McCain continues push for cyber policy

sphere of binary data 

Sen. John McCain (R-Ariz.), chairman of the Senate Armed Services Committee, is running out of patience when it comes to U.S. formulating what he considers an effective cyber strategy.

"This committee has not been shy about expressing its displeasure over the lack of policy and strategy for deterring, defending against and responding to cyberattacks," McCain said at a March 2 hearing on cyber strategy and policy.

"I have yet to find any serious person who believes we have a strategic advantage over our adversaries in cyberspace, and in fact many of our civilian and military leaders have explicitly warned the opposite," said McCain, who added that his committee will continue to pressure the Trump administration to develop a "cyber strategy that represents a clean break from the past."

McCain has been one of the leading voices for the U.S. to develop a muscular cyber deterrence policy and to take more aggressive action against Russia for its hacking and information operations directed at the 2016 presidential election.

But if McCain and other senators were hoping witnesses at the hearing to provide a silver bullet solution to deterrence and U.S. cyber policy, they were left wanting.

"The unfortunate reality is that for at least the next decade, the offensive cyber capabilities of these major powers are likely to far exceed the United States' ability to defend essential critical infrastructure," said Dr. Craig Fields, chairman of the Defense Science Board, and board member Dr. Jim Miller in their prepared testimony.

Retired Gen. Keith Alexander, former head of the National Security Agency and U.S. Cyber Command, said that despite recent efforts to clarify roles and responsibilities in government and the private sector in response to a cyber attack, stovepipes and confusion remain, and the U.S. still lacks both a strategy and a system to test and refine a strategy.

Alexander said the Department of Homeland Security, law enforcement agencies, the intelligence community and the Department of Defense need to be brought together under one framework.

"Before we do that, I would highly recommend that we get those four groups together and practice," he said. "We haven't done that, so what you have is people acting independently and with those seams, we will never defend this country."

A number of senators argued the U.S. needs a more aggressive deterrence policy in the face of Russia and other actors. The panelists, however, said that while there is a need for a more clearly defined and "declaratory" set of responses that will raise the cost on adversaries and deter them from attacking, the U.S. still needs to raises its defenses and resiliency.

"I do think we have to push back overtly so that the rest of the world knows that, but we also need to fix our defense," said Alexander. "It's wide open, and what happened and what's happening, people can get in and take what they want."

Sen. Angus King (I-Maine) argued that if the U.S. can't defend itself, then deterrence is the only option. He asked the panelists if the necessary reforms can be made by the executive branch or whether legislation is necessary.

"I do believe there is a solution out there where government and industry could work together and provide a much better defensible architecture," said Alexander.

Alexander said the U.S. has been talking about cyber policy for years, but has not moved forward with creating rules of engagement and training in the government. He said Congress and the executive branch need to stop having the same conversation every year and move forward with reforms.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.