Senators want the Obama administration to implement a cyberattack response policy in case of a breach from countries such as Iran or Russia.
The comments on Wednesday were directed at Christopher Painter, the State Department’s coordinator for cyberissues, during a panel of the Senate Foreign Relations Committee.
Related Story: http://www.washingtonexaminer.com/article/2586724
“In cyber, we’re being attacked every second,” said Sen. Ben Cardin, D-Md. “I understand you want to use conventional standards for whether our security has been compromised … but in cyber you just don’t have the luxury of knowing that until maybe it’s too late.”
In short, Cardin said, the U.S. should implement a cybersecurity standard in line with Article 51 of the United Nations Charter, which affirms the right of states to respond to physical attacks. Painter responded that while that was the general policy of the U.S., it did not prevent hacking aimed at stealing information or “probing,” even though probes were aimed at preparing for a physical confrontation.
“If you create clear red lines, you give actors an incentive to creep up to that red line knowing that they don’t risk response,” Painter responded, saying that “strategic ambiguity … was important.”
Pointing to attacks from China, Iran, North Korea and Russia, Sen. Cory Gardner, R-Colo., asked whether past standards “accurately reflect” present threats.
Related Story: http://www.washingtonexaminer.com/article/2573014
In response, Painter said he was unwilling to even attribute responsibility for some of the attacks in an unclassified setting, particularly those coming from China and Russia. “I’d say that on some of the issues, I don’t think we’ve made complete attribution, but on some we’ve had,” Painter said, adding that the U.S. has responded with economic sanctions against Iran and several indictments issued against both Iranian and Chinese indictments. “We’ve used the tools that diplomats use.”
Members of Congress have expressed ongoing frustration over the last year about the administration’s lack of response to cyberattacks from foreign states. Officials have refused to publicly attribute responsibility for last year’s breach of the Office of Personnel Management, widely traced to China, or an attack on Ukraine’s electrical grid, coinciding with that country’s conflict with Russia.
Though Painter disagreed with senators on Wednesday, he also conveyed a warning about the future. “Understand the threat is going to continue, it’s going to evolve, and we have to be ready to deal with that evolution.”
