Cybersecurity

McCain continues push for cyber policy

sphere of binary data 

Sen. John McCain (R-Ariz.), chairman of the Senate Armed Services Committee, is running out of patience when it comes to U.S. formulating what he considers an effective cyber strategy.

"This committee has not been shy about expressing its displeasure over the lack of policy and strategy for deterring, defending against and responding to cyberattacks," McCain said at a March 2 hearing on cyber strategy and policy.

"I have yet to find any serious person who believes we have a strategic advantage over our adversaries in cyberspace, and in fact many of our civilian and military leaders have explicitly warned the opposite," said McCain, who added that his committee will continue to pressure the Trump administration to develop a "cyber strategy that represents a clean break from the past."

McCain has been one of the leading voices for the U.S. to develop a muscular cyber deterrence policy and to take more aggressive action against Russia for its hacking and information operations directed at the 2016 presidential election.

But if McCain and other senators were hoping witnesses at the hearing to provide a silver bullet solution to deterrence and U.S. cyber policy, they were left wanting.

"The unfortunate reality is that for at least the next decade, the offensive cyber capabilities of these major powers are likely to far exceed the United States' ability to defend essential critical infrastructure," said Dr. Craig Fields, chairman of the Defense Science Board, and board member Dr. Jim Miller in their prepared testimony.

Retired Gen. Keith Alexander, former head of the National Security Agency and U.S. Cyber Command, said that despite recent efforts to clarify roles and responsibilities in government and the private sector in response to a cyber attack, stovepipes and confusion remain, and the U.S. still lacks both a strategy and a system to test and refine a strategy.

Alexander said the Department of Homeland Security, law enforcement agencies, the intelligence community and the Department of Defense need to be brought together under one framework.

"Before we do that, I would highly recommend that we get those four groups together and practice," he said. "We haven't done that, so what you have is people acting independently and with those seams, we will never defend this country."

A number of senators argued the U.S. needs a more aggressive deterrence policy in the face of Russia and other actors. The panelists, however, said that while there is a need for a more clearly defined and "declaratory" set of responses that will raise the cost on adversaries and deter them from attacking, the U.S. still needs to raises its defenses and resiliency.

"I do think we have to push back overtly so that the rest of the world knows that, but we also need to fix our defense," said Alexander. "It's wide open, and what happened and what's happening, people can get in and take what they want."

Sen. Angus King (I-Maine) argued that if the U.S. can't defend itself, then deterrence is the only option. He asked the panelists if the necessary reforms can be made by the executive branch or whether legislation is necessary.

"I do believe there is a solution out there where government and industry could work together and provide a much better defensible architecture," said Alexander.

Alexander said the U.S. has been talking about cyber policy for years, but has not moved forward with creating rules of engagement and training in the government. He said Congress and the executive branch need to stop having the same conversation every year and move forward with reforms.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.