The rivalry between Sen. John McCain, R-Ariz., and President Obama never really subsided after the 2008 presidential election, and now it is flaring in the cybersecurity policy realm.
McCain, who chairs the Armed Services Committee, believes the Obama administration’s failure to produce a national cybersecurity strategy is fueling the onslaught of hacks against the United States government, industry and citizens.
With no national strategy, policymakers have been unable to craft adequate responses on issues such as terrorists’ use of encryption technologies, McCain said.
“You can’t address encryption until you have a policy that defines a cyberattack and the response to an attack,” McCain said last week in an interview.
He could add a spark to cyberdiscussions on Capitol Hill, as various legislative initiatives get off to a slow start this year.
Senate Intelligence Chairman Richard Burr, R-N.C., and Ranking Member Dianne Feinstein, D-Calif., are working on a bill that would require technology companies to retain the capacity to unlock encrypted communications on their devices.
“There’s no timing yet [on introducing the bill], but it will be sooner rather than later,” Burr said last week. The two Intelligence Committee leaders will be “in total agreement” on the final language, Burr said, noting their partnership on cyberinformation-sharing legislation that was signed into law last year.
“It’s very difficult,” Feinstein said. “The [tech] community rejects any policy, but we agree with FBI Director [James] Comey that the government needs the ability to interdict communications.”
Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wis., whose panel is one of several that could claim jurisdiction over encryption, said he has “serious doubts” about the prospects for a legislative solution.
“It’s very appropriate that we talk to the service providers about the issue, but I’m not sure what we can do,” Johnson said. A solution applied to U.S. tech firms would not apply to “off-shore” companies, Johnson noted.
McCain vowed to work closely with Burr and Feinstein, but he also revealed plenty of frustration over cyberpolicy.
“The Armed Services Committee is going to get more involved than it ever has” on cyber, McCain said. Hearings and other efforts are in the works, he said.
What is the ultimate answer on encryption policy, McCain was asked.
“The answer is, you’ve got to get a policy from this administration,” he said.
The administration recently produced a congressionally mandated report on cyberdeterrence that McCain found to be “wholly lacking.”
The report was submitted to Congress more than a year after the statutory deadline, which merely stoked McCain’s ire.
“It is difficult to understand what part of the report required 15 additional months beyond the deadline contained in the law,” McCain said in a statement last month.
“Make no mistake, we are not winning the fight in cyberspace,” McCain warned in that statement. “Our adversaries view our response to malicious cyberactivity as timid and ineffectual. Put simply, the problem is a lack of deterrence. The administration has not demonstrated to our adversaries that the consequences of continued cyberattacks against us outweigh the benefit. Until this happens, the attacks will continue, and our national security interests will suffer.”
The White House declined to respond to McCain’s most recent comments regarding a national strategy, though a spokesman pointed to numerous administration cyberinitiatives on securing federal networks, cyberinfo-sharing and other issues.
“We have an extensive record of action and accomplishment on cybersecurity,” the spokesman said.
McCain strenuously disagrees and will soon use his committee platform to engage that debate with the administration.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers.
