In a Senate hearing covering defense strategy in protecting the country from cyber-attack yesterday, key missing personnel and unclear roles and responsibilities among government agencies frustrated members of the committee, ending with threats of subpoenas and still no clear strategy.
Committee Chairman Senator John McCain (R-Az.) set the tone for the discussion in his opening remarks, where he highlighted the outdated and convoluted cyber-defense apparatus the U.S. government currently employs, and that the U.S. government’s most senior cyber security official was not even present for the hearing.
McCain referred to a new kind of war being waged against the United States, where the military has a key role in protecting the country, but one where every facet of society is subject to attack. “To be clear we are not succeeding. For years we have lacked policies and strategies to counter our adversaries in the cyber domain, and we still do.”
As it stands, multiple federal agencies all have some role in cyber security, but their responsibilities are not necessarily clearly defined. There is overlap, and gaps. According to McCain, “We are trying to defeat a 21st-century threat with the organizations and processes of the last century,” he said. “And we are failing.”
A PowerPoint slide circulated at the hearing, made in 2013, is probably the closest thing the entire federal government has to a single, unified, coherent cyber-security policy. The reality of which was not lost on members of the committee.
“To hand out a five-year-old chart as to how we are going to fix this situation is just — is totally, totally insufficient,” said Senator Bill Nelson (D-Fl.)
Lawmakers’ demands for a coherent cyber-security policy to organize the entire federal government’s efforts have now spanned across two administrations. Taking action into their own hands, McCain spearheaded the insertion of a mandate for a specific cyber warfare doctrine into this year’s defense authorization bill. But members of the Trump administration, to include Secretary of Defense Jim Mattis, have opposed such measures.
By their own admission, leaders of federal agencies do not fully understand the threat we face. “We’re still trying to get our arms around it,” said Chris Krebs, a senior cybersecurity official at the Department of Homeland Security. “This is a battle that is going to be going on for many years.”
Image courtesy Sen. John McCain via Twitter