The White House has raised objections to a cyber provision in the House of Representatives’ version of the annual defense policy bill that requires the Secretary of Defense to notify Congress within 15 days anytime leaders delegate specific authorities for military cyber operations.
A statement of administration policy released July 9 said such language could hinder operations, interfere with established processes for military cyber operations and violate the president’s constitutional prerogative to not disclose privileged information.
“The Administration strongly objects to this provision, as it would require the Secretary of Defense to provide Congress with operationally sensitive documents regarding authorities delegated by the President to the Secretary for military operations in cyberspace, including execute orders, a list of countries in which such authorities might be exercised, and defined military objectives for the use of such authorities,” the statement read.
Since President Donald Trump took office, the Pentagon has undergone several changes with the way cyber authorities are approved.
Leaders at U.S. Cyber Command have used new authorities to conduct more cyberspace operations in the last few months than in the previous 10 years, senior Department of Defense officials said.
While some have come from Congress the White House’s primary move was rescinding the Obama administration’s process for approving cyber operations, which many in the national security community considered to be too restrictive and onerous. The new guiding document, known as National Security Presidential Memorandum (NSPM) 13, allows the president to delegate certain cyber authorities to the Secretary of Defense for particular cyber missions. The document remains classified.
Under the old process, the president had to approve all cyber operations that occurred off U.S. networks.
Given these changes in policy, Congress wanted to better understand the approval process for operations.
“Because there’s been such an evolution over the last year in guidance from the White House on cyber ops, I think members want to be able to understand what’s been delegated as it’s delegated, not just whether an operation occurs,” a House Armed Services Committee staffer told reporters in June regarding the provision.
The staffer added that this provision was not tied to a specific lack of communication from the executive branch, but was one of a series of maturation in oversight.
The first draft of the annual House defense authorization bill has several provisions aimed at understanding DoD's new cyber posture.
“There have been significant policy evolutions over the course of the last year; strategy, policy and there were a lot of authorities in last year’s [National Defense Authorization Act]. So the Chairman’s guidance to us was to mature the committee’s oversight framework for oversight operations,” the staffer said. The chairman in question here is Rep. Jim Langevin, D-R.I., who leads the HASC’s intelligence and emerging threats and capabilities subcommittee, which oversees cyber operations.