The things that worry the military’s top cybersecurity officer go well beyond the typical concerns of the uniformed services.
In testimony last week before the Senate Armed Services Committee, Adm. Mike Rogers said he’s worried about cyberops out of China against the U.S., as well as attacks from Russia, Iran, North Korea and terrorists. He said he worries about cyberattacks against typical targets, like U.S. power plants and infrastructure.
But the recent hacks against U.S. hospital systems also have the attention of the nation’s cybercommander.
“I’d also argue one sector that I worry about a little bit … Healthcare is a good example where the amount of data that we have all provided to the medical world that is available out there on all of us and our families, that worries me,” he said.
He said the ability to quickly crunch data is a big problem, and said that power gives hackers the ability to attack “massive amounts of data that 10 years ago, we would have said to ourselves no one could ever really comb through that to generate insights or find anything.
“You sure don’t have those conversations anymore,” he added.
The Department of Health and Human Services was required under the Cybersecurity Act of 2015 to establish a task force and begin a high-priority process to develop a cyberstrategy for the health sector. The effort has gotten off to a sluggish start despite urgings from lawmakers like Senate health committee chairman Lamar Alexander, R-Tenn.
Senate Armed Services Chairman John McCain, R-Ariz., frequently argues that the Obama administration lacks a comprehensive strategy for dealing with these cyberthreats.
“While I’m encouraged by some of the progress of the Department of Defense and Cyber Command, I remain concerned that the administration’s cyberpolicy as a whole remains detached from reality,” McCain said last week. “And for years, our enemies have been setting the norms of behavior in cyberspace, while the White House sat idly by, hoping the problem would fix itself.”
“In December, the administration provided its response, nearly a year and a half late, to this committee’s requirement for a cyberdeterrence policy,” McCain added. “The response reflected a troubling lack of seriousness and focus, as it simply reiterated many of the same pronouncements from years past that failed to provide any deterrent value or decrease the vulnerability of our nation in cyberspace.”
Adm. Rogers is adroit at maneuvering around mines, including the political kind, and steered past McCain’s not-so-subtle criticism of President Obama.
Asked by McCain whether “the lack of deterrence or repercussions for malicious cyberbehavior emboldens those seeking to exploit the U.S. through cyber,” Rogers replied, “Yes.”
But he declined to sail into a political debate, and simply said the country needs to find an answer that balances privacy with cybersecurity.
“I think we need a broader national dialogue about what are we comfortable with,” he said. “It’s not either/or. Because we’ve got to have security and we’ve got to have safety and privacy. And at the moment, we’re in a dialogue that seems to paint it as it’s one or the other. And I … don’t see it that way.”
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” coming this spring from Rowman and Littlefield.
