NSA declines to release presidential Cyber directive

The National Security Agency (NSA) said it will not publicly release a Presidential Directive document that would establish a broader set of standards that would guide federal agencies in confronting Cyber threats.

Presidential Policy Directive 20, first reported in the Washington Post on Nov. 14, was reportedly signed by president Obama in October and explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with electronic threats.

The Electronic Privacy and Information Center (EPIC), filed a Freedom of Information Act (FOIA) request to make the document public because it said the measure could expand NSA’s Cyber security authority. “Transparency is crucial to the public’s ability to monitor the government’s national security efforts and ensure that federal agencies respect privacy rights and comply with their obligations under the Privacy Act,” said EPIC’s request.

EPIC said that NSA denied the request on Nov. 21 arguing that it doesn’t have to release the document because it is a confidential presidential communication and contains information that is classified “Secret” and “Top Secret” by the agency. NSA said disclosure of the order could “reasonably be expected to cause exceptionally grave damage to the national security.”

The agency said EPIC could file an appeal with the NSA/Central Security Service denial and EPIC said it plans to do so. The privacy group said it is litigating similar FOIA requests with NSA, including the release of NSPD 54, a 2008 presidential directive setting out the NSA’s cybersecurity authority. The group called NSA a “black hole for public information about cybersecurity” in an official statement to Congress earlier this year.