Sen. Mike Rounds, chairman of the recently created Senate Armed Services Subcommittee on Cybersecurity, views cyberspace like any other battleground.
“Cyberwar is more than simply stealing emails,” the South Dakota Republican said Tuesday in an interview with Morning Consult. “Cyberwar is where you’re doing damage that, if it was done using a different weapon — a kinetic weapon, a bomb or a missile — everyone would say, ‘Look, you just damaged our infrastructure. You just messed up the New York Stock Exchange. You just blew up a dam.’”
In Rounds’ view, there is little difference between a missile attack on key U.S. targets and a cyberattack that accomplishes the same kind of destruction.
Rounds said the cybersecurity panel’s first task will be to help the Defense Department craft guidelines for responding to cyberattacks — particularly those perpetrated by hostile states — that mirror the way the Pentagon responds to bombs and bullets.
In part, that means using a variety of tools. “Should you limit an attack in cyberspace to a response in cyberspace? I think the answer is no. You have multiple domains in which to respond,” he said.
Deterring cyberattacks also requires preventive action, Rounds said, but he has a lot of questions about how to proceed on that front. “If someone is going to shoot an arrow at you, do you shoot the archer before he shoots the arrow?” he asked. “Offensively, going after someone who is going to attack — where does our military fit into that category, and how far can they go under our current guidelines?”
Rounds’ panel, which was established last month by Committee Chairman John McCain (R-Ariz.), will have extensive oversight authority over the Pentagon’s cyberspace capabilities. While details are still being worked out, Rounds said he expects the subcommittee will supervise and conduct investigations into the Defense Department’s Cyber Command, which was elevated to a unified combatant command under the 2017 National Defense Authorization Act.
The jurisdiction will include “not only oversight, but input into what their needs are,” Rounds said, adding that there would be “more of a direct line of communication between the military and the civilian side of this discussion.”
Jurisdictional concerns factor heavily into the construction of any new congressional subcommittee. When it comes to cybersecurity, the organizational lines are particularly blurred. The Senate committees on Commerce, Homeland Security and Intelligence all work on parts of federal cybersecurity policy.
Rounds is aware of the friction created by overlapping authorities, and he emphasized his intent to stay inside his Pentagon-centered lane.
“We will have areas where we have borders in terms of what their responsibility is versus what our responsibility is,” Rounds said. “My concern, when we get to the point of finding those borders, is that we leave no seam.”
Other lawmakers share that goal. Last week, Sen. Cory Gardner (R-Colo.) introduced a Senate resolution, with support from Sen. Chris Coons (D-Del.), that would create a select committee on cybersecurity.
That effort is likely to go nowhere, in part because GOP leaders are cool to the idea. Rounds said any attempt to create such a committee would set off a congressional turf war. “I have never seen any committee here that’s ever given up power or responsibility,” he said. A select committee would likely be “duplicative” and “just one more level of oversight,” he added.
“Good fences make for good neighbors, and it’s the same thing when you respect the lines of responsibilities among the different committees,” Rounds said. “You can always go up and check the fence see whether it’s working or not. And if not, fix what’s your responsibility. But that communication needs to be there.”