A bipartisan group of senators is pressing President Trump to issue a national strategy for deterring malicious activity in cyberspace “as soon as possible,” accusing successive administrations of not giving enough urgency to the issue.
“The lack of decisive and clearly articulated consequences to cyberattacks against our country has served as an open invitation to foreign adversaries and malicious cyber actors to continue attacking the United States,” the senators wrote in the letter, obtained by The Hill. [Read the senators' letter below.
“The United States has failed to formulate, implement, and declare a comprehensive cyber doctrine with an appropriate sense of urgency,” they wrote. “We urge you to end this state of inaction immediately.”
The letter was spearheaded by Sen. Martin Heinrich (D-N.M.). It is signed by Sen. Mike Rounds (R-S.D.), who chairs the Senate Armed Services subcommittee on cyber, as well as Sens. Lindsey Graham (R-S.C.), Angus King (I-Maine), Jeanne Shaheen (D-N.H.), Dan Sullivan (R-Alaska), Richard Blumenthal (D-Conn.), Tim Scott (R-S.C.), Kirsten Gillibrand (D-N.Y.), Ben Sasse (R-Neb.), Tim Kaine (D-Va.), Gary Peters (D-Mich.), Elizabeth Warren (D-Mass.) and Mazie Hirono (D-Hawaii).
Lawmakers have taken issue with both the Obama and Trump administrations for failing to develop a comprehensive strategy for deterring and responding to malicious behavior in cyberspace.
In order to press the executive branch on the issue, Congress inserted language into recent iterations of annual defense policy legislation directing the president to develop a cyber deterrence strategy.
President Trump strongly objected to a provision in the current National Defense Authorization Act (NDAA) requiring him to develop a national cyber policy, though he ultimately signed the bill.
“In congressional hearings over the course of several years, we have heard numerous government officials across party lines from the Department of Homeland Security, the Department of Defense, the State Department, and the National Security Agency each point to the White House when answering which government entity is in charge of formulating our nation’s cyber doctrine,” the lawmakers wrote Wednesday. “To date, despite a rapid increase in cyber activity by both nation-states and non-state actors, no cyber deterrence strategy has been announced.”
The issue came up most recently at a Senate Armed Services Committee hearing on worldwide threats that featured extensive discussions between lawmakers and top intelligence officials on cyber threats.
Director of National Intelligence Dan Coats, in response to questions from Rounds at the hearing Tuesday, acknowledged that the government has not developed a comprehensive cyber policy.
“I don't think the progress has been made quick enough to put us in a position where we have a firm policy and understanding, not only ourselves, but what our adversaries know relative to how we're going to deal with this,” Coats said, noting that it will take a “whole-of-government” effort.
Coats also told Heinrich that he could not give a “specific date” on when lawmakers could expect a cyber strategy from the new administration. He said there had been “ongoing discussions” on the issue within the executive branch.
The lawmakers on Wednesday asked Trump for an immediate update on the status of the policy, including a timeline on its completion.
White House cybersecurity coordinator Rob Joyce was copied on the letter.
“A strong cyber doctrine by the United States government would serve as a deterrent, which is not only necessary, but critical to our nation’s survival in the digital age,” the senators wrote.
They cited cyber threats to U.S. critical infrastructure as well as “state-sponsored disinformation” targeting the electoral process – an apparent reference to Russian interference in the 2016 presidential election.