Cyberspace Solarium Commission Co-Chair Rep. Mike Gallagher lambasted the White House Wednesday, saying the decision to give the State Department more ability to weigh in on some cyber operations “risks undermining our national security.”
Gallagher, a Wisconsin Republican, made his remarks in response to a CyberScoop report citing two sources familiar with the discussions between the White House and the State and Defense departments. The White House brokered a deal that would bring the State Department back into the decision-making process on cyber operations, paring back unprecedented authorities the Defense Department gained in the Trump administration under a policy known as National Security Presidential Memorandum-13 (NSPM-13).
As part of the compromise the State Department would have an enhanced ability to oversee cyber operations involving third-party countries. For example, if a Russian cyber operation relied on a server in France, the State Department would now have more of a window into the decision to conduct a cyber operation there and weigh in on whether and how to notify the French government.
Gallagher contended that anything that slows down U.S. Cyber Command is dangerous in a world where cyber operations are conducted with lightning speed.
“The time-honored military principles of delegation and accountability have been well balanced in NSPM-13 and efforts by the Administration to pull back the delegation and provide additional oversight and interagency input in the midst of the execution phase risks undermining our national security,” Gallagher said in his statement. “This also flies in the face of every comment by our warfighters that adversary cyber operations are happening at an extraordinary speed that challenges our ability to defend ourselves.”
Gallagher and his Cyberspace Solarium Commission Co-Chair Sen. Angus King, an Independent from Maine, previously cautioned against revising NSPM-13. Those comments came in response to CyberScoop reporting that the Biden administration was planning to pare back the authorities given to Defense under the policy, which was issued in 2018.
“Any effort to alter and possibly weaken NSPM-13 signals to our adversaries a lack of credible willingness to use offensive cyber capabilities which undermines the credibility of our deterrent,” King and Gallagher wrote in an April letter to President Biden.
State Department and Obama White House alumni assert that it was necessary to bring State back into the cyber operations decision-making process. They say that allies have been displeased by U.S. Cyber Command operations that fall within their borders, particularly when they are not notified in advance.
Diplomatic risk and norm setting require the U.S. to involve agencies beyond the Defense Department when executing cyber operations, according to Michael Daniel, the cybersecurity coordinator on the National Security Council staff in the Obama White House and now the president and CEO of the Cyber Threat Alliance.
“What the U.S. does, every other country can argue it has a right to do as well,” Daniel told CyberScoop in an email.