the United States at a later stage).

Following a 90-day wind-down period ending on August 6, 2018, the United States will reimpose its secondary sanctions targeting activities related to:

  • Iran’s automotive sector;
  • The sale, supply, or transfer, directly or indirectly, of graphite, raw or semi-finished metals (such as aluminum and steel), coal, and software for integrating industrial processes to or from Iran; and
  • Certain financial and banking transactions related to Iranian sovereign debt, the acquisition of U.S. dollar banknotes by the Government of Iran, the purchase or sale of Iranian rials, Iranian rial-denominated funds or accounts, and trade in gold or other precious metals.

During the same period, the United States will revoke the following authorizations:

  • The general license authorizing the importation into the United States of Iranian-origin carpets and foodstuffs (as well as certain related financial transactions);
  • All specific licenses (and subsequent wind-down authorizations) issued in connection with the Statement of Licensing Policy for Activities Related to the Export or Re-export to Iran of Commercial Passenger Aircraft and Related Parts and Services (“JCPOA SLP”); and
  • General License I, which authorized certain transactions related to negotiating and entering contingent contracts for activities covered by the JCPOA SLP.

Following a 180-day wind-down period ending on November 4, 2018, the United States will reimpose its secondary sanctions targeting activities related to:

  • Certain transactions by foreign financial institutions with, and provision of specialized financial messaging to, the Central Bank of Iran and/or designated Iranian financial institutions;
  • Certain categories of transactions related to Iran’s energy sector, including certain investments (such as participation in joint ventures); provision of goods, services, technology or technical support; the purchase, sale, transport, or marketing of petroleum, petrochemical products, and/or natural gas to or from Iran; and transactions with certain designated persons (such as the National Iranian Oil Company, Naftiran Intertrade Company, and National Iranian Tanker Company);
  • Certain transactions involving Iran’s port operators and/or related to Iran’s shipping and shipbuilding sectors, including activities involving the Islamic Republic of Iran Shipping Lines, South Line Iran, or their affiliates; and
  • The provision of certain insurance, reinsurance, and underwriting services.

Effective November 5, 2018, the United States will also revoke General License H (and any subsequent wind-down authorizations issued in connection with that general license), which previously authorized foreign entities majority-owned or controlled by U.S. persons to engage in most transactions involving Iran. It appears all other Iran-related general and specific licenses, including licenses issued under the Trade Sanctions Reform and Export Enhancement Act of 2000 (“TSRA”), issued by OFAC will remain unaffected.

Finally, no later than November 5, 2018, the United States will redesignate all persons who had been removed, through the JCPOA, from the List of Specially Designated Nationals and Blocked Persons and/or other U.S. sanctioned parties lists.

Consequently, by November 5, 2018, the United States is currently expected to have reimposed all sanctions that had been lifted pursuant to the JCPOA.

Near- and Long-Term Implications

As a practical matter, the reimposition of U.S. sanctions suspended under the JCPOA will have limited impact on U.S. companies. As noted in our prior Alerts and Commentaries, substantial U.S. sanctions in relation to Iran have remained in place and continued to prohibit U.S. persons from engaging, directly or indirectly, in virtually all transactions or dealings with Iran without authorization.

The reimposition of U.S. sanctions will, however, have immediate impact on non-U.S. organizations that are majority-owned or controlled by U.S. persons and on U.S.-linked aviation companies. As noted above, the United States intends to revoke all specific and general licenses issued in connection with the JCPOA “as soon as administratively feasible,” including General License H and aviation-specific licenses issued under the JCPOA SLP and General License I. In their place, OFAC intends to issue authorizations that will likely narrowly authorize only activities necessary to wind down previously authorized activities. Companies that rely on these authorizations should immediately reassess their existing Iran-related activities, including in-process and pending transactions, in order to prepare to wind down Iran-related activities and ensure compliance with U.S. sanctions during the wind-down period.

The near- and long-term implications of President’s Trump announcement for non-U.S. companies are less clear. Non-U.S. persons are not, with limited exceptions, subject to U.S. primary sanctions. However, U.S. secondary sanctions provide for an array of penalties that, in effect, foreclose access to U.S. markets—a meaningful deterrent for non-U.S. companies. The United States appears poised to rigorously enforce the renewed sanctions and has advised non-U.S. companies to begin winding up soon-to-be sanctionable activities to avoid exposure to sanctions or an enforcement action when the applicable wind-down period ends.” Continued engagement with Iran will therefore become an increasingly fraught proposition for non-U.S. persons, and one that may be further complicated by the international community’s response to the United States’ withdrawal.

In that regard, following President Trump’s announcement, the European Union has reiterated its commitment to “the continued full and effective implementation of the JCPOA,” as long as Iran meets its nuclear-related obligations, adding that it “is determined to work with the international community” to preserve the deal. Although the European Union has not yet indicated any measures it may implement to preserve the JCPOA, it suggested earlier this year that it may expand its Blocking Regulation—Council Regulation (EC) No. 2271/96 of November 22, 1996—to protect EU-based organizations doing business in Iran following any U.S. withdrawal.

The Blocking Regulation was adopted in 1996 by the European Union (European Communities at the time) in response to the extraterritorial application of U.S. sanctions against Cuba, Iran, and Libya. It prohibits EU companies from complying with blocked sanctions “whether directly or through a subsidiary or other intermediary person, actively or by deliberate omission.” The importance of the Blocking Regulation in the last decade has been limited. This would change if the scope of its application is expanded to cover the U.S. secondary sanctions in relation to Iran, possibly protecting EU companies from enforcement of U.S. judgments or administrative decisions giving effect to the secondary sanctions.

Historically, enforcement of the Blocking Regulation has generally been very limited, but expanding its scope now has the potential to lead to increased enforcement actions across Europe. An expanded Blocking Regulation would, however, place EU companies squarely between the competing demands of U.S. sanctions and EU and national requirements. The European Union may also try to negotiate an exemption for EU companies from the reimposition of the U.S. sanctions. The prospects of relief for EU companies under either approach remains uncertain.

China and Russia have likewise consistently reaffirmed their commitment to the JCPOA, and in a joint statement last month confirmed their “unwavering support” for the deal. In light of current tensions between the United States and Russia and China, it seems unlikely that the U.S. withdrawal will lead Russia or China to alter its commitment to the JCPOA or have a substantial impact on Russian and Chinese business interests in Iran.

As the international response to the U.S. withdrawal from the JCPOA develops, non-U.S. companies should take steps to protect their interests in light of the pending reimposition of U.S. sanctions. In particular, non-U.S. companies should reassess their Iran-related activities to determine their potential liability under the soon-to-be imposed U.S. secondary sanctions and/or any potential blocking statutes; open dialogues with their financial institutions, insurers, and other service providers regarding any Iran-related activities; and, significantly, prepare to possibly wind down any potentially sanctionable Iran-related activities in order to move promptly to comply with U.S. secondary sanctions, if warranted.

Jones Day will continue to monitor developments and provide updates.


Three Key Takeaways

  1. The U.S. withdrawal from the Iran nuclear agreement will result in the reimposition of sanctions that had been lifted as part of JCPOA, or, the “Iran Nuclear Deal.”
  2. Because the comprehensive U.S. primary sanctions remained in place after implementation of JCPOA, the withdrawal and reimposition of sanctions hold few consequences for U.S. companies.
  3. However, foreign subsidiaries of U.S. organizations and their non-U.S. counterparts face a markedly altered compliance situation, and those companies affected should take decisive and deliberate measures to protect their interests.

China and Russia Using Same Aggressive Military Playbook

So, we cannot deny that Russia has been quite aggressive against the United States and our allies that go beyond the conflict in Syria and hacking. Russian spy ships cruise our coastlines, Russian fighter jets buzz our aircraft and Russian mercenaries from the Wagner Group attack our forces. Russia also encroaches on other countries and successfully annexes them such as Crimea and Ukraine.

So, what about China?

Photos show scale of construction in disputed area of ... photo

Well there are those disputed Spratley Island, claimed by several countries where China has taken full control. Now those islands which are part of one the largest maritime shipping channels in the world are weaponized and fortified by China with cruise missiles and surface to air weapons platforms. China is well known for hacking, successful industrial espionage and intellectual property theft.

The placement of the defensive weapons also comes on the heels of China’s recent South China Sea installation of military jamming equipment, which disrupts communications and radar systems. By all accounts, the new coastal defense systems represent a significant addition to Beijing’s military portfolio in one of the most contested regions in the world.

The land-based anti-ship cruise missiles, designated as YJ-12B, allow China to strike surface vessels within 295 nautical miles of the reefs. Meanwhile, the long-range surface-to-air missiles designated as HQ-9B, have an expected range of targeting aircraft, drones and cruise missiles within 160 nautical miles.

The defensive weapons have also appeared in satellite images of Woody Island, China’s military headquarters in the nearby Paracel Islands. More here.

As the Chinese have a military base just one mile from the American base in Djibouti, at least ten nasty encounters by the Chinese against American aircraft have been recorded. So, the Pentagon has filed a demarche.

In a press briefing Thursday, Pentagon Chief Spokesperson Dana White told reporters that the “very serious incidents” had resulted in “two minor injuries,” noting that Chinese laser use “poses a true threat to our airmen.” White said the U.S. has asked China to investigate laser use in the area. “It’s a serious matter. And so we’re taking it very seriously,” White explained. “We expect China to investigate it thoroughly.”

China’s ‘neighbouring base’ in Djibouti worries Pentagon ... photo

Camp Lemonnier is the only permanent American base in Africa and is home to around 4,000 troops. Opened in 2001, the installation has become a vital staging point for U.S. counter-terrorism operations, especially as a regional hub for American drone missions launched from a network of other nearby bases. Initially an 88-acre base, an agreement was signed with the Djibouti government in 2006 to expand the facility to 500 acres.

Chinese military observers told the Post that China’s laser use may be trying to scare off birds near its airfield or disrupting spy drones flying above, rather than targeting foreign pilots. Analyst Zhou Chenming told the newspaper, “The Chinese and U.S. bases in Djibouti are really close, so one could disturb the other if the two sides don’t have a proper communication mechanism.”

*** But hold on…Tucker Carlson asked a handful of key questions to Senator Marco Rubio. The answers were terrifying.

Approval Process for Cyberwarfare Challenged

Cyber is a real battlefield and yet it gets almost zero ink in the media. The reason is due in part to exposing vulnerabilities, forced ransoms and stolen data.

NotPetya could be the beginnings of a new kind of ... photo

Just a couple of years ago: Chet Nagle, a former CIA agent and current vice president of M-CAM, penned an article in the Daily Caller, stating, “At FBI headquarters in July, the head of FBI counterintelligence, Randall Coleman, said there has been a 53% increase in the theft of American trade secrets, thefts that have cost hundreds of billions of dollars in the past year. In an FBI survey of 165 private companies, half of them said they were victims of economic espionage or theft of trade secrets — 95% of those cases involved individuals associated with the Chinese government.”

The threats all appear to have a foreign genesis and the United States does not have a real cyber policy due in part to debates over whether cyber attacks are acts of war. Can the United States fight back with her own cyber weapons? Not really, kinda, maybe.

Tracking the theft is left to the FBI, while responding is left to the U.S. Cyber Command. Army Lt. Gen. Paul Nakasone is the head of Cyber Command facing strategic threats from Russia, China, North Korea and Iran. During his confirmation hearings, Nakasone was grilled on how he would position the agencies to confront mounting Russian aggression in cyberspace, whether through attempted interference in U.S. elections or targeting the electric grid and other critical industrial systems.

Members of the White House’s National Security Council are pushing to rescind Presidential Policy Directive 20, an important policy memorandum that currently guides the approval process for government-backed cyberattacks, three current U.S. officials familiar with the matter tell CyberScoop.

The effort is driven in part by a desire from some NSC staff to create a more streamlined channel for military leaders to get their offensive cyber operations greenlit, insiders familiar with the matter said. The sources spoke under the condition of anonymity to freely discuss sensitive national security matters.

The move comes as lawmakers openly question whether U.S. Cyber Command, the nation’s premier cyber warfare unit, is hamstrung from responding to Russian meddling due to bureaucratic red tape. CyberScoop previously reported that multiple congressional committees are considering policies that could empower the military’s cyber mission.

But the push for change faces resistance from the intelligence community and several other federal agencies involved in cybersecurity.

Senior U.S. intelligence officials have expressed concerns over what rescinding the directive will mean for their own active computer spying missions. These covert operations, which are typically pursued by intelligence agencies like the CIA or NSA, could be exposed by the launch of “louder” disruptive-style attacks from the military. The presence of multiple hacking teams simultaneously targeting a single network often makes it easier for them all to be discovered by the victim.

Prior reporting by CyberScoop has shown that a long-running turf war exists between different federal agencies regarding the proper use of hacking tools in order to protect the homeland.

Even before Trump came to office though, the framework in question was considered a source of frustration inside the Pentagon.

Signed by President Barack Obama in 2012, the directive’s critics say that it was written in a confusing manner that leaves open-ended questions. In addition, critics tell CyberScoop that too many federal agencies are allowed to weigh in on proposed cyber operations, causing “even reasonable” plans to be delayed or outright rejected.

Insiders who are resistant to eliminating the directive admit that PPD-20 is flawed, but fear change because they’ve not seen a replacement plan.

“Better the devil you know, or something like that,” a former U.S. official said. “This is such a crucial decision because whatever comes next will dictate how arguments are settled inside government … you have the military on one side and the IC on the other.”

The NSC, CIA and Office of the Director of National Intelligence declined to comment. The NSA referred CyberScoop to U.S. Cyber Command, who in turn did not respond to a request for comment.

Currently, PPD-20 requires U.S. government agencies to run approvals for offensive operations through a chain of command that stretches across the federal government. The process is largely focused on controlling those operations that go beyond the confines of everyday digital espionage, or computer exploitation, to simply collect information.

According to PPD-20, if an operation is considered “of significant consequence,” it requires the direct blessing of the president in addition to the interagency group. Hacking operations that, for example, shut down a power grid or cause equipment to explode would fit into such a description. But experts say it also includes less flashy tactics like deleting data or corrupting software in a destructive manner.

“This directive pertains to cyber operations, including those that support or enable kinetic, information, or other types of operations,” PPD-20 reads. “The United States has an abiding interest in developing and maintaining use of cyberspace as an integral part of U.S. national capabilities to collect intelligence and to deter, deny, or defeat any adversary.”

After coming under scrutiny last month, outgoing NSA Director Adm. Michael Rogers told lawmakers that there’s an “ongoing policy discussion” about redrawing the regulations looming over military cyber operations. Unlike conventional military activities, the internet makes it difficult for policymakers to draw clear cut boundaries. This challenges also runs up against longstanding laws that underpin, and therefore divide, the work of soldiers and spies.

Historically, intelligence agencies — empowered by Title 50 of the U.S. Code — have led the way on U.S.-backed hacking that occur in countries like Iran or China; where armed conflict is absent. Military operations fall under the purview of Title 10 of the U.S. Code.

It’s not clear whether giving military leaders more leeway to conduct hacking operations will ultimately make those units more effective at their missions. The details surrounding these activities are always classified, which inhibits the public from having a substantive policy debate.

Ultimately, the decision to eliminate PPD-20 falls solely to the executive branch. Sources tell CyberScoop no final decision has been made.

What makes PPD-20 difficult to analyze is the fact that it remains a classified document, despite it being leaked by NSA whistleblower Edward Snowden. The classification means current officials are barred from publicly commenting on it.

Thomas Rid, a professor of strategic studies at Johns Hopkins University, said that Snowden’s PPD-20 leak was notable because it revealed the U.S. government’s thought process behind “the rise of unwanted norms caused by escalatory cyberattacks.”

“Reading between the lines, the framework acknowledges the negative effect on global cyber norms that events like Stuxnet can cause because of escalation,” said Rid.

Rid also believes the directive was “naïvely constructed,” relying too much on the idea that cyberattacks only impact other machines, and not people.

“When you look at what’s happened in 2016, and really since then, it makes the people who wrote PPD-20 seem like they don’t understand the current threat environment where Russia, and to some degree Iran, are combining active measures with cyber to change public perception,” he told CyberScoop. “Russia is basically kicking the U.S.’ ass.”