McCain blasts White House cyber policy

Senate Armed Services Committee Chairman John McCain (R-Ariz.) this week blasted the Obama administration’s recently published cyber deterrence policy, calling it “thin.”

The policy is “wholly lacking any new information about the administration’s plan to integrate ends, ways, and means to meaningfully deter attacks in cyber space,” McCain said in a statement.

{mosads}The White House policy, released at the end of December, outlines the Department of Defense’s approach to cyber crime, as well as how it plans to conduct both offensive and defensive cyber actions.

McCain, who has been at the forefront of a congressional push for such a policy, lambasted the document for falling short of its objectives.

“The report goes to great pains to minimize the role of offensive cyber capabilities and does little to clarify the policy ambiguities that undermine the credibility of deterrence,” he said.

Massive hacks on the Office of Personnel Management and Sony Pictures Entertainment have put pressure on the administration to provide clear guidelines for its response to different forms of cyber aggression. Those intrusions have been blamed on China and North Korea, respectively.

Such guidelines, proponents say, will act as a deterrent because criminals will understand the consequences of their actions.

“Because there are no [cyber] norms, actions and responses are totally unpredictable,” Rep. Jim Himes (D-Conn.) told The Hill during a recent interview, calling the situation “inherently dangerous.”

Himes is the ranking member of the House Intelligence subcommittee on the National Security Agency. He recently sent a letter to the State Department with his subcommittee’s chairwoman, Rep. Lynn Westmoreland (R-Ga.), urging action on the issue.

Director of National Intelligence James Clapper has acknowledged before the Intelligence Committee that the U.S. lacks “both the substance and the psychology of deterrence” in cyberspace, and that absent such a policy, the U.S. will continue to face digital attacks and cyber theft.

McCain in November sent a letter to Clapper “seeking an explanation for the administration’s delay in developing a cyber deterrence policy and utilizing the many tools available to it to achieve substantive deterrence.”

The policy, required by the 2014 National Defense Authorization Act, was 15 months overdue by the time the White House issued it last month.

But the long-awaited results have not satisfied McCain.

Instead, he says, the document “mostly reiterates steps taken and pronouncements made over the past few years, all of which we know have failed to deter our adversaries or decrease the vulnerability of our nation in cyber space.”

Updated at 4:45 p.m.