The threat of a cyber attack from major foreign adversaries such as China and Russia -- and the impact of evolving cybersecurity risks on the U.S. military and intelligence community -- were highlighted at high-profile hearings on Capitol Hill this week as the month-long standoff on government funding recedes and lawmakers return to legislating.
“At present, China and Russia pose the greatest espionage and cyber attack threats, but we anticipate that all our adversaries and strategic competitors will increasingly build and integrate cyber espionage, attack, and influence capabilities into their efforts to influence U.S. policies and advance their own national security interests,” Director of National Intelligence Dan Coats said at a Senate hearing on Tuesday.
The annual “Worldwide Threats” hearing by the Senate Intelligence Committee was perhaps the most visible of a series of congressional events this week on national security, punctuating what appears to be an emerging agenda for the 116th Congress after Democratic leaders and the White House called a three-week truce over border security funding.
About this feature:
This story is the latest of a new feature, “Cyber Congress,” which provides easy access to our complete coverage of the 116th Congress with a weekly analysis and email alert every Thursday on what matters most and why.
At three separate hearings in the Senate, cybersecurity as well as threats from Russia and China were discussed in terms of both domestic and international impacts.
The Senate Intelligence Committee hearing featured testimony from the nation's spy agency heads -- including FBI Director Christopher Wray, CIA Director Gina Haspel and Defense Intelligence Agency Director Robert Ashley -- who warned of Russian and Chinese efforts to undermine global democratic institutions through cyber and other means.
On the same day, the Senate Armed Services Committee held two hearings where former and current Defense Department officials laid out steps to counter foreign cyber adversaries, including strengthening international and private-sector partnerships, securing the nation's supply chain, and standardizing cybersecurity operations across the military.
“Those who would seek to harm this nation and diminish its standing in the world are creative, adaptive, and resolute,” Senate Intelligence Chairman Richard Burr (R-NC) said of the new and emerging challenges of the digital age.
In response, DNI Coats said the intelligence community was in the process of overhauling its operations to meet these new threats.
“We need to partner with our private sector, we need to resource our activities relative to dealing with these known technologies, and unknown technologies which we know are going to appear anytime soon because it’s just a very quickly evolving flood of technological change that poses a major threat to the United States, and something that Intelligence Community needs to be restructured to address,” Coats said.
Coats noted that the IC is currently pursuing “six major pillars” of modernization. Those actions include quickly “putting resources...against” adversaries; creating a comprehensive cyber posture; pursuing artificial intelligence development, data management and acquisition agility; hiring a “trusted agile workforce,” and forging private sector partnerships.
DOD response
At a Senate Armed Services Committee hearing, former and current Defense Department officials discussed the impact of cyber threats on U.S. foreign relations and alliances as well as military operations and purchasing decisions.
Former DOD Deputy Assistant Secretary for Strategy Elbridge Colby told senators the national security threats from Russia and China outweigh all other foreign adversaries, while acknowledging that the national defense strategy which he helped draft last year might fall short on emphasizing cybersecurity threats.
“China in particular and to a lesser extent Russia present by far the most severe threats to our alliance architecture,” said Colby in his prepared testimony. “The Strategy is clear: the era of untrammeled U.S. military superiority is over, yet we face not only high-end threats from China and Russia but also serious threats from North Korea, Iran, and terrorists with extra-regional reach. We simply cannot do this all by ourselves. This means that rebalancing our alliances and empowering new partners is not only a matter of equity -- as important as these are -- but of strategic necessity.”
The Senate Armed Services cybersecurity subcommittee heard from DOD officials who said the Pentagon was gearing up to implement its cybersecurity strategy, by standardizing operations across the military services to protect data, networks and the U.S. warfighting posture.
"It's a bad year for those who like endless pilots, pathfinders and experiments that lead to nowhere," said Brig. Gen. Dennis Crall, DOD’s principal deputy cyber adviser. "This is about getting to results, experimenting quickly, informing the learning that we get from those and putting them back into implementation."
Also at the Jan. 29 hearing, DOD Chief Information Officer Dana Deasy explained how he planned to use his expanded authority to address cybersecurity risks to the supply chain, among other concerns, as the Pentagon prepares to move more data operations to the cloud and develop artificial intelligence capabilities.
“We believe a cyber capable adversary will focus their efforts on disrupting DOD’s front line mission systems, during a conflict or in preparation for conflict, by exploiting vulnerabilities we did not realize we had,” Deasy told the subcommittee. “Increasing automation across the joint networks will support our Joint Forces’ globally-integrated multi-domain operations.”
A call for partnership with Congress
Addressing the growing cyber threat from foreign adversaries will require close collaboration between the Trump administration and Congress, an assertion by congressional witnesses this week that defies the current political acrimony on Capitol Hill but underscores the long-standing bipartisan support enjoyed by cybersecurity policies.
“I want to emphasize the importance of our partnerships with Congress in all areas, but with a particular focus on cybersecurity,” Deasy told senators. “The increased cyber authorities granted to the DOD CIO with each National Defense Authorization Act are one key example of this partnership,” Deasy noted.
“Continued support for a flexible approach to cyber resourcing, budgeting, acquisition, and personnel will help enable success against an ever-changing dynamic cyber threat. I look forward to continuing to work with Congress in this critical area,” he said in concluding remarks of his testimony.
Shutdown impacts
Amid the backdrop of congressional threat assessments this week, senators were also assessing the impact of the prolonged government shutdown on federal cyber-defensive measures.
Sens. Mark Warner (D-VA) and Amy Klobuchar (D-MN) sent separate letters to the Department of Homeland Security raising concerns about the shutdown's impact on the fledgling Cybersecurity and Infrastructure Security Agency and the government's ability to respond to recent threats to sensitive data and systems.
“I am very concerned about CISA’s ability to carry out that mission over the past month, in light of a statement by the agency’s spokesman that, due to the shutdown, it had ‘ceased a variety of critical cybersecurity and infrastructure protection capabilities,’” wrote Warner, the ranking member of the Senate Intelligence Committee, in his letter to Homeland Security Secretary Kirstjen Nielsen.
Separately, Klobuchar, along with Sens. Ed Markey (D-MA), Tom Udall (D-NM), Catherine Cortez Masto (D-NV), and Cory Booker (D-NJ), wrote to Nielsen expressing concerns about under-staffing and the impacts on federal cybersecurity operations. The letter, also sent to National Security Agency Director Paul Nakasone, referenced reports that CISA operated with 45 percent of employees during the partial shutdown.
Klobuchar, a potential Democratic presidential hopeful, is the ranking member of the Senate Rules Committee and has been a vocal advocate for election data-security requirements.
The DHS response to the senators' inquiries, as well as the threat assessments highlighted this week on Capitol Hill, will likely help shape the cybersecurity agenda for the 116th Congress. -- Rick Weber (rweber@iwpnews.com)