The Government is Trying to Get Serious About Cyber as a Foreign Policy Issue

What if they held a hearing and only two senators came?

Sen. Ben Cardin participates in a Senate Foreign Relations Committee hearing.
National Journal
May 14, 2015, 4 p.m.

After a string of high-pro­file In­ter­net at­tacks dir­ec­ted at the U.S. gov­ern­ment and private sec­tor, Con­gress and the ex­ec­ut­ive branch are try­ing to get ser­i­ous about treat­ing cy­ber war­fare as a for­eign policy is­sue—es­pe­cially when it comes to ad­dress­ing threats from China and Rus­sia.

But it’s slow go­ing.

The Sen­ate For­eign Re­la­tions Com­mit­tee ad­ded cy­ber­se­cur­ity to the port­fo­lio of one of its sub­pan­els, which had its first hear­ing Thursday. Yet only two mem­bers showed up: Col­or­ado Re­pub­lic­an Cory Gard­ner and Mary­land Demo­crat Ben Cardin, chair­man and rank­ing mem­ber of the Sub­com­mit­tee on East Asia, the Pa­cific, and In­ter­na­tion­al Cy­ber­se­cur­ity Policy, re­spect­ively.

Cy­ber­se­cur­ity has cap­tured the at­ten­tion of Con­gress this ses­sion, tak­ing cen­ter stage in hear­ings and le­gis­la­tion that fo­cus on com­pan­ies’ policies of no­ti­fy­ing cus­tom­ers about data breaches, cy­ber threat in­form­a­tion shar­ing between the gov­ern­ment and private sec­tor, and the value of built-in back­doors on con­sumer devices that would al­low the gov­ern­ment to ac­cess en­cryp­ted com­mu­nic­a­tions on iPhones and oth­er gad­gets.

But the for­eign policy angle hasn’t cap­tured Con­gress’s ima­gin­a­tion just yet.

About an hour in­to the hear­ing, Cardin left for an­oth­er com­mit­tee meet­ing, leav­ing the chair­man out­numbered by the pan­el of wit­nesses.

Mike Ro­gers, who was chair­man of the House in­tel­li­gence com­mit­tee un­til he left Con­gress this Janu­ary, says cy­ber­se­cur­ity is the miss­ing piece in U.S. de­fense policy. “This is the largest na­tion­al se­cur­ity we face that we have no an­swer to,” Ro­gers said at an event at the Hud­son In­sti­tute on Tues­day. “And can­didly, we’re not win­ning.”

“We are keep­ing pace, maybe, but policy-wise, we’re be­hind this prob­lem,” he said.

Chris­toph­er Paint­er, the State De­part­ment’s point per­son on cy­ber is­sues, said as much at Thursday’s hear­ing.

“While the In­ter­net has been grow­ing and evolving for a few dec­ades now, the in­ter­na­tion­al com­munity has only more re­cently be­gun to fully grasp cy­ber is­sues as a for­eign policy pri­or­ity,” Paint­er said in his pre­pared testi­mony.

The fed­er­al gov­ern­ment has treated the In­ter­net as a bat­tle­field for some time. Doc­u­ments re­vealed by former in­tel­li­gence con­tract­or Ed­ward Snowden showed that the U.S. hacked in­to Chinese mo­bile phone com­pan­ies, and the U.S. is be­lieved to be be­hind the ad­vanced Stuxnet worm, which tar­geted Ir­an’s nuc­le­ar cent­ri­fuges, al­though it has nev­er ac­know­ledged be­ing in­volved.

And in­creas­ingly, U.S. com­pan­ies and gov­ern­ment have been on the re­ceiv­ing end of In­ter­net at­tacks. A hack at­trib­uted to North Korea that tar­geted Sony Pic­tures re­vealed hun­dreds of thou­sands of private emails, cost the movie stu­dio mil­lions, and drew a re­buke—and pos­sibly re­tali­ation—from the White House. A re­cent in­vest­ig­a­tion found that Rus­si­an hack­ers found their way in­to email sys­tems that be­long to the State De­part­ment and White House. And a Chinese cy­ber weapon called “Great Can­non” tar­geted a U.S. com­pany that was host­ing soft­ware used by dis­sid­ents in China.

“When it comes to the for­eign policy im­plic­a­tions of cy­ber is­sues, it is im­port­ant to be­gin with the re­cog­ni­tion that this sub­com­mit­tee and the State De­part­ment are work­ing in a still-nas­cent policy space,” Paint­er said.

As gov­ern­ment works to fill that space, Cardin called on an ex­pan­sion of pub­lic-private col­lab­or­a­tion, and poin­ted to pro­posed in­form­a­tion-shar­ing le­gis­la­tion as an ex­ample.

“Gov­ern­ment can­not do this alone. We have no choice but to work closely with the private sec­tor,” Cardin said Thursday.

Obama last month an­nounced an ex­ec­ut­ive or­der that would al­low the U.S. to re­spond to cy­ber at­tacks with fin­an­cial sanc­tions. “Cy­ber­threats pose one of the most ser­i­ous eco­nom­ic and na­tion­al se­cur­ity chal­lenges to the United States, and my ad­min­is­tra­tion is pur­su­ing a com­pre­hens­ive strategy to con­front them,” Obama said then.

Mean­while, the State De­part­ment has been ap­ply­ing its dip­lo­mat­ic ex­pert­ise to the cy­ber­world, where it’s been try­ing to get Amer­ic­an al­lies to work to­geth­er and with the U.S. to de­vel­op a set of “norms” to gov­ern how coun­tries should act on the In­ter­net, Paint­er said Thursday. The U.S. has en­gaged in “con­fid­ence-build­ing meas­ures” over cy­ber is­sues to re­duce the pos­sib­il­ity of on­line con­flict.

James Lewis, dir­ect­or of the tech­no­logy pro­gram at the Cen­ter for Stra­tegic and In­ter­na­tion­al Stud­ies and an­oth­er wit­ness on Thursday’s pan­el, wel­comed the Sen­ate sub­com­mit­tee to the fray.

“Every­one and their dog is do­ing cy­ber­se­cur­ity, and I guess that’s a good thing,” he said.

What We're Following See More »
Gillibrand Announces Exploratory Committee
11 hours ago
Sherrod Brown Also in 2020 Mode
11 hours ago
Report: Trump Told Cohen to Lie to Congress
11 hours ago

"President Donald Trump directed his longtime attorney Michael Cohen to lie to Congress about negotiations to build a Trump Tower in Moscow, according to two federal law enforcement officials involved in an investigation of the matter. Trump also supported a plan, set up by Cohen, to visit Russia during the presidential campaign, in order to personally meet President Vladimir Putin and jump-start the tower negotiations. 'Make it happen,' the sources said Trump told Cohen."

Kamala Harris Announces for President
11 hours ago
Pelosi Rejects Trump's Immigration Offer
2 days ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.