Around the horn with the head of U.S. Cyber Command
U.S. Cyber Command chief Gen. Paul Nakasone made a pair of appearances before House and Senate lawmakers on Tuesday, offering insights on the latest digital threats to the nation and how his agency is adapting to meet them.
Nakasone — who also heads the National Security Agency — provided testimony about the command’s work on several fronts to the Senate Armed Services Committee and the House Armed Services cyber subpanel, including additional details about Cyber Command’s efforts to support Ukraine against Russia’s invasion.
But the four-star Army general also weighed in on a number of cybersecurity topics. Here are the highlights from the double-feature:
Cyber ops. House and Senate lawmakers pressed Nakasone on the potential impact of a reported interagency review by the Biden administration of a Trump-era directive, dubbed National Security Presidential Memoranda 13, that defined Pentagon authorities to conduct time-sensitive military operations in cyberspace.
“We would take a look at any changes, obviously, and we will adjust to those changes. But significant changes to that NSPM, it could affect what we need to do,” Nakasone told senators.
He later told House members he expected discussion about the document to continue. “I know that in my discussions with the undersecretaries, and also the secretaries, I've made my military knowledge known in terms of what NSPM-13 has meant to us.”
For their part, lawmakers in both chambers argued against tweaking the framework.
Sen. Angus King (I-Maine) said substantial changes “would be a grave mistake … It would undermine deterrence at the worst possible moment." King, along with his Cyberspace Solarium Commission co-chair Rep. Mike Gallagher (R-Wisc.), sent a letter to President Joe Biden expressing concerns about possible revisions.
Rep. Jim Langevin (D-R.I.) said he believed the memorandum “has improved the nation's ability to conduct operations in cyberspace.”
Appearing alongside Nakasone in the House, Dr. John Plumb, the Defense secretary’s incoming principal cyber advisor, said the directive “has made important and positive contributions to the department's ability to engage'' cyber threats but also defended reexamining it.
“I don't think it's unreasonable or new for a new administration to review existing presidential directives,” he said, before declining to comment on if he expected any shakeups. “I don't want to box anybody in on that. I'm not expecting any changes that would make things anything except better.”
Social media. Testifying in the Senate, Nakasone backed the idea of creating a “social media data threat analysis center” — something called for in the last couple defense policy bills — but with caveats. “Based on my experience, watching two different election cycles and the work of our adversaries attempt to garner greater influence, I think such a center would be helpful,” he said.
“Here's what the center really needs to do, though. It needs to be able to look at all the full spectrum of operations of what our adversaries are doing. What are the tactics? What are the tradecraft? What are the procedures that they are doing?” he added.
“The second piece is, what would probably be most helpful is this center being outside the government, federally-funded research center or perhaps another center that is obviously in support that's able to attract the talent and remains very, very vibrant and dynamic in its approach," according to Nakasone.
Growing pains. Nakasone predicted his command’s Cyber Mission Force — a host of around 6,200 personnel pulled from the military branches and divided into 133 teams — will grow beyond the 14 teams he has already been approved to add in the next few years.
The new teams are a “down payment on a broader force that's going to be necessary for the nation,” he told the Senate Armed Services panel.
The Pentagon is currently in the midst of an extensive force structure assessment of the CMF to determine if it’s properly sized. “My sense is we are learning a tremendous amount of our operations right now in support of the crisis in the Ukraine, that will likely inform this. We're a different force today than we were even four years ago when I took over,” Nakasone told the House subcommittee.
If they're in such a hurry, where’s the Russia? Senate lawmakers once again asked the Cyber Command chief about the absence of massive Russian cyberattacks on Ukraine that policymakers believed would accompany any military invasion by Moscow.
“We're not out of Ukraine yet,” Nakasone warned. “Our position right now is one of vigilance.”
He suggested the Kremlin’s digital activity may be linked to a “series of assumptions they may have made” about the overall ease of the assault on the neighboring country, as well as Ukraine’s defensive capabilities — which the U.S. has helped to strengthen.
“Thirdly … just a realization that a lot of times these are very, very difficult attacks to be able to conduct,” Nakasone said.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.