President Donald Trump’s promised veto of an annual defense policy bill would also sink one of the most consequential pieces of cybersecurity legislation in years, just as the U.S. is grappling with a massive digital intrusion that appears to be Russia’s handiwork.
The revelation that hackers have compromised myriad federal agencies adds a new dimension to the monthslong battle of wills between Trump and lawmakers of both parties about the defense bill’s fate. It also comes as the commander in chief is attracting bipartisan criticism for failing to offer any public response to the still-unfolding cyberattack, an intrusion that the Department of Homeland Security’s cyber agency has labeled a “grave risk” to range of governments and private organizations.
Top Republicans have seized on the hack while pleading with Trump to sign the National Defense Authorization Act, H.R. 6395 (116), which passed with blowout votes in the House and Senate last week. But many are still wary of crossing Trump, and will be tested by a vote to override his threatened veto.
“There is no doubt that our adversaries will take advantage of any opportunity to attack vulnerabilities in our cyber infrastructure,” a half-dozen GOP House members said in a statement Friday, led by outgoing House Armed Services ranking Republican Mac Thornberry of Texas. “The measures in this year’s bill will provide critical safeguards to protect the information and capabilities most foundational to our nation’s security.”
Also joining that statement were incoming ranking member Mike Rogers of Alabama and Reps. Liz Cheney of Wyoming, Mike Turner of Ohio, Elise Stefanik of New York and Mike Gallagher of Wisconsin.
For the first time ever, the massive defense spending road map contains a section devoted entirely to cybersecurity, with dozens of provisions intended to augment online defenses. Chief among them is the creation of a national cyber director to coordinate the government’s response to digital assaults.
Senate Armed Services Chair Jim Inhofe (R-Okla.), a top Trump ally who has attempted to steer the president away from a veto, highlighted the bill’s cyber upgrades in a joint statement Thursday with the committee’s top Democrat, Jack Reed of Rhode Island. Inhofe argued that signing the defense bill is one of “the immediate steps the Administration can take to improve our cyber posture.”
“The NDAA is always ‘must-pass’ legislation — but this cyber incident makes it even more urgent that the bill become law without further delay,” the pair added.
The president has cited very different reasons for opposing the bill — asserting that Chinese leaders “love” the legislation, and demanding that lawmakers add an unrelated provision stripping legal protections from social media companies that fact-checked him during his reelection campaign.
“I will Veto the Defense Bill, which will make China very unhappy,” Trump tweeted Thursday morning, four days after news of the hack became public.
Unlike President-elect Joe Biden, Trump has not condemned the cyberattack or offered any hints at how he thinks the U.S. should respond.
Alarm about the breach has spread across the Capitol, meanwhile, amid revelations that the hackers had wormed their way into targets such as the Commerce, Treasury and State departments, along with DHS, the National Institutes of Health and various arms of the Energy Department, including the agency that manages the U.S. nuclear stockpile. The victims could also include an array of state and local governments as well as private entities, DHS’s Cybersecurity and Infrastructure Security Agency said Thursday.
U.S. officials have said the hackers obtained access to the agencies’ networks after infecting software updates from a Texas company called SolarWinds, whose customers include much of the federal government and the Fortune 500. Early assessments have blamed the monthslong attacks on Russia’s elite foreign espionage agency.
Maine Republican Sen. Susan Collins, a senior member of the Intelligence Committee and the Defense Appropriations panel, cited the defense bill’s cyber provisions Friday while calling for Trump to sign it.
“The President should immediately sign the NDAA not only to keep our military strong but also because it contains significant cyber security provisions that would help thwart future attacks,” Collins wrote on Twitter.
Rep. John Katko of New York, who is set to be the top Republican on the House Homeland Security Committee, also believes Trump should sign the bill, a spokesperson said Friday.
Tom Bossert, Trump’s former homeland security adviser, piled on in a New York Times op-ed this week. The former senior White House aide contended that the hack makes the defense bill with its extensive cybersecurity provisions “a must-sign piece of legislation.”
The proposal to create a national cyber director is one of the bill’s most-noticed proposals. The administration has opposed creating such a position, but lawmakers have expressed a bipartisan desire to put someone in charge of coordinating the digital missions at the various federal agencies.
Trump’s former national security adviser John Bolton eliminated a similar White House cybersecurity coordinator position in May 2018. Unlike the proposed role, that post didn’t require Senate confirmation.
In all, the bipartisan measure contains more than two dozen recommendations taken from or inspired by the Cyberspace Solarium Commission, a congressionally chartered panel created in a previous defense policy bill.
Many of the provisions are meant to strengthen CISA, which has come under pressure from Trump for refusing to back his election conspiracy theories. The agency has been without a permanent leader since the president fired Director Chris Krebs last month.
The NDAA would also grant CISA the authority to hunt for foreign hackers trying to break into government networks and the power to issue administrative subpoenas to internet service providers when the agency detects vulnerabilities in critical infrastructure.
Mark Montgomery, the Solarium Commission’s executive director, said in a statement that the measure needs Trump’s signature “now.”
“If the president is not careful his cyber legacy will be the SolarWinds disaster,” said Montgomery, who previously served as policy director for Senate Armed Services under the late Sen. John McCain. But he added, “if he signs the NDAA with 70-plus cyber provisions, many that address the SolarWinds challenge, he can take ownership of the long-term solution.
“That would make him the ‘big winner’ not China,” Montgomery added, referring to Trump’s recent, unexplained critique that Beijing supports the bill.
In addition to his last-minute demand that the NDAA repeal a 1996 online liability law called Section 230, Trump vowed over the summer to veto any bill that would force the military to rename bases that honor Confederate leaders. Congress included such a provision in the final bill.
He’s also objected to provisions that limit U.S. troop withdrawals from Afghanistan and Europe.
Trump has until Wednesday to sign or veto the measure or allow it to become law without his signature.
Congressional leaders in both parties are confident they’ll be able to muster enough support to override when a vote happens in late December or early January, shortly before the new Congress is sworn in.
Republicans could sink the bill if enough of them side with Trump on an override vote — though dozens in the House and Senate would have to change their votes to do so.
In the meantime, Trump is coming under criticism from a growing, bipartisan chorus of lawmakers who want him to speak out forcefully about the breach.
On Thursday, Sen. Mitt Romney (R-Utah), a member of the Foreign Relations Committee and a longtime critic of the president, tweeted an abbreviated version of a radio interview he gave where he described “inexcusable silence and inaction from the White House.”
Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee, said that as “we learn about the wider impact of this malign effort — with the potential for wider compromise of critical global technology vendors and their products — it is essential that we see an organized and concerted federal response.”
It is “extremely troubling that the President does not appear to be acknowledging, much less acting upon, the gravity of this situation,” Warner said.
Droolin’ Dog sniffed out this story and shared it with you.
The Article Was Written/Published By: Connor O’Brien and Martin Matishak