Senators bash Obama over cyber war policy

Senators bash Obama over cyber war policy
© Getty

Senators on Tuesday hammered the Obama administration, saying it lacks a coherent or fully formed cyber warfare policy.

“The administration’s cyber policy as a whole remains detached from reality,” Senate Armed Services Committee Chairman John McCainJohn Sidney McCainThese Senate seats are up for election in 2022 Redistricting reform key to achieving the bipartisanship Americans claim to want Kelly takes under-the-radar approach in Arizona Senate race MORE (R-Ariz.) said during a hearing.


“For years our enemies have been setting the norms in cyberspace while the White House sat idly by hoping the problem would fix itself," he added.

And the lack of planning could have disastrous results, including muddled responses to cyberattacks and poorly structured Defense Department cyber teams, several senators told National Security Agency Director Adm. Michael Rogers, who was testifying.

"If we don’t have a policy, how are we going to develop plans?” Sen. Deb FischerDebra (Deb) Strobel FischerOvernight Energy & Environment — Presented by ExxonMobil — Biden may get reprieve with gas price drop EPA proposes lowering past blending requirements for gasoline, rejecting waivers Overnight Defense & National Security — A new plan to treat Marines 'like human beings' MORE (R-Neb.) asked Rogers, who also heads the U.S. Cyber Command.

“Something terrible is going to happen and a lot of people are going say, ‘Why didn’t we have a policy?’” said Sen. Angus KingAngus KingEffort to overhaul archaic election law wins new momentum Manchin, Collins leading talks on overhauling election law, protecting election officials For 2022, the Senate must work in a bipartisan manner to solve the American people's concerns MORE (I-Maine).

In the 2014 Defense authorization bill, McCain tasked the Obama administration with developing such a cyber deterrence policy.

In December, “a year and a half late,” McCain said, the White House finally got back to the committee.

“The response reflected a troubling lack of seriousness and focus,” McCain said. “That kind of indecisiveness is antithetical to deterrence and our nation simply cannot afford it.”

The Armed Services chair pressed Rogers on his strategy for responding to a cyberattack, or for when a preemptive cyber strike is necessary.

“It seems to me these are policy decision that have not been made?” he asked. “Is that correct?”

“The way I would describe it is, we clearly still are focused more on” an “event-by-event” approach to cyber incidents, Rogers said.

Several senators, including James InhofeJames (Jim) Mountain InhofeOvernight Defense & National Security — White House raises new alarm over Russia Biden sparks confusion, cleanup on Russia-Ukraine remarks Republicans say Mayorkas failed to deliver report on evacuated Afghans MORE (R-Okla.), pointed to a Government Accountability Office (GAO) report released Monday that concluded the DOD has not clearly defined its own “roles and responsibilities for cyber incidents.”

Rogers agreed that greater clarification was needed, but had not yet read the report.

King, the Maine Independent, pressed the NSA head for details on when such detailed answers for these issues — “What is an act of war? What is a proportional response? What is a mutually assured destruction situation?” — might be in place.

“Sir, I don’t have a date for you,” Rogers replied, cautioning that he, as head of NSA and U.S. Cyber Command, is just one of many voices.

“I am part of those discussions,” he said, “I try to provide an input and just be one voice.”

Rogers stressed that his duty is to develop cyber capabilities and bolster his team's capacity.

U.S. Cyber Command is working to staff up 133 offensive and defensive cyber teams by 2018, a total of 6,200 staff.

On Tuesday, Rogers said he had 27 fully operational teams, 68 teams that had “attained initial operational capacity,” and nearly 100 that were conducting some form of cyberspace operations.

The full staff is on schedule to hit its 2018 target, he said.

Senators on both sides of the aisle expressed a desire to spin this growing cyber command out from under the NSA umbrella.

“I’m finding it harder and harder to justify you holding two jobs given the complexity,” King said, while complimenting Rogers on his ability to handle both roles.

Rogers cautioned that it was not yet time to take control of Cyber Command away from the NSA chief, noting that the unit was established six years ago to take advantage of NSA infrastructure.

“I agree in the long run,” Rogers said. “But the reality is we’re just not ready to do that today.”

But Rogers did say Cyber Command was ready to be elevated to a full, independent military command. It currently operates as a sub-unit of U.S. Strategic Command.

McCain and his committee’s top Democrat, Sen. Jack ReedJack ReedDefense bill sets up next fight over military justice  Ukraine president, US lawmakers huddle amid tensions with Russia Photos of the Week: Tornado aftermath, Medal of Honor and soaring superheroes MORE (R.I.), indicated they would likely make the push for elevation in the next Defense authorization bill.

“That would be my intention,” McCain said, turning to Reed for an agreement. “Right, Jack?”

“I think so, sir,” Reed replied. “But I think it’s valuable to have Adm. Rogers comments’ today.”

— Updated 9:53 a.m.