NSA, Cyber Command nominee says Section 702 is ‘irreplaceable,’ weighs in on other topics

The Biden administration’s nominee to lead U.S. Cyber Command and the NSA offered his first public insights on controversial surveillance programs, encryption and other hot button cybersecurity issues.

Air Force Lt. Gen. Timothy Haugh, testifying alongside the White House’s pick to helm federal counterintelligence efforts, breezed through his inaugural confirmation hearing before the Senate Intelligence Committee on Wednesday. He will have to appear again before the Senate Armed Services Committee, which shares jurisdiction over Haugh’s nomination, sometime this month.

The first session focused largely on how Haugh would lead NSA, the world’s largest intelligence agency. Here are the highlights from the double-feature:

FISA

Senators on both sides of the aisle repeatedly ask Haugh for his opinion on an expiring surveillance law the administration is campaigning to renew. The law, Section 702 of the Foreign Intelligence Surveillance Act, protects the U.S. from foreign-based cyberattacks and yields intelligence to address an array of national security threats.

“In my experience it’s absolutely essential,” Haugh said. “It is extensively used and it is an irreplaceable authority for the intelligence community.”

He later added that 100% of the items in the president’s daily brief — a high-level collection of analysis provided to the commander-in-chief everyday — that have input from signals intelligence possess 702 “reflections” in them.

However, the current Cyber Command deputy chief asked to come back to the panel to discuss the specific processes for how the agency adheres to the law and safeguards personal privacy of American citizens.

Sen. Martin Heinrich (D-NM) noted that in his pre-hearing answers to the panel Haugh “largely deferred” to current leadership and claimed “limited familiarity” with the compliance regime.

“I have to say, I don't view that answer as good enough. I'm disappointed,” Heinrich said.

“I absolutely agree with you that this is the priority issue in terms of being able to understand to a granular level of detail how this is conducted. If confirmed, this is my first priority, to be able to understand that,” Haugh said.

Encryption

Sen. Ron Wyden (D-OR), one of the chamber’s chief privacy hawks, pressed Haugh to vow that the electronic spying agency would not seek to insert backdoors into devices or software or otherwise seek to weaken encryption technology.

Encryption is “critical to defend our national security systems and our weapon systems,” Haugh said. “If confirmed, we will not weaken encryption for Americans.”

Wyden replied: “That's an important statement. So on your watch, encryption is going to be preserved?”

“Yes, senator.”

Ukraine

Russia has “certainly used a number of cyber capabilities against Ukraine” since Moscow’s invasion last year, according to Haugh.

Policymakers have long wondered about the absence of massive Russian cyberattacks on Ukraine they believed would accompany any military invasion by Moscow.

Haugh said Kyiv “gets great credit” for partnering with the U.S. public and private sector and other NATO allies to make its networks more resilient against digital attacks.

Those “continue today. And we would expect that Russia will continue to use every cyber capability that they have as part of their unlawful conflict and wherever we can provide assistance, we should continue to do that.”

Sen. Angus King (I-ME) speculated the Russians “were afraid of Paul Nakasone,” the current head of Cyber Command and NSA, who pushed the concept of “Defend Forward” to counter adversary behavior as close to the source as possible.

“We need to engage our adversaries if they're conducting activities that are malign and have a negative influence, negative impact on the national security of the United States or negative impact on our allies and partners,” Haugh said.

Dual hat

Haugh demurred at the idea that he would need new authorities if confirmed to take the reins of both agencies. An interagency review by the Biden administration of a Trump-era directive, dubbed National Security Presidential Memoranda 13, defined Pentagon authorities to conduct time-sensitive military operations in cyberspace.

“In my experience, there is really good alignment between the law and what has been produced by the Congress by our national policy and by the authorities that have been given to U.S. Cyber Command the National Security Agency,” he told lawmakers.

That then “allows complimentary action.”

Security

The NSA has been no stranger to major security breaches, going back to the secrets shared by former agency contractor Edward Snowden a decade ago.

Haugh promised to “review all of our current processes and ensure that, from a National Security Agency perspective, we're doing everything we can” to prevent such incidents.

The spy agency also will “partner with the rest of the national security community and the intelligence community to ensure that we're sharing what we believe are best practices.”