Politics

US Cybersecurity in Need of Rapid Repair, Senators Told

Ex-Pentagon aide warns of large-scale attack by North Korea

Massachusetts Sen. Edward J. Markey is concerned about cybersecurity deficiencies in the private sector, particularly in utility companies. (Bill Clark/CQ Roll Call file photo)

Cybersecurity in the United States is in a severe state of disrepair, leaving the country vulnerable to attack from hacking groups backed by its opponents, two witnesses testified in a Senate subcommittee hearing Tuesday.

The witnesses told the Senate Foreign Relations Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy that they believe a massive cyberattack is imminent unless the U.S. ratchets up its efforts to protect against and deter offensives from countries such as Russia, China, and North Korea.

Eric Rosenbach, who was chief of staff to former Defense Secretary Ashton B. Carter, told lawmakers he believes a large-scale attack by North Korea against the United States “is likely to happen within the next year, if current trends continue.”

Quoting Chinese officials, Samantha Ravich, who advised the George W. Bush White House on national security, described China’s aggressive cyberoffensive strategy as “a form of nonmilitary warfare, which is just as terribly destructive as a bloody war, but in which no blood is actually shed.”

Lawmakers agreed with the witnesses’ warnings.

In his opening remarks, Sen. Cory Gardner, the panel’s chairman, stressed the importance of updating the U.S. government’s cybersecurity system, which is six-and-a-half years old.

“In technology terms, it’s a fossil,” the Colorado Republican said.

Massachusetts Sen. Edward J. Markey, the subcommittee’s ranking Democrat, expressed his concern with security deficiencies in the private sector, particularly in utility companies that power the American electrical grid.

He referenced Russia’s 2015 cyberattack on the Ukrainian power grid that left 235,000 people without electricity for hours as an example of what could happen if American utility companies don’t invest in stronger firewall protections.

“It’s definitely on their radar,” Rosenbach said of domestic utility companies’ security. “But they don’t take it seriously enough. … When it comes down to it, some of this stuff can be expensive, and it can be complicated, and normally, you’re not forced to do things unless you have to or there’s a return to your bottom line.”

That’s where the government could step in to enforce stricter protections for the private industries so vital to the American economic engine, such as electricity and communications.

“The starting point,” Rosenbach urged lawmakers, “is to make the NSC framework mandatory for critical infrastructure, in the energy sector particularly. … I think you need to legislate on it.”

Another crucial component would be concocting a cohesive White House strategy to deter potential attacks by Russia, China, and North Korea, an area in which the U.S. has failed, Rosenbach and Ravich said.

Lawmakers and former White House officials couldn’t be raising these issues at a more critical time in the U.S., as the FBI continues to investigate Russian attempts to meddle in the 2016 U.S elections and ties between the Kremlin and President Donald Trump’s campaign team.

The FBI probe, which prompted Trump to fire the agency’s director, James B. Comey, has captivated the nation. A Friday Nielsen report showed that roughly 19.5 million people watched from home as Comey testified before the Senate on Thursday about alleged attempts by Trump to obstruct parts of the investigation. Thousands — possibly millions —more Americans watched from work or at bars.

[Comey Hearing Is ‘D.C. Super Bowl’ Party]

Virginia Democratic Sen. Tim Kaine cited a Bloomberg report at Tuesday’s hearing that said Russian hackers infiltrated voting systems in 39 states prior to the 2016 elections. Kaine was last year’s Democratic vice presidential nominee. 

In Illinois, investigators found that Russian operatives had tried to manipulate and delete voter data, according to the Bloomberg report, a serious attack against one of America’s most cherished and fundamental pillars: its democratic process.

What has the U.S. done to deter Russia and other rivals from perpetrating these kinds of actions in the future, Kaine asked.

Not much, Ravich said.

“Even after the fact, we still have not responded to Russia,” she said. “The rest of the world sees that.”

Rosenbach agreed that the U.S. has not responded adequately.

“We, as a country, need to [rise] above the political furor about it,” he said, referring to the partisanship surrounding the FBI investigation that has distracted Washington lawmakers and the administration from responding in kind.

This lag in response time could have serious consequences for the U.S. moving forward.

The “fragility” of the U.S. response, Rosenbach said, combined with the perception among the country’s adversaries that Russia’s actions “achieved unprecedented success,” increases the chances that Russia and others will unleash similar attacks on the U.S. and its allies in the near future.

U.S. lawmakers must take legislative and executive action to reupholster private and government security, members and witnesses agreed.

“The worst case,” Rosenbach said, “would be someone thinking that the United States was an emperor that had no clothes when it comes to cybersecurity.” 

Get breaking news alerts and more from Roll Call on your iPhone or your Android.