Rep. Don Bacon on cyber deterrence: ‘Speak softly and carry a big-ass stick’

Rep. Don Bacon began his tenure leading the House Armed Services cyber and innovation subcommittee at an unusual time.

The five-term Nebraska Republican got the gavel last year, just as policymakers were readying to take up their annual defense policy bill. Despite the late start, and a thin congressional calendar, the final measure included several cybersecurity provisions.

Bacon, who served as an Air Force colonel and one-star general alongside now U.S. Cyber Command and National Security Agency chief Timothy Haugh, has further settled into the role. 

Last month he sent a letter to Defense Secretary Lloyd Austin, pressing him on the agency’s response to the China-linked Salt Typhoon hacking campaign. The missive — not previously reported — also asked details on the effort to revamp Cyber Command, known as “Cyber Command 2.0.”

Recorded Future News sat down with Bacon late last week in his Capitol Hill office to talk about his goals for the subcommittee, the state of DOD innovation, and the future of Cyber Command — as well as the possibility of a Cyber Force.

This conversation has been edited for length and clarity.

Recorded Future News: What are your priorities for the cyber and innovation subcommittee?

Don Bacon: China is eating our box lunch right now. We caught them trying to get into our infrastructure and now we had this latest news that they're in our cell phone networks — probably still are. 

I want to push the attitude that we’ve got to regain deterrence, and we're going to do that through Cyber Command. I want to get us to be more aggressive and make China pay a price for what they're doing right now.

On the electronic warfare (EW) side, because we were dominant after the Gulf War, EW became expendable, and so we sort of walked away from it. What I've learned is, if you're such a dominant country, you don't really need EW; if you're in a tough fight, you’ve got to have EW. Now we're back to a tough fight, and we have to regain this structure and mindset that we had in the Cold War for EW.

My third agenda item is, it takes too long now for the military to buy commercial, high-end software applications. There's a lot of great capabilities out there but people don't want to wait three years to get paid and we can't wait three years to get the stuff we got. We’ve got to be able to get this stuff right now and those companies want to be paid right now. We have to build an acquisition system that is tailored for commercial technologies.

Those are the three priorities that I want to bring forward. I'm willing to have more. I work with the staff. I work with our members and I want to include the Democrats. I'm a bipartisan guy, so we may be able to grow upon that.

RFN: On deterrence, should the Pentagon and Cyber Command boast about foreign targets that have been hit? 

DB: I’d rather China not know when it’s going to happen. They'll know it, but they need to feel the pain because they're doing it to us. China's attacking the crap out of us every day.

We’ve got to restore deterrence, broadly, but clearly in cyber. I don't know whether you’ve got to brag about it. If you do, it's seldom. It's better to speak softly and carry a big-ass stick. 

RFN: What’s your view of Cyber Command and its capabilities today?

DB: We're going down the right direction.

I know some people want to see a separate service. I'm not sold on it. I would say, with the information I have right now, I don't think it makes sense to create a seventh service.

I think the [Special Operations Command] model should be what Cyber Command’s looking at. It's not a separate service but it's combatant command and the services put into it. It also has its own acquisition authorities. That's the direction we're going and I think Cyber Command sees it that way too.

"I’d rather China not know when it’s going to happen. They'll know it, but they need to feel the pain because they're doing it to us. China's attacking the crap out of us every day."

I like having a dual hat because I've been in cyber enough to know that those cyber teams are predominantly NSA guys with some cyber offensive guys fit in. You can't have NSA and Cyber Command going like this; they’ve got to have a common direction. You can only get that by having one four star, having the two three stars executing that four star’s vision. If you have two four stars, it's going to be personality-dependent. 

RFN: I reported that some in the Trump transition want to cleave the dual-hat. Is that something you could address in this year’s annual defense policy bill?

DB: I don't know. They’ve got to tell me why they would want two four-stars. Lots of people want to make change but I'm not into changing something just to change something. 

What do you want to fix? And does it? I think this would create more problems than it would fix.

I don't think some of these guys understand that the majority of Cyber Command's operations start with the NSA. Before you can attack a target, you’ve got to know a target, and you can only know that target through NSA. It seems to me that somebody has to make a case for it, but for people that don't know the operation two four-stars make sense, but, to me, that means I don't know that they really know that operation inside and out like they should.

I'm just one voice on this in the Armed Services Committee, but I'll try to speak up vigorously for what I believe on that. I could get run over but I think our committee is pretty good on this issue.

RFN: What are your thoughts on Cyber Command 2.0?

DB: I’ll examine it and I’ll examine it in good faith. These guys are trying to do things in good faith. I know General Haugh. He's a good guy. I disagree with some of the decisions made at the SecDef level, like on Afghanistan and things like that. But I think these guys are good Americans, so I'll read it without a suspicious side. I would like to know what's in it, so we can make sure we're doing the right things in the subcommittee.

RFN: Are there other parts for the Pentagon’s IT and cyber ecosystems you want to dive into?

DB: I didn't really realize how big of a deal this IT innovation thing is. 

You find out we have all those private companies that are producing technology at a higher level than DOD. For most of DOD’s existence, DOD led the private sector, but now it's the other way around. 

How do you harness this better technology that's outside of DOD? And you got to get it right now. You got to pay for it right now. But that goes against all the models and all the culture of DOD that's been there for decades and decades. It's just hard to change it but we’ve got to change it.