After a string of high-profile Internet attacks directed at the U.S. government and private sector, Congress and the executive branch are trying to get serious about treating cyber warfare as a foreign policy issue—especially when it comes to addressing threats from China and Russia.
But it’s slow going.
The Senate Foreign Relations Committee added cybersecurity to the portfolio of one of its subpanels, which had its first hearing Thursday. Yet only two members showed up: Colorado Republican Cory Gardner and Maryland Democrat Ben Cardin, chairman and ranking member of the Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy, respectively.
Cybersecurity has captured the attention of Congress this session, taking center stage in hearings and legislation that focus on companies’ policies of notifying customers about data breaches, cyber threat information sharing between the government and private sector, and the value of built-in backdoors on consumer devices that would allow the government to access encrypted communications on iPhones and other gadgets.
But the foreign policy angle hasn’t captured Congress’s imagination just yet.
About an hour into the hearing, Cardin left for another committee meeting, leaving the chairman outnumbered by the panel of witnesses.
Mike Rogers, who was chairman of the House intelligence committee until he left Congress this January, says cybersecurity is the missing piece in U.S. defense policy. “This is the largest national security we face that we have no answer to,” Rogers said at an event at the Hudson Institute on Tuesday. “And candidly, we’re not winning.”
“We are keeping pace, maybe, but policy-wise, we’re behind this problem,” he said.
Christopher Painter, the State Department’s point person on cyber issues, said as much at Thursday’s hearing.
“While the Internet has been growing and evolving for a few decades now, the international community has only more recently begun to fully grasp cyber issues as a foreign policy priority,” Painter said in his prepared testimony.
The federal government has treated the Internet as a battlefield for some time. Documents revealed by former intelligence contractor Edward Snowden showed that the U.S. hacked into Chinese mobile phone companies, and the U.S. is believed to be behind the advanced Stuxnet worm, which targeted Iran’s nuclear centrifuges, although it has never acknowledged being involved.
And increasingly, U.S. companies and government have been on the receiving end of Internet attacks. A hack attributed to North Korea that targeted Sony Pictures revealed hundreds of thousands of private emails, cost the movie studio millions, and drew a rebuke—and possibly retaliation—from the White House. A recent investigation found that Russian hackers found their way into email systems that belong to the State Department and White House. And a Chinese cyber weapon called “Great Cannon” targeted a U.S. company that was hosting software used by dissidents in China.
“When it comes to the foreign policy implications of cyber issues, it is important to begin with the recognition that this subcommittee and the State Department are working in a still-nascent policy space,” Painter said.
As government works to fill that space, Cardin called on an expansion of public-private collaboration, and pointed to proposed information-sharing legislation as an example.
“Government cannot do this alone. We have no choice but to work closely with the private sector,” Cardin said Thursday.
Obama last month announced an executive order that would allow the U.S. to respond to cyber attacks with financial sanctions. “Cyberthreats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them,” Obama said then.
Meanwhile, the State Department has been applying its diplomatic expertise to the cyberworld, where it’s been trying to get American allies to work together and with the U.S. to develop a set of “norms” to govern how countries should act on the Internet, Painter said Thursday. The U.S. has engaged in “confidence-building measures” over cyber issues to reduce the possibility of online conflict.
James Lewis, director of the technology program at the Center for Strategic and International Studies and another witness on Thursday’s panel, welcomed the Senate subcommittee to the fray.
“Everyone and their dog is doing cybersecurity, and I guess that’s a good thing,” he said.
What We're Following See More »
"A long-simmering feud between two of President Trump’s top advisers reached a boiling point Thursday, as White House communications director Anthony Scaramucci publicly insinuated that chief of staff Reince Priebus is a leaker."
"President Donald Trump isn't going to just let go of Sen. Lisa Murkowski's no vote on Tuesday's health care. Early Wednesday, Trump took to Twitter to express displeasure with Murkowski's vote. By that afternoon, each of Alaska's two Republican senators had received a phone call from Interior Secretary Ryan Zinke letting them know the vote had put Alaska's future with the administration in jeopardy."
President Trump has nominated Kansas Gov. Sam Brownback to be ambassador at large for international religious freedom at the Department of State. Governor since 2011, Brownback worked on religious freedom issues while a U.S. senator from 1996 to 2011.
"The Treasury Department imposed financial sanctions on a host of current and former senior Venezuelan officials on Wednesday and threatened to take more stringent action if President Nicolás Maduro proceeds with plans for a constituent assembly on Sunday that critics consider a danger to democracy."
LGBT groups are unsure how literally to take President Trump's tweet on Wednesday that he wants to ban transgender persons from the military, or whether it will be followed up by an official order. But if so, groups like Lambda Legal and the American Civil Liberties Union "are ready to take legal action."