Combatting future nation-state cyber threats will require greater authorities for the Department of Homeland Security to improve information sharing and a better effort to place pressure on adversaries, according to the chairman of the House Homeland Security Committee.
Committee Chairman Michael McCaul (R-Texas) delivered his “State of National Security Address” on Monday, and urged lawmakers and the private sector to move toward solutions that will improve U.S. cyber resiliency and breach protection.
“Our adversaries, both nation-state and non-state actors, threaten us around the clock in cyberspace,” McCaul said during his speech hosted by George Washington University’s Center for Cyber & Homeland Security. “Whether it’s North Korea launching a global cyber attack crippling infrastructure to China stealing our nation’s valuable intellectual property to Russia conducting disinformation warfare campaigns to sow discord among the people to Iran attacking our financial institutions to terrorists spreading evil propaganda over the Internet or criminals taking our financial or personal information, we are all exposed to harm.”
McCaul pushed for a continued Department of Homeland Security reorganization effort to improve the department’s ability to facilitate information sharing with its industry partners.
The House passed a bill in December, which McCaul authored, to elevate DHS’ critical infrastructure security, the National Protection and Programs Directorate, to an operational agency with greater authorities (Defense Daily, Dec. 12). The new Cybersecurity and Infrastructure Security Agency would be in a better position to coordinate with the private sector and mitigate cyber breach threats, according to McCaul.
The Senate Homeland Security and Governmental Affairs committee is holding a roundtable on the DHS reorganization this Wednesday.
“I hope the Senate will pass this legislation soon,” McCaul said.
During a panel with lawmakers following McCaul’s address, Rep. John Katko (R-N.Y.) reiterated the urgent need to address known threats perpetrated by nation-state cyber actors.
“The amount of malware that’s probably sitting in our public service utilities and our critical infrastructure throughout this country is quite substantial. And it’s been placed there by other countries” Katko said. “They just haven’t advocated it because they don’t want to incur the wrath of the United States. I absolutely think this is one of the most important issues that we have today.”
McCaul in his speech pressed for defining a lack of cyber norms and enforcing them with our international partners to place added pressure on known nation-state cyber actors.
The House Homeland Security chairman called particular attention to a lack of consequences for Russian election meddling and Chinese-government backed attempts at intellectual property theft.
“We must eliminate the legal barriers our private industry confronts from other countries’ cyber security laws, including the mandatory requirement to allow a foreign government to review a company’s source code,” McCaul said. “In response to Russia’s aggressive foreign policy, Congress passed and the president signed the Countering America’s Adversaries Through Sanctions Act to impose an economic price on Russia’s meddling in our international interests. And we must remain vigilant in countering Russia’s attempts to meddle in our elections in the future.”
The White House announced on Jan. 29 it would not be imposing the sanctions on Russia, which Congress passed in July 2017.
Rep. Will Hurd (R-Texas), chairman of the House IT subcommittee and a panelist at Monday’s event, urged lawmakers to place more emphasis on producing solutions to defend against nation-state actors latest cyber and electronic warfare tactics.
“Cyber warfare in the future is not going to be hacker-on-hacker, it’s going to be good [artificial intelligence] vs. bad AI,” Hurd said. “We as a country have to figure out how do we do electronic warfare. Who are the Navy SEALs when it comes to electronic warfare? How do we defend our infrastructure? What are the roles and responsibilities of the public and private sector in this?”