The head of U.S. Cyber Command told lawmakers Feb. 27 he has not received authority from the White House or the Secretary of Defense to carry out operations to disrupt future Russian cyber attacks on U.S. elections.
Adm. Mike Rogers, who also leads the National Security Agency, informed members of the Senate of the Senate Armed Services Committee (SASC) that his command’s National Mission Forces have prepared plans to disrupt Russian interference capabilities from the source but the President has not given direction to the Secretary of Defense carry them out.
“It’s probably fair to say that we have not opted to engage in some of the same behaviors that we are seeing,” Rogers said during the Feb. 27 hearing. “I would need a policy decision that indicates that there’s specific direction to do that. The president would ultimately make this decision.”
Cyber Command was elevated to a unified combatant command in August 2017 to organize its operational cyber structure, but lawmakers pressed Rogers on his ability utilize the necessary responsibilities to protect U.S. election systems from Russian interference.
Intelligence community reports have previously confirmed Russian attempts at implementing disinformation campaigns to influence the 2016 U.S. presidential election, and the Department of Homeland Security has confirmed that at least 21 states faced hacking attempts of their voting infrastructure
“Essentially, we have not taken on the Russians yet. We’re watching them intrude on our elections, spread misinformation, become more sophisticated, try to achieve strategic objectives you’ve recognized, and you’re essentially sitting back and waiting,” SASC Ranking Member Sen. Jack Reed (D-R.I.) said.
Rogers believes policy discussions are needed to sort out how the Department of Homeland Security, which oversees election systems as a critical infrastructure, can utilize the cyber intelligence that his forces collect.
“I’m trying to generate insights and knowledge now that help inform this with a readiness to, if directed, potentially do more,” said Rogers, who reiterated that he hasn’t fully considered election systems as a cyber target.
Sen. David Perdue (R-Ga.) pressed Rogers on Cyber Command reining in these authorities despite election systems falling under DHS and state officials’ purview. Perdue cited this as a critical reason for SASC’s concern that election systems remain vulnerable, and wants to see Cyber Command assess the capabilities being used to protect voting infrastructure.
Unlike other countries, the U.S. cyber security components are split among different agencies or defense posts, which may leave certain defense responsibilities spread thin, according to Reed.
“While our adversaries are freely conducting information operations, Cyber Command is still predominantly designed to conduct technical operations to either defend or attack computer systems. It is not built to deal with the content of the information flowing through cyberspace,” Reed said. “Cyber Command must also focus on the strategic level of engagement, not just the operational tactical support or to engage forces.”
Rogers also reiterated that he does not believe the Russians have been deterred from attempting future disinformation campaigns, either by a lack of sanctions or strategies to restrict their ability to carry out interference campaigns. .
“They haven’t paid a price, at least, that has significantly changed their behavior,” Rogers said.
The White House responded following the SASC hearing, pointing to the administration’s consideration of a variety of options to diminish foreign interference in the next election cycle.
Sarah Huckabee Sanders, the White House press secretary, cited DHS Secretary Kirstjen Nielsen’s recent meetings with state election officials to address vulnerability issues and a new $40 million DoD and State Department initiative to fund pilot projects to counter disinformation campaigns.
“Nobody is denying him the authority. We’re looking at a number of different ways that we can put pressure,” Sanders said during the Feb. 27 afternoon briefing. “We’re focused on looking at a variety of different ways. We’re looking at number if different options and we’re going to continue doing that over the coming weeks.”
The White House previously announced on Jan. 29 that it would not be imposing sanctions on Russia, passed by Congress in July 2017.
Direction to carry out offensive cyber campaigns on Russian cyber components would have to come from the Secretary of Defense at the president’s discretion, according to Rogers.
Sen. Bill Nelson (D-Fla.), chairman of SASC’s cyber subcommittee, said lawmakers have requested that Secretary of Defense James Mattis take steps to consider the offensive cyber options available from Cyber Command.
“Let the record reflect that we have written to the Secretary of Defense, Feb. 6, and would appreciate an answer,” Nelson said during the hearing.
Rogers is set to retire from his post later the spring.
Lt. Gen. Paul Nakasone, commander of Army Cyber Command, has been nominated for the position and his confirmation hearing is set for March 1.
The co-chairs of the Congressional Task Force on Election Security, Reps. Bennie Thompson (D-Miss.) and Robert Brady (D-Pa.) released a statement following Rogers’ hearing calling on the president to direct Cyber Command to counter Russian election interference.