May 9, 2017–Sen. John McCain (R., Ariz.) complained today that the Trump administration had not met its self-imposed deadline of issuing a strategy for protecting U.S. interests and deterring adversaries in cyberspace. “We were hopeful that after years without any serious effort to develop a cyber deterrence policy and strategy by the last administration, the new administration promised one within 90 days of the inauguration,” Sen. McCain said during a hearing of the Armed Services Committee, which he chairs. “But 90 days have come and gone, and no such policy or strategy has been provided,” he said. “Our nation remains woefully unprepared to address these threats.”
Michael Rogers, commander of U.S. Cyber Command and director of the National Security Agency, told the committee that the “new team” was working on a plan. “And the check is in the mail,” Sen. McCain replied.
Sen. McCain suggested that the U.S. needed a dedicated cyber force, modeled on one recently created in the United Kingdom. The U.S. Coast Guard offers an “analog” to such a cyber force because it has authority to operate in multiple domains — U.S. territorial waters as well as international waters — to accomplish a multifaceted mission that combines civilian and military functions, he said. “The very fact that each agency of government believes that it is responsible for defending the homeland [in cyberspace] is emblematic of our dysfunction,” he said. “We have developed seams that we know our adversaries will use against us, yet we fail to summon the will to address these seams.”
Although CYBERCOM’s “cyber mission forces” will be fully staffed and operational by the fall of 2018, they will lack adequate tools and cyber weaponry to accomplish their mission, Sen. McCain added. “We’re headed down the path to a hollow cyber force.”
The committee’s ranking member, Jack Reed (D., R.I.), identified a related challenge: finding ways to counter the combination of cyber attacks and disinformation campaigns that U.S. intelligence officials believe Russia employed to meddle in the 2016 U.S. presidential election. “Our military cyber forces are almost exclusively focused on the technical aspects of cyberspace operations — such as detecting network intrusions, expelling intruders, and figuring out how to penetrate the networks of adversaries,” Sen. Reed said.
“The concern is that this focus misses the crucial ‘cognitive’ element of information operations conducted through cyberspace — those actions designed to manipulate perceptions and influence decision-making,” he said. “The scope of what we must defend against, and deter, is expanded, and the task takes on even greater urgency. In just a year’s time, we will be in election season once more, and the intelligence community has warned that Russia’s election interference is likely to be a ‘new normal,’” Sen. Reed warned.
“While our decentralized election system has been designated as critical infrastructure, we lack an effective, integrated, and coordinated capability to detect and counter the kind of ‘influence’ operation that Russia now routinely and continuously conducts. We do not yet have a strategy or capabilities to deter such actions through the demonstrated ability to conduct our own operations of this type,” he said.
Mr. Rogers acknowledged that CYBERCOM did not have the authority or skills to conduct influence operations. At the end of the Cold War, the U.S. dismantled and de-emphasized programs that were designed to counter foreign propaganda and has not reinstated them, he said. “We are not where we need to be,” Mr. Rogers said. “If information is truly going to become like a weapon, how are we going to optimize ourselves to deal with it?”
The committee’s cybersecurity subcommittee also is grappling with ways to counter cognitive warfare (TR Daily, April 27), and the subcommittee on emerging threats and capabilities is scheduled to hold a closed hearing tomorrow on “U.S. Special Operations capabilities to counter Russian influence and unconventional warfare operations” featuring Gen. Mark Schwartz, special operations commander for Europe. —Tom Leithauser, firstname.lastname@example.org