After a string of high-profile Internet attacks directed at the U.S. government and private sector, Congress and the executive branch are trying to get serious about treating cyber warfare as a foreign policy issue—especially when it comes to addressing threats from China and Russia.
But it’s slow going.
The Senate Foreign Relations Committee added cybersecurity to the portfolio of one of its subpanels, which had its first hearing Thursday. Yet only two members showed up: Colorado Republican Cory Gardner and Maryland Democrat Ben Cardin, chairman and ranking member of the Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy, respectively.
Cybersecurity has captured the attention of Congress this session, taking center stage in hearings and legislation that focus on companies’ policies of notifying customers about data breaches, cyber threat information sharing between the government and private sector, and the value of built-in backdoors on consumer devices that would allow the government to access encrypted communications on iPhones and other gadgets.
But the foreign policy angle hasn’t captured Congress’s imagination just yet.
About an hour into the hearing, Cardin left for another committee meeting, leaving the chairman outnumbered by the panel of witnesses.
Mike Rogers, who was chairman of the House intelligence committee until he left Congress this January, says cybersecurity is the missing piece in U.S. defense policy. “This is the largest national security we face that we have no answer to,” Rogers said at an event at the Hudson Institute on Tuesday. “And candidly, we’re not winning.”
“We are keeping pace, maybe, but policy-wise, we’re behind this problem,” he said.
Christopher Painter, the State Department’s point person on cyber issues, said as much at Thursday’s hearing.
“While the Internet has been growing and evolving for a few decades now, the international community has only more recently begun to fully grasp cyber issues as a foreign policy priority,” Painter said in his prepared testimony.
The federal government has treated the Internet as a battlefield for some time. Documents revealed by former intelligence contractor Edward Snowden showed that the U.S. hacked into Chinese mobile phone companies, and the U.S. is believed to be behind the advanced Stuxnet worm, which targeted Iran’s nuclear centrifuges, although it has never acknowledged being involved.
And increasingly, U.S. companies and government have been on the receiving end of Internet attacks. A hack attributed to North Korea that targeted Sony Pictures revealed hundreds of thousands of private emails, cost the movie studio millions, and drew a rebuke—and possibly retaliation—from the White House. A recent investigation found that Russian hackers found their way into email systems that belong to the State Department and White House. And a Chinese cyber weapon called “Great Cannon” targeted a U.S. company that was hosting software used by dissidents in China.
“When it comes to the foreign policy implications of cyber issues, it is important to begin with the recognition that this subcommittee and the State Department are working in a still-nascent policy space,” Painter said.
As government works to fill that space, Cardin called on an expansion of public-private collaboration, and pointed to proposed information-sharing legislation as an example.
“Government cannot do this alone. We have no choice but to work closely with the private sector,” Cardin said Thursday.
Obama last month announced an executive order that would allow the U.S. to respond to cyber attacks with financial sanctions. “Cyberthreats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them,” Obama said then.
Meanwhile, the State Department has been applying its diplomatic expertise to the cyberworld, where it’s been trying to get American allies to work together and with the U.S. to develop a set of “norms” to govern how countries should act on the Internet, Painter said Thursday. The U.S. has engaged in “confidence-building measures” over cyber issues to reduce the possibility of online conflict.
James Lewis, director of the technology program at the Center for Strategic and International Studies and another witness on Thursday’s panel, welcomed the Senate subcommittee to the fray.
“Everyone and their dog is doing cybersecurity, and I guess that’s a good thing,” he said.
What We're Following See More »
"A former C.I.A. officer suspected of helping China identify the agency’s informants in that country has been arrested, the Justice Department said on Tuesday. Many of the informants were killed in a systematic dismantling of the C.I.A.’s spy network in China starting in 2010 that was one of the American government’s worst intelligence failures in recent years, several former intelligence officials have said. The arrest of the former agent, Jerry Chun Shing Lee, 53, capped an intense F.B.I. investigation that began around 2012 after the C.I.A. began losing its informants in China."
"Three-quarters of the members of a federally chartered board advising the National Park Service abruptly quit Monday night out of frustration that Interior Secretary Ryan Zinke had refused to meet with them or convene a single meeting last year. The resignation of nine out of 12 National Park System Advisory Board members leaves the federal government without a functioning body to designate national historic or natural landmarks. It also underscores the extent to which federal advisory bodies have become marginalized under the Trump administration."
"House GOP leaders on Tuesday night pitched a new strategy to avert a looming government shutdown that includes children's health funding and the delay of ObamaCare taxes. Lawmakers need to pass a short-term stopgap bill by midnight Friday, when money for the federal government runs out. The latest GOP plan would keep the government’s lights on through Feb. 16, and be coupled with a six-year extension of funding for the popular Children's Health Insurance Program (CHIP). The continuing resolution or CR would also delay ObamaCare's medical device and Cadillac taxes for two years, and the health insurance tax for one year starting in 2019."
"A key Senate negotiator and White House official on Tuesday expressed little hope for an immigration deal this week but nonetheless predicted that Congress can avoid a government shutdown." Marc Short, the White House Capitol Hill liaison, said he's optimistic about a deal on DACA overall, but not this week. Senate Majority Whip John Cornyn also said he doubts an agreement can be made before week's end.
"Homeland Security Kristjen Nielsen confirmed that President Trump used 'tough language' in an Oval Office meeting last week over immigration policy, but she said she did not hear him describe some African countries and Haiti as 'shithole countries,' as has been reported." When pressed she, also said she "didn't know" whether Norway was a predominately white country.