The House on Thursday voted to require the White House to give Congress a cyberwarfare directive that senior members say the administration has refused to turn over for nearly a year.
The language, which would force the administration to turn over “all National Security Presidential Memorandums relating to Department of Defense operations in cyberspace,” sailed through the chamber on a voice vote as part of a package of noncontroversial amendments to the annual defense policy bill.
The amendment would cover the NSPM 13, a classified directive on offensive cyber operations that President Donald Trump is said to have signed last August.
The directive is the Trump administration’s flagship policy document on military cyber operations, which officials say have grown significantly over the past year due to a more streamlined process made possible by the directive.
The House’s unusual legislative order for a document is prompted by an equally unorthodox administration decision to withhold the directive from Congress, senior members say.
“I can’t recall a time when a document of this significance has been withheld from Congress,” said amendment sponsor Jim Langevin, a Rhode Island Democrat who has served in the House for nearly two decades. Langevin chairs the Armed Services Subcommittee on Intelligence, Emerging Threats and Capabilities, which oversees cyber defense programs.
The Trump administration has resisted repeated requests to view the cyber policy document from lawmakers who are cleared to see classified information — and who point out that they are constitutionally charged with monitoring the military’s operations in a new and expanding realm of warfare.
In particular, the Democratic and Republican leaders of the House Armed Services Committee and its emerging threats subcommittee — in a rare instance of bipartisan pushback against the White House — have repeatedly asked administration officials for the memo, both in writing and at public hearings.
The White House did not directly reply to a query about whether it is withholding the documents.
“The Administration keeps Congress appropriately informed of cyber operations, including by providing briefings and documents,” a senior administration official said in an email.
Meanwhile, Senate Armed Services Committee members are not as exercised as their House colleagues about the withholding of the document, so it is not clear whether the final enacted version of the defense authorization bill will contain the House-passed order.
Republican Mike Rounds of South Dakota, chairman of the Senate Armed Services Subcommittee on Cybersecurity, said in a brief interview that he did not feel the need to see the documents themselves because, he said, “I was very comfortable with the briefings I received on it — several of them.”
Sen. Joe Manchin III of West Virginia, the top Democrat on the panel, did not directly answer when asked twice if he had asked for or seen the documents.
“I’ve had some briefings,” Manchin said both times.
Burgeoning domain of war
The House’s push for direct access to seminal policy documents on cyberwarfare comes as China, Russia, Iran and North Korea have stepped up hacking, economic espionage, disinformation, propaganda and other operations.
The Trump administration has made clear that it is likewise boosting its cyber operations — both defensive and, increasingly, offensive.
In 2018, for example, U.S. Cyber Command deployed personnel to Ukraine, Macedonia and North Montengro to glean data on Russian activities in cyberspace and to help defend computers in those countries.
And last month, The New York Times reported that U.S. cyber operators had implanted computers in Russia’s energy sector with crippling malware that could be activated at a later date.
Trump denied the report. But National Security Adviser John Bolton said last month that the administration’s goal has been “to say to Russia, or anybody else that’s engaged in cyber operations against us, ‘You will pay a price.’”
Bolton told reporters last September that the Defense Department’s classified cybersecurity strategy springs from and implements NSPM 13, the document that has been denied to House oversight committees.