Following a months long battle, the White House has made available to members of Congress classified documents that describe the approval process for conducting offensive cyber operations outside the United States.
Lawmakers, particularly within the House and on both sides of the aisle, have pushed the administration to provide these documents and stressed that reviewing them is essential for oversight. The effort has been led primarily by Rep. Jim Langevin, D-Rhode Island.
“Congress has a vital role to play in ensuring any offensive cyber operations do not inadvertently undermine that stability and reflect our commitments to responsible state behavior in this new domain,” Langevin, who chairs the Intelligence and Emerging Threats and Capabilities subcommittee, said in a July 10 statement. “Unfortunately, the White House has continually stymied our attempts to conduct this constitutionally protected oversight, refusing to provide important policy documents that took effect nearly a year ago.”
The document, National Security Presidential Memorandum 13 (NSPM-13), replaced an Obama administration-era process, which required presidential approval for offensive and defensive cyber operations outside U.S. networks.
NSPM-13, is essentially the process by which the government makes decisions to gain approval for offensive and defensive cyber effects operations and can be associated with any department or agency, although it mostly revolves around DoD operations.
As Fifth Domain reported last week, the House Armed Services Committee this week had an opportunity to review the new document for the first time.
After reading the materials, Langevin said in a statement to Fifth Domain, that he is pleased with the oversight but was dismayed at how long it took to view the document, which was created in 2018.
“Having reviewed the relevant National Security Presidential Memorandum, I am now more confident that the necessary checks are in place to ensure that our actions in cyberspace contribute to stability of the domain rather than undermining it,” Langevin said. “I remain deeply disappointed that it took over 17 months for the Administration to provide documents needed for Congress to conduct oversight … However, I will continue to press the Administration for meaningful metrics for success that go beyond simply the number of operations conducted so that Congress can be sure we continue to strike an appropriate balance with our more forward-leaning posture.”
In July, the HASC’s ranking member explained the commitee sent the White House a bi-partisan letter to review the relevant documents.
“On a bipartisan basis some of us sent a letter to the Trump administration demanding that they share with, at least some of the leadership on the Armed Services Committees, the rules of engagement for certain cyber contingencies,” Rep. Mac Thornberry, R-Texas, said at the time. “The Obama folks did give us that information, the Trump people changed it, but then they were reluctant to show us. We had to go all the way to the White House counsel, but he has come back and said, ‘OK, we will follow that precedent.’”
Given the lack of cooperation from the administration, Congress mandated the White House provide the legislative body with the relevant documents 30 days after the enactment of the National Defense Authorization Act, which was signed into law at the end of last year.
Spokespeople from other leaders on the House Armed Services committee did not respond to request for comment.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.