Lawmakers seemed to be doing their best to demonstrate a keen interest in cybersecurity issues as they headed out for the long summer recess, with a series of hearings touching on cyberterrorism, Department of Homeland Security capabilities and other matters.
The money quote came from national counterterrorism director Nicholas Rasmussen before the House Homeland Security Committee on July 14: Terrorist groups have the desire, but not the capacity, to launch a devastating cyberattack against critical infrastructure in the United States.
“Thus far, I think [it] is generally true, this has been something that terrorist organizations aspire to do, but thus far without as much success as they would have liked,” Rasmussen said.
That comes as welcome news during a jittery summer that’s already seen horrific physical attacks and plenty of public anxiety heading into high-profile events such as this week’s Republican convention in Cleveland, next week’s Democratic gathering in Philadelphia and the Olympic Games in Rio next month.
But still, the cyberpolicy landscape felt decidedly unsettled and lawmakers weighed in on a variety of aspects before adjourning for seven weeks.
Last week, the House Homeland Security panel and the Oversight Committee, and the Senate Armed Services, Commerce and Energy and Natural Resources committees all held cyber-related hearings.
At two House Homeland Security hearings, lawmakers discussed the overall threat environment and also probed DHS capacities and achievements.
“The metrics that first come to mind for me in the DHS mission,” DHS Secretary Jeh Johnson testified, “we’re building the capability right now in our federal civilian dot-gov system to block intrusions into the system. So I measure the number of intrusions blocked. Last time I looked we had blocked well in excessive 500,000 in the federal civilian system.”
Johnson also cited growing collaboration with the private sector on cyberinformation sharing as a positive sign.
At a Homeland Security panel hearing two days earlier, a senior DHS official testified on the effectiveness and popularity of a new “cybersecurity advisor” program in which cyber experts visit directly with companies to assess and help improve their cyberposture. DHS’s Andy Ozment politely sought more money for that program.
Meanwhile, the House Oversight Committee discussed the nature of cyberwar, the Senate Energy and Natural Resources Committee examined threats to the national electric grid, and the Senate Commerce Committee asked whether federal regulators were going too far with privacy and data-security rules for the telecom sector.
In all three hearings, the dominant — though far from unanimous — message was don’t rope in industry or policy makers with inflexible rules or definitions.
Senate Armed Services Chairman John McCain, R-Ariz., held two hearings last week — one closed and one open — to discuss a variety of cyberthreats, and most particularly the challenge posed by strong encryption.
McCain has been adamant, though unsuccessful so far, in demanding a way to access encrypted telecom devices possibly used by terrorists.
One proposed approach, requiring tech companies to maintain the ability to access encrypted communications under court order, remains stalled in the Senate Intelligence Committee.
Another, chartering a blue-ribbon commission to study the issue, so far can’t get a hearing.
McCain doesn’t like the commission idea and he doesn’t like the foot-dragging around his preferred approach — requiring access with a legal order — and now he says he might just push through his own solution this fall.
The congressional calendar isn’t working in McCain’s favor and, as cybersecurity experts frequently point out, the bad guys in cyberspace aren’t waiting around.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
