Senators ask what OPM hack means for global cyber relations

world map

Lawmakers want more clarity from the State Department on how breaches, including the Office of Personnel Management hack, affect the push to establish cybersecurity norms with countries such as Russia and China.

"I want greater clarification on our goals, on our cyber policies, our protocols," Sen. Ben Cardin (D-Md.), ranking member of the Foreign Relations Committee's East Asia, the Pacific and International Cybersecurity Policy Subcommittee, told FCW after a hearing on international cybersecurity strategy.

In testimony before the subcommittee on May 25, Christopher Painter, coordinator for cyber issues at the State Department, said the agency is actively working to implement the cyber strategy the Obama administration introduced in 2011.

"We need to promote and create expectations on what these agreements mean and [what] the consequences will be," he said. That includes further engaging with countries such as Russia and China, which lawmakers brought up repeatedly during the hearing.

"We really don't seem to be pushing them to the dialogue needed to stop their bad behavior, and that's why we probably ought to look at a change in models," Subcommittee Chairman Sen. Cory Gardner (R-Colo.) told FCW after the hearing. He said it is important to reach agreement with like-minded nations and not give in to adversaries that have been identified as the key suspects in major hacks, such as those that targeted Sony and OPM.

Gardner added that the 2011 cyber strategy has not been modified to reflect the actions taken by Russia and China, and therefore "more needs to be done."

Cardin echoed his colleague's remarks by saying that any hack on American government systems should be "protected in Internet Protocol."

"We have to have clear policies that using cyber in certain ways will put on the table all responses by the United States, including invoking the self-defense under the United Nations charter," Cardin said.

Painter told lawmakers that the State Department wants other countries to know what the consequences would be for violating any of the agreements or norms that have been adopted. He cited the example of the U.S./China cybertheft agreement reached in September 2015 as an example of modest progress in this area.

Gardner asked whether Painter's role should be raised to the level of special envoy or ambassador and added that he has co-sponsored an amendment to the National Defense Authorization Act that would elevate U.S. Cyber Command to a unified combatant command.

Gardner told FCW his amendment was important because "this is the ballgame going forward." The House version of NDAA, which the Obama administration has threatened to veto, includes a similar provision.

Painter argued that creating any type of red lines in cyberspace gives adversaries the incentive to "creep up to the clear red lines" without crossing them. By contrast, voluntary, agreed-upon norms encourage good behavior.

"If observed, these stability measures -- which are measures of self-restraint -- can contribute substantially to conflict prevention and stability," Painter said.

About the Author

Aisha Chowdhry is a former staff writer for FCW.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.