17 July 2019

Are Congress and the White House on a collision course in cyber?

Mark Pomerleau

Despite a long list of grievances and conflicts that exist between the legislative and executive branch under President Donald Trump, cyber policy has largely been spared from ongoing tension; that is, until recently.

Lawmakers have not seen documents governing the administration’s process for gaining approval for cyber operations outside U.S. networks, prompting them to write to the administration and others threatening to compel the documents delivery.

The classified process, known as National Security Presidential Memorandum (NSPM) 13, rescinds Obama administration-era rules and allows the president to delegate certain cyber authorities to the Secretary of Defense for particular missions.

The process went into effect nearly a year ago.


“Congress has a vital role to play in ensuring any offensive cyber operations do not inadvertently undermine that stability and reflect our commitments to responsible state behavior in this new domain,” Rep. Jim Langevin, D-R.I., chairman of the House Intelligence and Emerging Threats and Capabilities Subcommittee said in a June 10 statement.

“Unfortunately, the White House has continually stymied our attempts to conduct this constitutionally protected oversight, refusing to provide important policy documents that took effect nearly a year ago.”

The Wall Street Journal first reported on the administration’s stonewalling of documents.

The Journal reported that Langevin, along with his committee’s ranking member Elise Stefanik, R-N.Y., and the full Armed Services Committee chairman and ranking member — Adam Smith, D-Wash., and Mac Thornberry, R-Texas, respectively — wrote a letter to the administration in February expressing concern that the documents have not been provided to Congress.

Langevin noted that while he agrees with the administration’s “more forward-leaning [cyber] posture … it is unacceptable that the White House continues to stonewall our attempts to oversee sensitive operations.”

“Defending our nation in cyberspace requires close collaboration between the legislative and the executive branches, and I am deeply disappointed that the president refuses to work with us on this vital issue.”

He said he expects the documents to be provided immediately, otherwise Congress will seek to require the administration to provide them by law.

Also this week, the administration issued a statement of policy objecting to a provision in the pending House version of the annual National Defense Authorization Act requiring the Secretary of Defense to notify Congress within 15 days anytime leaders delegate specific authorities for military cyber operations.

The White House has reservations about disclosing when it delegates cyber authorities to the Secretary of Defense.

Langevin also proposed an amendment to the defense policy bill, which passed July 11, requiring the administration to provide Congress with documents related to DoD cyber operations no later than 30 days following the bill’s enactment into law.

To date, one of the other major flashpoints between the administration and Congress on the cyber front has been the elimination of critical cyber positions within the White House.

The administration has done away with the position of cyber coordinator in May 2018, which was a position designed to orchestrate the government’s efforts on cybersecurity.

“It’s frankly mind-boggling that the Trump administration has eliminated the top White House official responsible for a whole-of-government cyber strategy, at a time when the cyberthreat to our nation is greater than ever,” Sen. Mark Warner, D-Va., vice chairman of the Senate Intelligence Committee, said at the time.

“Our adversaries are investing heavily in 21st century cyberwarfare capabilities, and if we only view national security through a conventional 20th century lens, we’re going to find ourselves unable to respond to increasingly asymmetric cyberthreats down the road.”

No comments: