The 115th Congress marked the first time in our nation’s history that a congressional committee or subcommittee was formed that is completely dedicated to cybersecurity.
Two years ago, then-Senate Armed Services Committee Chairman John McCain, R-Ariz., established the Subcommittee on Cybersecurity, which continues to be supported by Chairman Jim Inhofe, R-Okla. This subcommittee has primary jurisdiction over all cyber-related oversight and legislation for the Defense Department.
I have the privilege of working as chairman of this subcommittee. As malicious cyber threats continue to grow exponentially in both size and scope, I take the subcommittee’s oversight and legislative roles very seriously. For the past two years, the subcommittee’s oversight role has focused on developing a robust combat-ready Cyber Mission Force, as well as a strategy and policies that enable that force to respond rapidly and effectively.
Now, more than ever, the U.S. defense strategy must include protecting our military and civilian infrastructure from cyberattacks.
While the U.S. military’s dominance in the air, land and sea domains is undeniable, the cyber domain has afforded bad actors -- with much fewer resources and expertise than ours -- the opportunity to inflict significant damage to American interests from thousands of miles away, with computers as their weapon.
We should expect our adversaries to use the cyber domain as an asymmetric avenue to attempt to level the battlefield and erode our military advantage. In other words, adversaries with much less military power could damage the superior weapons systems we possess, potentially rendering them useless in conventional warfare.
The Government Accountability Office recently released a report that warns of cybersecurity vulnerabilities in Defense Department weapons systems.
Outside the Defense Department, a cyberattack on our civilian critical infrastructure – such as our electric grid, transportation system or financial system – could lead to devastating, irreversible economic damage as well as threaten the lives of Americans.
The importance of this infrastructure -- nearly all in the private sector -- highlights the need for the federal government to work closely with the private sector in coordinating its defense. Failing to coordinate efforts between the government and private sector creates significant cyber vulnerabilities.
The subcommittee’s work has resulted in legislation that has improved the Defense Department's cyber efforts, both offensively and defensively. Most recently, the John S. McCain National Defense Authorization Act for Fiscal Year 2019 included a provision that confirms cyber operations as a traditional military activity even if the operation is conducted outside an active combat zone.
Prior to this important provision being signed into law, the Defense Department faced significant obstacles to conducting necessary cyber operations -- the types of operations that our adversaries, and even closest allies, have undertaken for years.
Earlier this year, the Trump administration announced a major policy change that significantly boosted our nation’s cyber capabilities. President Trump rescinded Presidential Policy Directive (PPD) 20, an overly risk-averse policy from the last administration that virtually paralyzed the Defense Department's ability conduct major cyber operations, replacing it with the new, more agile policy directive, National Security Presidential Memorandum 13.
The Trump administration has also released two important strategic plans called the National Cyber Strategy and the Department of Defense 2018 Cyber Strategy. Also, Gen. Paul Nakasone, Commander of U.S. Cyber Command, outlined in his commander’s vision the concept of defending forward. According to Nakasone, defending forward means operating “as close as possible to the origin of adversary activity … to expose adversaries’ weaknesses, learn their intentions and capabilities and conduct counterattacks close to their origins.”
The 115th Congress’ oversight and legislative efforts, coupled with the Trump administration’s work in revising outdated policies, has greatly empowered U.S. Cyber Command to operate more efficiently and effectively in the cyber domain. I look forward to working with the Defense Department to make sure Gen. Nakasone and U.S. Cyber Command have everything they need to defend forward, protecting the critical assets that Americans depend on.
While we have boosted the Defense Department’s cybersecurity posture over the last two years, we must remember that our cybersecurity requires a unified national effort by federal, state and local governments as well as the private sector. Only then can we adequately defend our nation by developing effective cybersecurity policies and responding quickly and effectively to cyber threats.