A Senate panel wants to explicitly authorize the Pentagon to use its cyber forces to combat illegal activity stemming from Mexico.
A provision in the Senate Armed Services Committee’s version of the fiscal 2024 National Defense Authorization Act would allow the secretary of defense, along with other federal agencies and in consultation with the Mexican government, to “conduct detection, monitoring, and other operations in cyberspace to counter Mexican transnational criminal organizations that are engaged” in a variety of activities that cross the southern U.S. border.
Such activities include smuggling of illegal drugs and controlled substances, human trafficking and weapons trafficking, according to the bill. The legislation was approved by the committee at the end of June, but the bill’s full text wasn’t released until Tuesday.
The committee is couching this activity under existing authority that places the Department of Defense as the single lead U.S agency for the detection and monitoring of aerial and maritime transit of illegal drugs into the country, along with broader authorities to conduct military cyber operations.
The provision states that the authority “may be used to counter Mexican transnational criminal organizations, including entities cited in the most recent National Drug Threat Assessment published by the United States Drug Enforcement Administration.”
Members of Congress have long been harping on the illicit drug trade that has brought unprecedented amounts of fentanyl into the U.S. and has led to an epidemic of overdose deaths. According to the Drug Enforcement Administration, more Americans under 50 have died from fentanyl than any other cause of death recently, including heart disease, cancer, homicide and suicide.
As part of the provision, senators also want a strategy with 60 days of the law’s enactment, for conducting operations in cyberspace to combat this activity as well as quarterly briefings to update lawmakers on such operations to include the nations they were conducted in.
The strategy should include, among other things, a description of cyber presence and activities — to include information operations — of the organizations previously described, a description of any previous cyber actions taken by DOD against such groups, and descriptions of security cooperation agreements and work with the Mexican government.
According to Herb Lin, a senior research scholar for cyber policy and security at Stanford University’s Center for International Security and Cooperation, the bill’s provision is just clarifying existing authority the Pentagon already has to conduct such operations.
“As far as I can tell, it clarifies existing authority. It explicitly gives DOD authority to do something that I think that they could’ve done without it,” he told DefenseScoop. “It’s not a directive that they should do things, it gives them explicit legislative authority to do that. The language says [the secretary of defense] MAY conduct detection, monitoring, and other operations in cyberspace to counter Mexican transnational criminal organizations, but it does not say MUST.”
The DOD has a long history combating drug cartels and illicit activity from criminal groups, especially in Latin America.
Lin said this legislation makes the authority to conduct counter-drug ops via cyber explicit. “I don’t know if DOD really needs this legislation to do it, but if DOD wants to do it, it doesn’t hurt to explicitly have the authority,” he added.
Other cyber experts says it helps further codify U.S. Cyber Command’s roles within the government.
“I don’t see it as a tacit approval for use of force — maybe they feel like they could grow into that. It seems like they’re just formalizing Cybercom’s role in the monitoring, looking at the communications and maybe disrupting the communications of these groups,” Gary Brown, a professor at National Defense University and formerly the first senior legal counsel for Cybercom, told DefenseScoop.
Since Cybercom’s inception, it has straddled a line between military operations and intelligence efforts given it was co-located with the National Security Agency, which is responsible for conducting foreign intelligence. The two organizations continue to share a leader, and Cybercom at times has struggled with an identity crisis.
“None of this would have been outside their role because the language [of the NDAA] seems aimed at things on the net. This really would have been within their mission anyway, but the idea may be to clarify the specific role of Cybercom,” Brown said. “I think they’re trying to find that sweet spot we’ve been searching for since Cybercom stood up between intel and operations. The things that they’re doing now are things that would might have been in NSA’s wheelhouse previously.”
In the past, there were debates both inside and outside government as to how the Defense Department would protect the country in the digital realm. It was clear the U.S. military had responsibility to defend the United States from kinetic attacks such as missile salvos, but tackling cyber threats was a trickier problem.
“There was long frustration in Cybercom that, if you look through DOD, on the kinetic side, of course, DOD defends the homeland, we defend the United States. But in cyber, at first, we were limited to defending DOD networks and not civilian networks,” Brown said. “I think there’s just been a desire to move a little further out and say, ‘Hey, if cyber is part of aggression against the homeland, then Cybercom should have a role in in defending the homeland against that aggression.’ On the cyber side, I think because these things that they spelled out — human trafficking and particularly drug trafficking has a direct effect in the United States, I think there is a role for DOD in this.”
As threats, especially in the digital and cyber domains, have evolved in recent years, the Pentagon has been forced to evolve in kind to protect the nation. For example, Cybercom now views securing elections as an enduring responsibility. It also has sought to combat ransomware actors abroad, before they reach networks in the homeland, to protect U.S. citizens from having their data stolen.
The SASC provision aims to extend DOD and Cybercom’s responsibility to defend the nation to threats stemming from the southern border, even from non-state actors.
However, some are worried about the expansion in authority and potential responsibility.
“One challenge with the ‘defend the nation’ mission in cyberspace is that it can be scoped widely or narrowly — especially because cyberspace touches on so many aspects of the nation. I think in this case, it is being scoped too widely,” Erica Lonergan, assistant professor at Columbia University’s School of International and Public Affairs and a former senior director on the Cyberspace Solarium Commission, told DefenseScoop in an email.
“Extending the defend the nation mission to counter drug trafficking by Mexican drug cartels runs the risk of stretching the mission beyond its original intent. Cyber operations demand significant investment in resources and, in an environment where the [cyber mission force] has a limited number of skilled personnel and capabilities to conduct these operations, prioritizing drug cartels will inevitably mean taking resources away from other mission areas, which are more important,” she added.
Lonergan noted that the National Defense Strategy priorities the U.S. military deterring major conflict and aggression from nation-states in a return to so-called great power competition, identifying China as the “pacing threat.”
While cyberspace will play a key role in the future, with limited resources, DOD should be prioritizing — and Mexican drug cartels are relatively low on that priority list, she said.
“The reality is that Mexican drug cartels are likely to present an easier target, and demonstrable successes in this area will make it tempting to shift even greater resources toward counter-drug trafficking and away from strategic threats — especially because peer- and near-peer nation-state competitors are harder (and therefore more frustrating) targets than most non-state actors,” she added.
Traditionally — with the exception of fighting terrorist groups such as ISIS — DOD’s cyber forces have largely focused on countering advanced nation-state threats such as Russia and China. However, Lin expects cyber tools to be used more in the future against a host of activity.
“Cyber doesn’t have to be used just against the high-end actors. My prediction is that cyber is going to be increasingly a weapon of choice against bad guys at all levels,” he said. “Because it’s cheaper than deploying forces to the ground and there’s no political cost in doing it. [There are] all kinds of interesting reasons why you’d want to use cyber force instead of soldiers to conduct operations against non-state entities that are hostile. For example, no boots on the ground means no American casualties. Also, U.S. decision-makers may see using cyber force as less than full-blown intervention but more than just something minor, like economic sanctions.”
Brown noted that sometimes criminal issues can eventually rise to the level of a major national security problem.
“We could color this [issue of illegal drugs and cartels] as purely criminal activity. I think at some point, again, particularly with the drug issue, it does become a no kidding, national security priority,” he said. “Once it reaches a certain level, it goes beyond just criminal. It continues to be criminal, but it also becomes a national security issue and the DOD and the intelligence community just may be better resourced and postured to handle that at scale.”
A reconciled version of the NDAA must be passed by the Senate and House and signed by the president before becoming law.