Bipartisan Senators: Our Country Needs A Cyber Deterrence Strategy

WASHINGTON, D.C. -  Today, U.S. Senator Martin Heinrich (D-N.M.), led a group of bipartisan Senators on the Senate Armed Services Committee urging the completion and announcement of our nation’s cyber deterrence strategy. 

In a letter to President Trump, the senators emphasized the urgent need for a cyber deterrence strategy, stating, “The lack of decisive and clearly articulated consequences to cyber-attacks against our country has served as an open invitation to foreign adversaries and malicious cyber actors to continue attacking the United States.”

In congressional hearings over the course of several years, numerous government officials across party lines from the Department of Homeland Security, the Department of Defense, the State Department, and the National Security Agency each point to the White House when answering which government entity is in charge of formulating the nation’s cyber doctrine. To date, despite a rapid increase in cyber activity by both nation-states and non-state actors – and although a cyber-deterrence strategy has been required by the FY 2018 National Defense Authorization Act and multiple other public laws – no cyber deterrence strategy has been announced.

“Much like our nuclear deterrent, a strong cyber doctrine by the United States government would serve as a deterrent, which is not only necessary, but critical to our nation’s survival in the digital age,” continued the senators. “Our adversaries need to understand the boundaries of what is acceptable in the cyber domain, as well as the circumstances under which we would utilize offensive capabilities to retaliate against cyber-attacks.”

“Our increased reliance on the internet has created new threats and vulnerabilities to our nation's infrastructure and our way of life. Critical infrastructure such as the electric grid, oil pipelines, air traffic control, and financial institutions all use the internet and can be manipulated, disrupted, and in some cases even destroyed. Beyond physical damage, state sponsored disinformation and data manipulation campaigns have sowed lines of division and discord within our country and have targeted the very foundation of our democracy – the electoral process.”

The senators called for an immediate update on the status of the United States government’s cyber deterrence strategy, including a timeline of its progress and an anticipated timeline for completion.

The letter was signed by U.S. Senators Martin Heinrich (D-N.M.), Mike Rounds (R-S.D.), Angus King (I-Maine), Lindsey Graham (R-S.C.), Jeanne Shaheen (D-N.H.), Dan Sullivan (R-Alaska), Richard Blumenthal (D-Conn.), Tim Scott (R-S.C.), Kirsten Gillibrand (D-N.Y.), Ben Sasse (R-Neb.), Tim Kaine (D-Va.), Gary Peters (D-Mich.), Elizabeth Warren (D-Mass.) and Mazie Hirono (D-Hawaii).

A copy of letter is available here and below.

President Donald Trump
The White House
1600 Pennsylvania Avenue
Washington, D.C. 20500 

Dear President Trump: 

We write to urge you to prioritize completion and announcement of our nation’s cyber deterrence strategy as soon as possible. The lack of decisive and clearly articulated consequences to cyber-attacks against our country has served as an open invitation to foreign adversaries and malicious cyber actors to continue attacking the United States.

Section 1633 of the fiscal year 2018 National Defense Authorization Act (Public Law 115-91), as well as the National Defense Authorization Acts for Fiscal Years 2014, 2016, and 2017 (Public Laws 113–66, 114–92, and 114–328) all require the executive branch to develop a national policy and strategy for deterring our adversaries in cyberspace.

In congressional hearings over the course of several years, we have heard numerous government officials across party lines from the Department of Homeland Security, the Department of Defense, the State Department, and the National Security Agency each point to the White House when answering which government entity is in charge of formulating our nation’s cyber doctrine. To date, despite a rapid increase in cyber activity by both nation-states and non-state actors, no cyber deterrence strategy has been announced. 

Notwithstanding the good intentions of Congress and the executive branch, including eight years of the Obama administration and over a year into your administration, the United States has failed to formulate, implement, and declare a comprehensive cyber doctrine with an appropriate sense of urgency. We urge you to end this state of inaction immediately.

Much like our nuclear deterrent, a strong cyber doctrine by the United States government would serve as a deterrent, which is not only necessary, but critical to our nation’s survival in the digital age. Our adversaries need to understand the boundaries of what is acceptable in the cyber domain, as well as the circumstances under which we would utilize offensive capabilities to retaliate against cyber-attacks.

Our increased reliance on the internet has created new threats and vulnerabilities to our nation's infrastructure and our way of life. Critical infrastructure such as the electric grid, oil pipelines, air traffic control, and financial institutions all use the internet and can be manipulated, disrupted, and in some cases even destroyed. Beyond physical damage, state sponsored disinformation and data manipulation campaigns have sowed lines of division and discord within our country and have targeted the very foundation of our democracy – the electoral process.

We urge you to provide us an immediate update on the status of the United States government’s cyber deterrence strategy including a timeline of its progress and an anticipated timeline for completion.

Sincerely, 

Cc: Mr. Rob Joyce Special Assistant to the President and White House Cyber Security Coordinator