U.S. must keep pace with China in cyberspace

Congress needs to act if the United States is to keep pace with China's investments in cyberspace, said Texas Republican Mac Thornberry, chairman of the House Armed Services Committee.

Despite the talent at the National Security Agency and U.S. Cyber Command, Thornberry said he is concerned about "the scale of what the Chinese are doing and these terrific people trying to deal with it on our side -- there's a mismatch there."

During remarks at the National Press Club on Jan. 13, Thornberry said, "So we're going to have to amp up, significantly, our cyber efforts" and added that personnel are the key to doing so.

He floated the idea of using legislation to give the Pentagon more flexible hiring authority for cybersecurity personnel. Although the fiscal 2016 defense bill authorized the Defense Department secretary to establish new cybersecurity positions with commensurate pay, more can and should be done, according to Thornberry.

"The committee will be pushing issues related to people, organizations, rules of engagement in [cyberspace] to try to make sure we close the gap between the threat and the policies we now have," he said.

The Pentagon needs to be able to bring in outside IT experts and rotate them back to the private sector seamlessly, Thornberry added.

Defense officials are trying to do just that. A program that has brought Cisco to the Pentagon to share its expertise on routers will expand to include personnel from about 10 firms, Defense Department CIO Terry Halvorsen said last October.

"You shouldn't try to match pay with Silicon Valley, but what you should try to do is make it as easy as possible to attract and retain top-quality talent," Thornberry told reporters after his speech.

That speech covered a range of defense challenges, with repeated references to cyberspace. Among the threats he cited were reports of Russian hacking of the Ukrainian power grid and Iranian hackers' infiltration of a New York dam's control system.

When asked whether the Pentagon should be more aggressive in using offensive cyber measures against the Islamic State group, Thornberry said "absolutely" but added that encryption tools are making the information environment tougher and tougher. Defense Secretary Ash Carter has reportedly been considering stepping up cyberattacks against Islamic State's digital infrastructure.

Thornberry also reiterated that his committee's acquisition reform efforts will focus on experimentation and prototyping in 2016.

Despite the substantial policy changes made in last year's defense bill, "the tyranny of consensus has come to dominate the Pentagon," Thornberry said, quoting a former defense official. He added that he will repeat what he did last year and introduce stand-alone acquisition legislation -- perhaps by the end of March -- and then fold a revised version of the bill into the fiscal 2017 defense policy bill.