Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Caresse Haaser/Axios

The U.S. still doesn’t have a national cybersecurity doctrine that outlines what would happen to adversaries when they launch cyberattacks against the U.S.

Why it matters: The country's ability to fight back is limited without the overarching doctrine and authority laid out for government agencies. That's a problem given that the midterm elections are coming up, and intelligence leaders have said Russia is showing no signs of letting up on its hacking attempts.

What they're saying:

  • “When you lack a strategy or a doctrine, you don’t have the advantage of deterrence,” Republican Rep. Will Hurd, who serves on the House Homeland Security Committee, told Axios.
  • The concern, as independent Sen. Angus King put it during a recent hearing on election security, is that “the Russians sent in this whole operation in to our election system…and paid no price.”
  • “No one is saying ‘the buck stops here,’” said Democratic Sen. Martin Heinrich.

The impact: The lack of clear lines of authority to respond to cyberattacks — and hacks of U.S. elections — was a big topic at a Senate Intelligence Committee hearing last month. Right now the Department of Homeland Security, the FBI, and the Department of Defense all play roles in defending the U.S. in cyberspace.

Here's how it breaks down:

  • The Department of Homeland Security protects civilian and critical infrastructure, which as of last year includes election infrastructure.
  • The FBI is the lead for investigating cybercrimes and disrupting those trying to commit them.
  • The Department of Defense and intelligence agencies play a role “predominantly when you start going overseas,” according to Robert Silvers, who served as Barack Obama's assistant secretary for cyber policy at DHS.
"I’m a very strong advocate of making it very clear who has the lead."
— Homeland Security Secretary Kirstjen Nielsen

What the White House has done without actually issuing a doctrine: The Trump administration said it would roll out a cyber policy within 90 days after inauguration last year, but the action got delayed.

  • Trump did sign an executive order in May that suggested government agencies use private sector cybersecurity best practices, but it was not a doctrine. It also set off a series of cybersecurity assessments throughout the federal government.
  • A National Security Council official said there were no updates to provide on drafting a doctrine.

The questions a cybersecurity doctrine would have to resolve:

  • Should there be a "red line"? “In the digital world, we're going to see someone get very, very close to that red line" but not cross it, Hurd said. “You do want some strategic ambiguity” left in an ideal doctrine.
  • What should trigger a response? A big question, Hurd said, is whether the U.S. needs to find an individual responsible for a cyberattack, or whether it's enough just to determine that a government entity is responsible.
  • What should the response be? Determining what kinds of attacks deserve a digital response and which ones should provoke other responses — like sanctions, indictments, travel bans, or even a physical attack — brings a host of challenges to the conversation, Hurd said.

What to watch in the meantime: Tom Kellermann, the chief cybersecurity officer at the security company Carbon Black, told me he's worried there will be "a cyber reaction" by Russia in response to the latest sanctions imposed by the U.S.

Go deeper

Dan Primack, author of Pro Rata
10 hours ago - Technology

TikTok gets more time (again)

Illustration: Aïda Amer/Axios

The White House is again giving TikTok's Chinese parent company more to satisfy national security concerns, rather than initiating legal action, a source familiar with the situation tells Axios.

The state of play: China's ByteDance had until Friday to resolve issues raised by the Committee on Foreign Investment in the U.S. (CFIUS), which is chaired by Treasury secretary Steve Mnuchin. This was the company's third deadline, with CFIUS having provided two earlier extensions.

Federal judge orders Trump administration to restore DACA

DACA recipients and their supporters rally outside the U.S. Supreme Court on June 18. Photo: Drew Angerer via Getty

A federal judge on Friday ordered the Trump administration to fully restore the Deferred Action for Childhood Arrivals program, giving undocumented immigrants who arrived in the U.S. as children a chance to petition for protection from deportation.

Why it matters: DACA was implemented under former President Obama, but President Trump has sought to undo the program since taking office. Friday’s ruling will require Department of Homeland Security officers to begin accepting applications starting Monday and guarantee that work permits are valid for two years.

Updated 12 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Politics: Fauci says he accepted Biden's offer to be chief medical adviser "on the spot" — The recovery needs rocket fuel.
  2. Health: CDC: It's time for "universal face mask use" — Death rates rising across the country — Study: Increased testing can reduce transmission.
  3. Economy: U.S. economy adds 245,000 jobs in November as recovery slows — America's hidden depression: K-shaped recovery threatens Biden administration.
  4. Cities: Bay Area counties to enact stay-at-home order ahead of state mandate
  5. Vaccine: What vaccine trials still need to do.
  6. World: UN warns "2021 is literally going to be catastrophic"
  7. 🎧 Podcast: Former FDA chief Rob Califf on the vaccine approval process.