The Senate Armed Services Committee’s version of an annual defense bill would authorize the Pentagon to conduct surveillance on individuals conducting hacking or disinformation campaigns on behalf of the Russian government — a clear reference to Moscow’s interference in the 2016 presidential election.
The Senate’s more than 1,000-page version of the defense policy bill, formally known as the National Defense Authorization Act (NDAA), was released in full on Wednesday, roughly two weeks after being approved by lawmakers on the Armed Services Committee.
{mosads}
The bill’s contents reflect a growing interest by committee lawmakers in codifying and expanding the Pentagon’s authorities and operations in cyberspace, at a time when digital threats from nation states and other malicious actors abound.
The Russia-related provisions also demonstrate an effort by lawmakers to involve the military in responding in various ways to cyberattacks from Moscow — including those that aim to meddle in U.S. political affairs.
Lawmakers, primarily Democrats, have criticized the Trump administration for what they see as an insufficient response to Russian meddling in the 2016 presidential election.
In February, Adm. Mike Rogers, then head of the National Security Agency and Cyber Command, fueled that criticism when he testified before the Armed Services Committee that President Trump had not granted him “additional authorities” to disrupt Russian cyberattacks targeting elections.
The defense bill released Wednesday states that Defense Secretary James Mattis can direct U.S. Cyber Command to spy on individuals or organizations outside the United States who are, on behalf of the Russian government, stealing and releasing confidential information from Americans, planting false narratives or sowing political discord using social media, or taking other actions in the digital realm to exacerbate political conflicts or influence public opinion.
The Pentagon would be required to report to Congress annually on the “scope and intensity” of Russian disinformation operations.
The bill would also direct Mattis to arrange for media companies, including social media firms, to help the government identify Russia-linked malicious individuals and organizations on a voluntary basis; and it would authorize the Pentagon to provide security clearances to representatives of media organizations in order to share evidence on these activities.
The legislation also specifies that, in the event the government detects “systemic and ongoing” Russian cyberattacks against the U.S., the National Command Authority — comprised of President Trump and Secretary Mattis — can authorize the chief of Cyber Command to take “appropriate and proportional action” to disrupt and defeat these attacks.
The Defense secretary would be required to disclose these activities to Congress on a quarterly basis.
Committee lawmakers from both parties have chastised the Trump administration and its predecessor for failing to lay out a comprehensive policy for deterring and responding to malicious cyber activity from other nations.
Senators have again aimed to use the defense bill to set forth a cyber doctrine to guide U.S. moves in cyberspace, an effort that previously prompted criticism from Trump.
The full Senate took up the legislation Wednesday and is likely to vote on it sometime next week. Following passage, lawmakers from both the House and Senate will hash out a final, compromise bill.