Last August, before he got the boot as secretary of state, Rex Tillerson decided to shut down his department’s Office of the Coordinator for Cyber Issues. It struck many as a baffling decision. At a time when cyber threats are growing consistently graver, why would you deliberately pay less attention to them? Last Tuesday, when the Senate Foreign Relations Committee unanimously approved the Cyber Diplomacy Act—a bill passed by the House in January—it essentially voted to undo Tillerson’s decision.
This wasn’t the Senate’s only recent foray into cyber policy. A week before, following a House vote conducted in May, the full Senate passed a version of the National Defense Authorization Act. This piece of legislation—as noted by Bobby Chesney, a University of Texas law professor writing at Lawfare—contains an interesting provision. It explicitly directs the executive branch to “plan, develop, and demonstrate” (emphasis Chesney’s) possible US responses to cyber attacks against “infrastructure critical to the political integrity, economic security, and national security of the United States.” The stipulation is notable, Chesney writes, insofar as it is “not just hortatory, but a direction to action.”
Chesney doubts that the Senate’s directive, even if it becomes law, will accomplish much—partly because it is not directed at any specific agency but also because the Trump administration may lack “the requisite will to direct military operations in cyber space.” That’s a stunning statement, if you stop to think about it. But when the president refuses to endorse the US intelligence community’s consensus view on cyber interference in the 2016 election—well, it’s a stunning world.