As we get to work in the 116th Congress, increasing our nation’s ability to defend against cyberattacks remains a top priority in the Senate. During the last congress, I had the privilege to serve as chairman of the Senate Armed Services Subcommittee on Cybersecurity, first established in 2017 by the late Senate Armed Services Committee (SASC) Chairman John McCain (R-Ariz.). The creation of this subcommittee marked the first time in our nation’s history that a congressional committee or subcommittee was formed that is completely dedicated to cybersecurity.
The Subcommittee on Cybersecurity has primary jurisdiction over all cyber-related oversight and legislation for the Department of Defense. As malicious cyber threats continue to grow exponentially in both size and scope, the subcommittee’s oversight and legislative roles are critically important. For the past two years, the subcommittee’s oversight role has focused on developing a robust combat-ready Cyber Mission Force, as well as a strategy and policies that enable that force to respond rapidly and effectively. Now, more than ever, the U.S. defense strategy must include protecting our military and civilian infrastructure from cyberattacks.
While the U.S. military’s dominance in the air, land and sea domains is undeniable, the cyber domain has afforded bad actors — with much fewer resources and expertise than ours — the opportunity to inflict significant damage to American interests from thousands of miles away, with computers as their weapon. Adversaries with much less military power could damage the superior weapons systems we possess, potentially rendering them useless in conventional warfare.
A cyberattack on our civilian critical infrastructure – such as our electric grid, transportation system or financial system – could lead to devastating, irreversible economic damage as well as threaten the lives of Americans.
The importance of this infrastructure — nearly all in the private sector — highlights the need for the federal government to work closely with the private sector in coordinating its defense. Failing to coordinate efforts between the government and private sector creates significant cyber vulnerabilities.
The subcommittee’s work has resulted in legislation that has improved the Defense Department’s cyber efforts, both offensively and defensively. Most recently, the John S. McCain National Defense Authorization Act for Fiscal Year 2019 included a provision that confirms cyber operations as a traditional military activity even if the operation is conducted outside an active combat zone.
Prior to this important provision being signed into law, the Defense Department faced significant obstacles to conducting necessary cyber operations — the types of operations that our adversaries, and even our closest allies, have undertaken for years.
The Trump administration recently announced a major policy change that significantly boosted our nation’s cyber capabilities. President Trump rescinded Presidential Policy Directive (PPD) 20, an overly risk-averse policy from the last administration that virtually paralyzed the Defense Department’s ability to conduct major cyber operations, replacing it with the new, more agile policy directive, National Security Presidential Memorandum 13.
The 115th Congress’ oversight and legislative efforts, coupled with the Trump administration’s work in revising outdated policies, has greatly empowered U.S. Cyber Command to operate more efficiently and effectively in the cyber domain. We hope to continue making progress on cybersecurity over the next two years.