Senators bash Obama over cyber war policy

Senators bash Obama over cyber war policy
© Getty

Senators on Tuesday hammered the Obama administration, saying it lacks a coherent or fully formed cyber warfare policy.

“The administration’s cyber policy as a whole remains detached from reality,” Senate Armed Services Committee Chairman John McCainJohn Sidney McCainLessons of the Kamala Harris campaign Overnight Defense: Trump clashes with Macron at NATO summit | House impeachment report says Trump abused power | Top Dem scolds military leaders on Trump intervention in war crimes cases Top Armed Services Democrat scolds military leaders on Trump's intervention in war crimes cases MORE (R-Ariz.) said during a hearing.

ADVERTISEMENT

“For years our enemies have been setting the norms in cyberspace while the White House sat idly by hoping the problem would fix itself," he added.

And the lack of planning could have disastrous results, including muddled responses to cyberattacks and poorly structured Defense Department cyber teams, several senators told National Security Agency Director Adm. Michael Rogers, who was testifying.

"If we don’t have a policy, how are we going to develop plans?” Sen. Deb FischerDebra (Deb) Strobel FischerSenate approves stopgap bill to prevent shutdown Eleven GOP senators sign open letter backing Sessions's comeback bid Female lawmakers make bipartisan push for more women in politics at All In Together gala MORE (R-Neb.) asked Rogers, who also heads the U.S. Cyber Command.

“Something terrible is going to happen and a lot of people are going say, ‘Why didn’t we have a policy?’” said Sen. Angus KingAngus KingHillicon Valley: House passes anti-robocall bill | Senators inch forward on privacy legislation | Trump escalates fight over tech tax | Illinois families sue TikTok | Senators get classified briefing on ransomware Senators urge FERC to protect critical infrastructure from Huawei threats Senators sound alarm on dangers of ransomware attacks after briefing MORE (I-Maine).

In the 2014 Defense authorization bill, McCain tasked the Obama administration with developing such a cyber deterrence policy.

In December, “a year and a half late,” McCain said, the White House finally got back to the committee.

“The response reflected a troubling lack of seriousness and focus,” McCain said. “That kind of indecisiveness is antithetical to deterrence and our nation simply cannot afford it.”

The Armed Services chair pressed Rogers on his strategy for responding to a cyberattack, or for when a preemptive cyber strike is necessary.

“It seems to me these are policy decision that have not been made?” he asked. “Is that correct?”

“The way I would describe it is, we clearly still are focused more on” an “event-by-event” approach to cyber incidents, Rogers said.

Several senators, including James InhofeJames (Jim) Mountain InhofeRepublicans raise concerns over Trump pardoning service members Congress braces for chaotic December The job no GOP senator wants: 'I'd rather have a root canal' MORE (R-Okla.), pointed to a Government Accountability Office (GAO) report released Monday that concluded the DOD has not clearly defined its own “roles and responsibilities for cyber incidents.”

Rogers agreed that greater clarification was needed, but had not yet read the report.

King, the Maine Independent, pressed the NSA head for details on when such detailed answers for these issues — “What is an act of war? What is a proportional response? What is a mutually assured destruction situation?” — might be in place.

“Sir, I don’t have a date for you,” Rogers replied, cautioning that he, as head of NSA and U.S. Cyber Command, is just one of many voices.

“I am part of those discussions,” he said, “I try to provide an input and just be one voice.”

Rogers stressed that his duty is to develop cyber capabilities and bolster his team's capacity.

U.S. Cyber Command is working to staff up 133 offensive and defensive cyber teams by 2018, a total of 6,200 staff.

On Tuesday, Rogers said he had 27 fully operational teams, 68 teams that had “attained initial operational capacity,” and nearly 100 that were conducting some form of cyberspace operations.

The full staff is on schedule to hit its 2018 target, he said.

Senators on both sides of the aisle expressed a desire to spin this growing cyber command out from under the NSA umbrella.

“I’m finding it harder and harder to justify you holding two jobs given the complexity,” King said, while complimenting Rogers on his ability to handle both roles.

Rogers cautioned that it was not yet time to take control of Cyber Command away from the NSA chief, noting that the unit was established six years ago to take advantage of NSA infrastructure.

“I agree in the long run,” Rogers said. “But the reality is we’re just not ready to do that today.”

But Rogers did say Cyber Command was ready to be elevated to a full, independent military command. It currently operates as a sub-unit of U.S. Strategic Command.

McCain and his committee’s top Democrat, Sen. Jack ReedJohn (Jack) Francis ReedRepublicans raise concerns over Trump pardoning service members Overnight Defense: Trump clashes with Macron at NATO summit | House impeachment report says Trump abused power | Top Dem scolds military leaders on Trump intervention in war crimes cases Top Armed Services Democrat scolds military leaders on Trump's intervention in war crimes cases MORE (R.I.), indicated they would likely make the push for elevation in the next Defense authorization bill.

“That would be my intention,” McCain said, turning to Reed for an agreement. “Right, Jack?”

“I think so, sir,” Reed replied. “But I think it’s valuable to have Adm. Rogers comments’ today.”

— Updated 9:53 a.m.