Foundations of US Cybersecurity Apparatus Should Be Preserved, Experts to Testify Wednesday
The federal government should maintain existing foundations of its cybersecurity strategy even as President Donald Trump's administration looks to reinvent parts, experts are to tell the House Homeland Security Committee Wednesday. Both that committee and the Senate Commerce Committee are to hold cybersecurity-related hearings at 10 a.m., though the topics don't overlap. The House Homeland Security hearing focuses on DHS' civilian cyber defense mission and the cyberthreat landscape, and the Senate Commerce hearing deals with cybersecurity issues for IoT, blockchain, artificial intelligence and other emerging technologies (see 1703170051).
Emerging technologies “offer innovative approaches for combating future cyber threats, but also present new risks,” Senate Commerce Chairman John Thune, R-S.D., plans to say in his opening statement. “As threats continually evolve, flexible and innovative approaches will be required to protect businesses, critical infrastructure, and individual citizens.”
Former White House Cybersecurity Coordinator Michael Daniel, Cyber Threat Alliance president, plans to tell House Homeland Security there's no “need to start over” on underpinnings of U.S. cybersecurity strategy, since the federal government and the private sector already worked to establish an effective floor. “Instead, we can continue building on this foundation laid over the last decade to evolve this collaboration into its effective form,” he said in written testimony we obtained. “Collectively, we must realize no government or individual company can effectively address the cyber threat by itself,” Daniel said. “The private sector, state and local governments, national governments -- all of these entities will have to work together across boundaries and borders if we want our cybersecurity strategies to be effective.”
Any effective U.S. cyber strategy must involve “raising the level of cybersecurity across the global digital ecosystem,” Daniel said. U.S. strategy also should involve “preventing, disrupting, deterring, and constraining our adversaries’ operations in cyberspace” and “responding effectively to incidents when they occur,” he said. “Implementing such a strategy requires a lot of work, sustained engagement and a multi-disciplinary, risk-based approach.” An effective cyber strategy must involve “using a risk-based approach to address cyber threat” and “developing, testing and exercising an incident response and recovery plan,” Daniel said.
EastWest Institute Global Vice President Bruce McConnell told us he plans to tell House Homeland Security the federal government should “focus on making sure” DHS and other agencies effectively implement their existing cybersecurity authorities, not “rearrange the deck chairs” now that the foundations of the federal apparatus are well established. DHS has been viewed as the “right place” to place civilian cybersecurity leadership for more than a decade and there's no reason to change that, McConnell said. Recent drafts of Trump's anticipated cybersecurity executive order (see 1701310066 and 1703060048) appear to be more “steady as she goes” in maintaining DHS as the lead civilian cyber agency after earlier drafts raised concerns that Trump would follow through on promises to increase DOD's cyber role, McConnell said.
McConnell told us he also plans to outline how the “cyber arms race” typified by ongoing Russian government-sponsored cyber incidents and the U.S.' reaction are “causing geopolitical instability.” There has been increasing U.S. attention on Russian-sponsored cyberattacks given the ongoing scrutiny over Russia's alleged hacking-related interference in the 2016 U.S. presidential election. There is also interest in DOJ's recent indictment of four Russian government-connected defendants for their roles in the 2014 Yahoo data breach that resulted in the theft of information on 500 million Yahoo accounts (see 1703150068). The cyber threat posed by Russia could factor into the House Homeland Security hearing to at least some extent, McConnell said.