Written by Suzanne Smalley
Cyberspace Solarium Commission co-chair Rep. Mike Gallagher lambasted the White House on Wednesday, saying the decision to give the State Department more ability to weigh in on certain cyber operations “risks undermining our national security”.
Gallagher, a Republican from Wisconsin, made his remarks in response to a CyberScoop report citing two sources familiar with discussions between the White House and the State and Defense Departments. The White House brokered a deal that would bring the State Department back into decision-making on cyber operations, curtailing the unprecedented powers the Defense Department gained in the Trump administration under a policy known as the of National Security Presidential Memorandum-13 (NSPM-13).
As part of the compromise, the State Department would have an increased ability to oversee cyber operations involving third countries. For example, if a Russian cyber operation relied on a server in France, the State Department would now have more visibility into the decision to conduct a cyber operation there and would decide if and how to notify the French government.
Gallagher argued that anything that slows down US Cyber Command is dangerous in a world where cyber operations are conducted at lightning speed.
“The age-old military principles of delegation and accountability were well balanced in NSPM-13 and administration efforts to withdraw delegation and provide additional interagency oversight and input midway through the execution phase risk undermining our national security,” Gallagher said in his statement. “It also flies in the face of all of the feedback from our warfighters that adversary cyber operations are proceeding with extraordinary speed that is testing our ability to defend ourselves.”
Gallagher and his Cyberspace Solarium Commission co-chair, Senator Angus King, an independent from Maine, have previously warned against revising NSPM-13. Those comments came in response to CyberScoop reporting that the Biden administration planned to reduce the powers granted to Defense under the policy, which was released in 2018.
“Any effort to modify and possibly weaken NSPM-13 signals to our adversaries a lack of credible will to employ offensive cyber capabilities that undermines the credibility of our deterrent force,” King and Gallagher wrote in a letter from April to President Biden.
State Department and Obama White House alumni say there was a need to bring the state back into cyber operations decision-making. They say allies have been unhappy with US Cyber Command operations that fall within their borders, especially when not given advance warning.
Diplomatic risk and norm-setting compel the United States to involve agencies beyond the Department of Defense when performing cyber operations, according to Michael Daniel, cybersecurity coordinator with Council staff National Security Officer in the Obama White House and now President and CEO of the Cyber Threat Alliance.
“What the United States is doing, every other country can say they have the right to do as well,” Daniel told CyberScoop in an email.