The Government is Trying to Get Serious About Cyber as a Foreign Policy Issue

What if they held a hearing and only two senators came?

Sen. Ben Cardin participates in a Senate Foreign Relations Committee hearing.
National Journal
Kaveh Waddell
Add to Briefcase
Kaveh Waddell
May 14, 2015, 4 p.m.

After a string of high-pro­file In­ter­net at­tacks dir­ec­ted at the U.S. gov­ern­ment and private sec­tor, Con­gress and the ex­ec­ut­ive branch are try­ing to get ser­i­ous about treat­ing cy­ber war­fare as a for­eign policy is­sue—es­pe­cially when it comes to ad­dress­ing threats from China and Rus­sia.

But it’s slow go­ing.

The Sen­ate For­eign Re­la­tions Com­mit­tee ad­ded cy­ber­se­cur­ity to the port­fo­lio of one of its sub­pan­els, which had its first hear­ing Thursday. Yet only two mem­bers showed up: Col­or­ado Re­pub­lic­an Cory Gard­ner and Mary­land Demo­crat Ben Cardin, chair­man and rank­ing mem­ber of the Sub­com­mit­tee on East Asia, the Pa­cific, and In­ter­na­tion­al Cy­ber­se­cur­ity Policy, re­spect­ively.

Cy­ber­se­cur­ity has cap­tured the at­ten­tion of Con­gress this ses­sion, tak­ing cen­ter stage in hear­ings and le­gis­la­tion that fo­cus on com­pan­ies’ policies of no­ti­fy­ing cus­tom­ers about data breaches, cy­ber threat in­form­a­tion shar­ing between the gov­ern­ment and private sec­tor, and the value of built-in back­doors on con­sumer devices that would al­low the gov­ern­ment to ac­cess en­cryp­ted com­mu­nic­a­tions on iPhones and oth­er gad­gets.

But the for­eign policy angle hasn’t cap­tured Con­gress’s ima­gin­a­tion just yet.

About an hour in­to the hear­ing, Cardin left for an­oth­er com­mit­tee meet­ing, leav­ing the chair­man out­numbered by the pan­el of wit­nesses.

Mike Ro­gers, who was chair­man of the House in­tel­li­gence com­mit­tee un­til he left Con­gress this Janu­ary, says cy­ber­se­cur­ity is the miss­ing piece in U.S. de­fense policy. “This is the largest na­tion­al se­cur­ity we face that we have no an­swer to,” Ro­gers said at an event at the Hud­son In­sti­tute on Tues­day. “And can­didly, we’re not win­ning.”

“We are keep­ing pace, maybe, but policy-wise, we’re be­hind this prob­lem,” he said.

Chris­toph­er Paint­er, the State De­part­ment’s point per­son on cy­ber is­sues, said as much at Thursday’s hear­ing.

“While the In­ter­net has been grow­ing and evolving for a few dec­ades now, the in­ter­na­tion­al com­munity has only more re­cently be­gun to fully grasp cy­ber is­sues as a for­eign policy pri­or­ity,” Paint­er said in his pre­pared testi­mony.

The fed­er­al gov­ern­ment has treated the In­ter­net as a bat­tle­field for some time. Doc­u­ments re­vealed by former in­tel­li­gence con­tract­or Ed­ward Snowden showed that the U.S. hacked in­to Chinese mo­bile phone com­pan­ies, and the U.S. is be­lieved to be be­hind the ad­vanced Stuxnet worm, which tar­geted Ir­an’s nuc­le­ar cent­ri­fuges, al­though it has nev­er ac­know­ledged be­ing in­volved.

And in­creas­ingly, U.S. com­pan­ies and gov­ern­ment have been on the re­ceiv­ing end of In­ter­net at­tacks. A hack at­trib­uted to North Korea that tar­geted Sony Pic­tures re­vealed hun­dreds of thou­sands of private emails, cost the movie stu­dio mil­lions, and drew a re­buke—and pos­sibly re­tali­ation—from the White House. A re­cent in­vest­ig­a­tion found that Rus­si­an hack­ers found their way in­to email sys­tems that be­long to the State De­part­ment and White House. And a Chinese cy­ber weapon called “Great Can­non” tar­geted a U.S. com­pany that was host­ing soft­ware used by dis­sid­ents in China.

“When it comes to the for­eign policy im­plic­a­tions of cy­ber is­sues, it is im­port­ant to be­gin with the re­cog­ni­tion that this sub­com­mit­tee and the State De­part­ment are work­ing in a still-nas­cent policy space,” Paint­er said.

As gov­ern­ment works to fill that space, Cardin called on an ex­pan­sion of pub­lic-private col­lab­or­a­tion, and poin­ted to pro­posed in­form­a­tion-shar­ing le­gis­la­tion as an ex­ample.

“Gov­ern­ment can­not do this alone. We have no choice but to work closely with the private sec­tor,” Cardin said Thursday.

Obama last month an­nounced an ex­ec­ut­ive or­der that would al­low the U.S. to re­spond to cy­ber at­tacks with fin­an­cial sanc­tions. “Cy­ber­threats pose one of the most ser­i­ous eco­nom­ic and na­tion­al se­cur­ity chal­lenges to the United States, and my ad­min­is­tra­tion is pur­su­ing a com­pre­hens­ive strategy to con­front them,” Obama said then.

Mean­while, the State De­part­ment has been ap­ply­ing its dip­lo­mat­ic ex­pert­ise to the cy­ber­world, where it’s been try­ing to get Amer­ic­an al­lies to work to­geth­er and with the U.S. to de­vel­op a set of “norms” to gov­ern how coun­tries should act on the In­ter­net, Paint­er said Thursday. The U.S. has en­gaged in “con­fid­ence-build­ing meas­ures” over cy­ber is­sues to re­duce the pos­sib­il­ity of on­line con­flict.

James Lewis, dir­ect­or of the tech­no­logy pro­gram at the Cen­ter for Stra­tegic and In­ter­na­tion­al Stud­ies and an­oth­er wit­ness on Thursday’s pan­el, wel­comed the Sen­ate sub­com­mit­tee to the fray.

“Every­one and their dog is do­ing cy­ber­se­cur­ity, and I guess that’s a good thing,” he said.

What We're Following See More »
European Commission President to Visit White House
39 minutes ago

With President Trump back from a trip in which he seemed to undermine European alliances while cozying up to Vladimir Putin, the White House has announced that European Commission President Jean-Claude Juncker will visit on July 25. According to a statement, the two "will focus on improving transatlantic trade and forging a stronger economic partnership."

IRS Relaxes Reporting Rules for Dark Money Groups
1 hours ago
House Launches Investigation Into VA Nursing Homes
1 hours ago

"The House Veterans Affairs Committee has launched an investigation into care at the VA’s 133 nursing homes after learning the agency had given almost half of them the lowest possible score in secret, internal rankings. The probe follows an investigation by The Boston Globe and USA TODAY that showed 60 VA nursing homes ... rated only one out of five stars for quality last year in the agency’s own ranking system." Internal documents revealed that "patients in more than two-thirds of VA nursing homes were more likely to suffer pain and serious bedsores than their private sector counterparts, and that "VA nursing homes scored worse than private nursing homes on a majority of key quality indicators, including rates of anti-psychotic drug prescription and decline in daily living skills."

House Republican Introduces Net Neutrality Legislation
1 hours ago

Colorado Representative Mike Coffman has introduced a bill "that would codify free internet regulations into law" by instituting the "basic outlines of the Federal Communication Commission’s 2015 Open Internet order." Coffman's bill amends the 1934 Telecommunications Act by "banning providers from controlling traffic quality and speed and forbidding them from participating in paid prioritization programs or charging access fees from edge providers." The GOP congressman has also "signed on to a Democrat-led effort to reinstate the net neutrality rules that the FCC voted to repeal late last year."

DOJ Indicts Another Russian National
19 hours ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.