After a string of high-profile Internet attacks directed at the U.S. government and private sector, Congress and the executive branch are trying to get serious about treating cyber warfare as a foreign policy issue—especially when it comes to addressing threats from China and Russia.
But it’s slow going.
The Senate Foreign Relations Committee added cybersecurity to the portfolio of one of its subpanels, which had its first hearing Thursday. Yet only two members showed up: Colorado Republican Cory Gardner and Maryland Democrat Ben Cardin, chairman and ranking member of the Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy, respectively.
Cybersecurity has captured the attention of Congress this session, taking center stage in hearings and legislation that focus on companies’ policies of notifying customers about data breaches, cyber threat information sharing between the government and private sector, and the value of built-in backdoors on consumer devices that would allow the government to access encrypted communications on iPhones and other gadgets.
But the foreign policy angle hasn’t captured Congress’s imagination just yet.
About an hour into the hearing, Cardin left for another committee meeting, leaving the chairman outnumbered by the panel of witnesses.
Mike Rogers, who was chairman of the House intelligence committee until he left Congress this January, says cybersecurity is the missing piece in U.S. defense policy. “This is the largest national security we face that we have no answer to,” Rogers said at an event at the Hudson Institute on Tuesday. “And candidly, we’re not winning.”
“We are keeping pace, maybe, but policy-wise, we’re behind this problem,” he said.
Christopher Painter, the State Department’s point person on cyber issues, said as much at Thursday’s hearing.
“While the Internet has been growing and evolving for a few decades now, the international community has only more recently begun to fully grasp cyber issues as a foreign policy priority,” Painter said in his prepared testimony.
The federal government has treated the Internet as a battlefield for some time. Documents revealed by former intelligence contractor Edward Snowden showed that the U.S. hacked into Chinese mobile phone companies, and the U.S. is believed to be behind the advanced Stuxnet worm, which targeted Iran’s nuclear centrifuges, although it has never acknowledged being involved.
And increasingly, U.S. companies and government have been on the receiving end of Internet attacks. A hack attributed to North Korea that targeted Sony Pictures revealed hundreds of thousands of private emails, cost the movie studio millions, and drew a rebuke—and possibly retaliation—from the White House. A recent investigation found that Russian hackers found their way into email systems that belong to the State Department and White House. And a Chinese cyber weapon called “Great Cannon” targeted a U.S. company that was hosting software used by dissidents in China.
“When it comes to the foreign policy implications of cyber issues, it is important to begin with the recognition that this subcommittee and the State Department are working in a still-nascent policy space,” Painter said.
As government works to fill that space, Cardin called on an expansion of public-private collaboration, and pointed to proposed information-sharing legislation as an example.
“Government cannot do this alone. We have no choice but to work closely with the private sector,” Cardin said Thursday.
Obama last month announced an executive order that would allow the U.S. to respond to cyber attacks with financial sanctions. “Cyberthreats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them,” Obama said then.
Meanwhile, the State Department has been applying its diplomatic expertise to the cyberworld, where it’s been trying to get American allies to work together and with the U.S. to develop a set of “norms” to govern how countries should act on the Internet, Painter said Thursday. The U.S. has engaged in “confidence-building measures” over cyber issues to reduce the possibility of online conflict.
James Lewis, director of the technology program at the Center for Strategic and International Studies and another witness on Thursday’s panel, welcomed the Senate subcommittee to the fray.
“Everyone and their dog is doing cybersecurity, and I guess that’s a good thing,” he said.
What We're Following See More »
With President Trump back from a trip in which he seemed to undermine European alliances while cozying up to Vladimir Putin, the White House has announced that European Commission President Jean-Claude Juncker will visit on July 25. According to a statement, the two "will focus on improving transatlantic trade and forging a stronger economic partnership."
"The House Veterans Affairs Committee has launched an investigation into care at the VA’s 133 nursing homes after learning the agency had given almost half of them the lowest possible score in secret, internal rankings. The probe follows an investigation by The Boston Globe and USA TODAY that showed 60 VA nursing homes ... rated only one out of five stars for quality last year in the agency’s own ranking system." Internal documents revealed that "patients in more than two-thirds of VA nursing homes were more likely to suffer pain and serious bedsores than their private sector counterparts, and that "VA nursing homes scored worse than private nursing homes on a majority of key quality indicators, including rates of anti-psychotic drug prescription and decline in daily living skills."
Colorado Representative Mike Coffman has introduced a bill "that would codify free internet regulations into law" by instituting the "basic outlines of the Federal Communication Commission’s 2015 Open Internet order." Coffman's bill amends the 1934 Telecommunications Act by "banning providers from controlling traffic quality and speed and forbidding them from participating in paid prioritization programs or charging access fees from edge providers." The GOP congressman has also "signed on to a Democrat-led effort to reinstate the net neutrality rules that the FCC voted to repeal late last year."