WASHINGTON, D.C., USA — President Donald Trump said Thursday he would veto a defense bill that would help protect the U.S. and its agencies against the type of hacking that was discovered this week. The bill, called the 2021 National Defense Authorization Act (NDAA), passed in Congress earlier this month with veto-proof majorities.
Officials suspect Russia was behind the recent cyberattack which hacked U.S. agencies including the Treasury, Commerce, and Energy departments. Federal authorities on Thursday expressed increased alarm over the long-undetected hack which compromised “critical infrastructure,” the Cybersecurity and Infrastructure Security Agency said in an unusual warning message.
Maine Independent Sen. Angus King, co-chair of the Cyberspace Solarium Commission, said in an interview with CNN Thursday that the recent cyberattack is “one of the most serious attacks that we’ve ever seen,” and that it’s “what we’ve been predicting.”
On Friday, also on CNN, King said the ongoing hack is "a real-time disaster unfolding.”
King explained the ongoing cyberattack is troubling for two reasons: this attack started in March and wasn’t discovered until this week, and it’s unclear what the intruders are up to. King says it’s not known if the hackers are stealing information or planting malware into government and/or private sectors.
Republican Maine Sen. Susan Collins said in a statement Friday, “This cyberattack likely perpetrated by the Russians spotlights the glaring vulnerabilities of our federal cybersecurity system.”
Thomas Bossert, a former Homeland Security adviser under Trump, said in an opinion article in The New York Times that the U.S. should now act as if the Russian government had gained control of the networks it has penetrated.
“The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services,” Bossert wrote.
“I’ve spent the last year and a half co-chairing a commission on cyber, and unfortunately, this [hack] is exactly what we’ve been concerned about,” King said in an interview Thursday with NPR. “This is terrible news. The good news is, in the National Defense Authorization Act that, as you know is now sitting on the President’s desk there are 26 different provisions from our report to improve our cyber defenses, one of which might have made a real difference in this case. So, I’m very much hoping the president will put aside his reservations and sign this bill.”
Earlier this month, 26 of the Solarium Commission’s recommendations for improving the U.S.’s cybersecurity were incorporated into the NDAA. The commission says the bill “makes meaningful progress on improving the state of America’s cyber defenses, reorganizing the government to successfully partner with the private sector to combat growing cyber threats, clarifying the roles and responsibilities of federal government agencies, and setting in motion critical processes like Continuity of the Economy Planning.”
Among the commission’s recommendations adopted into the NDAA is a key provision that would establish a new senate-confirmed cybersecurity director in the White House, elevating the position from the current national cybersecurity coordinator designation (which the Trump administration vacated).
The Cyber Security and Infrastructure Security Agency (CISA) would be strengthened with the bill as well. NDAA would give CISA the ability to proactively “threat hunt” on government networks.
“[The provision] would allow CISA, the Cybersecurity and Infrastructure Security Agency, to so-called ‘threat hunt’ on government networks,” King said on NPR. “That is, to test, to try to penetrate them, to try to hack them to find where the vulnerabilities are. That’s one of the provisions that’s in the bill.”
“That’s something that I do think would directly improve our ability to detect and potentially prevent this in future,” Cyber Solarium Commission Chair Rep. Mike Gallagher, R-Wis., said.
Trump has been silent on the hacks. The lack of any statement seeking to hold Russia responsible casts doubt on the likelihood of a swift response and suggests any retaliation — whether through sanctions, criminal charges or cyber actions — will be left in the hands of President-elect Joe Biden’s incoming administration.
President-elect Joe Biden, who will inherit the potentially difficult U.S.-Russia relationship, spoke up forcefully about the hack, declaring that he and Vice President-elect Kamala Harris “will make dealing with this breach a top priority from the moment we take office.”
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” he said. He thanked administration “public servants” who he said were “working around-the-clock to respond to this attack.”
On Friday, Dec. 11, Congress sent the bill the president’s desk. He has 10 days—minus Sundays—to decide whether he will sign the bill or veto the legislation, giving him a deadline of Dec. 23.
Trump opposes the NDAA “because it would strip the names of Confederate generals from military bases and because it does not repeal liability protections - unrelated to defense - for social media companies, such as Twitter and Facebook, that Trump considers unfriendly to conservatives,” Reuters reports.
The bill, however, passed with more than the two-thirds majority needed for a veto override. So while lawmakers in Congress continue to work on legislation to avoid a government shutdown and provide relief to Americans amid the ongoing pandemic, Trump could potentially set up a veto fight in the final days of the session with just weeks left of his presidency.
“The President should immediately sign the NDAA not only to keep our military strong but also because it contains significant cyber security provisions that would help thwart future attacks,” Collins said.
U.S. Rep. Chellie Pingree, D-Maine, also called on Trump to sign the bill. In a statement to NEWS CENTER Maine, Pingree said, "Since the worst cyber-attacks on American national security were revealed, the House Intelligence Committee has demanded answers for whether and how the Trump administration is responding."
"The seriousness of these reports require that national security agencies have the authority and directive to understand and respond to the threat, without President Trump’s constant deference to Vladimir Putin," Pingree continued. "The President should sign the National Defense Authorization Act without delay, empower agencies to respond to Russia’s attacks, and strengthen our protections against future cyber threats."
In a statement to NEWS CENTER Maine, Rep. Jared Golden, D-Maine, said, “The recent hack of government and private cyber systems is gravely serious. It’s critical that we not only ensure government systems are no longer compromised, but are secure in the future. One important way we can do this is by improving our ability to address cyber threats. The NDAA, passed by the House and Senate this month, would help to do just that by creating a new National Cyber Director to advise the president and work with federal agencies to protect government cyber systems.”
King said the country's protection from hacks is "hanging in the balance," while Trump makes his decision.
To NPR, King said, “Man, I hope the President signs this bill, because this is the most important cyber bill ever passed by the Congress.”
The Associated Press contributed to this report.