Congressman pushes Obama on cyber deterrence policy
- By Sean D. Carberry
- Dec 06, 2016
Rep. Adam Schiff wants a more aggressive U.S. policy to deter cyber attacks by foreign state actors. (Photo credit: Michael Bonfigli/The Christian Science Monitor)
The ranking member of the House Permanent Select Committee on Intelligence said that before leaving office President Barack Obama should develop a cyber deterrence policy, and the next administration should continue that work.
Speaking to a group of reporters at a Christian Science Monitor breakfast in Washington, Rep. Adam Schiff (D-Calif.) said the White House failed to lay down the law after the North Korean hack of Sony.
While the U.S. did publicly attribute the hack to North Korea, that wasn't enough, Schiff said.
"The failure to establish any kind of deterrent, the failure to demonstrate not only to North Korea but to others that there would be a price to pay for this kind of cyber attack on an American institution...meant that I think other nations were watching," he said. "Russia may have very well concluded that this was evidence that they could hack American institutions and there'd be little price to pay."
He said the U.S. shouldn't focus on cyber responses to cyber attacks, and in the case of Russia, teaming up with European countries to impose sanctions on Russia could be the most effective way to make Moscow think twice about future hacking.
Schiff did credit Obama for at least make the attribution to North Korea in the Sony case, and ultimately also attributed the hacking of Democratic Party servers this year to Russia. Schiff said the president did not have to go to great lengths revealing sources and methods used to gather the data needed to make the attributions.
"That only works if the president has credibility,"' Schiff added. "That only works if the country is going to believe, and our friends and allies are going to believe and indeed our adversaries are going to believe that the president means what he says."
Schiff made this point to highlight what he said is the greatest threat to national security that has emerged in the last week: a tweet by President-elect Trump.
The congressman argued that Trump's tweet that millions of illegal immigrants voted for Hillary Clinton puts the U.S. at risk. "When you have a president-elect who sends out patently false information...that impugns the credibility of the president and at some point the president is going to need to be believed," 'said Schiff.
Schiff is also wary of President-elect Trump's views on encryption. He pointed to Trump's tweets and campaign statements castigating Apple for refusing to unlock the iPhone of the suspect in the San Bernardino terrorism attack last year, and said he expects Trump to prioritize security and pressure tech companies.
"On that particular issue though, whatever the president-elect's views may be ... I don't think it's going to move the Congress a great deal," he said. "And at this point in the Congress we are very far from a consensus over what ought to be done on the encryption issue."
Schiff said one of the problems is that Congress is conflating data in motion (active communications) with data at rest (what is stored on a device), when the two cases require different policy solutions.
He said it might be easier to work with tech companies to devise a policy to address law enforcement needs to access data at rest, but finding a solution to how to access data in motion is a far more daunting task.
After the roundtable, Schiff told FCW that he hopes to see action on other critical cyber challenges and initiatives. He said he supports the proposed elevation of Cyber Command, and its eventual divorce from the National Security Agency, because the Cyber Command portfolio is too large for the "dual-hat" leadership system to continue.
"The concern I have is we have to think about how we avoid duplication of effort otherwise it could be phenomenally costly," he said. "I think if we get the division of labor right then we can avoid really excessive costs, but it's hard to put too much focus on this issue."
Schiff said that despite the impending departure of Director of National Intelligence James Clapper, his IC Information Technology Enterprise system will likely go forward. "I think it's sufficiently apolitical," he said. "Nothing is non-controversial, but it hasn't been that controversial where I think that reform is likely to persist and should."
Schiff is less optimistic, however, about the prospects for congressional reform to better align itself to oversee cyber.
"The one area of the 9/11 Commission recommendations that got least implemented were the congressional ones," he said. "I know there have been suggestions that the oversight of homeland security be consolidated. I'm skeptical that any of that is going to happen."
Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.