By Suzanne Kelly
Senior administration officials are headed to Capitol Hill on Wednesday afternoon to brief the entire Senate on addressing cyber security threats, a day after key senators expressed frustration with what they described as a lack of a cohesive approach to such threats.
Secretary of Homeland Security Janet Napolitano and the White House Counterterrorism Advisor John Brennan are among those who will appear.
The nation's top intelligence officials were pressed by senators at a Senate intelligence hearing Tuesday about the myriad of agencies responsible for defending the United States from cyberattacks and the lack of legislation to define how government and private industry should work together.
The public may not yet be fully aware of how cyberthreats will affect them personally, but a recent report sponsored by cybersecurity giant McAfee suggests that more cybersecurity experts and companies that rely on the Internet to do business are already thinking about battle mode.The study, conducted by the security think-tank Security and Defense Agenda, noted that 57% of global experts they polled believe that an arms race is already under way in cyberspace.
What to do about it is a tough question, when, as National Director of Intelligence James Clapper said, essentially, the more successful the nation is in developing Internet growth, the greater security risk it's facing. "Owing to market incentives, innovation in functionality is outpacing innovation in security, and neither the public nor private sector has been successful at fully implementing existing best practices," he said.
That's a point echoed by former Director of Homeland Security Michael Chertoff, who now leads the Chertoff Group, which offers advice to clients on mitigating the cyberthreat.
"I think a lot of the hackers are using techniques that aren't that sophisticated," Chertoff said. " They're taking the fact that you have entities that are simply not using all of the available technology and all of the best practices to protect themselves, and as long as you leave the door open, the burglars are going to come in, they're not going to have to pick the lock."
Chertoff sees the utility of a more robust government function when it comes to setting regulations for companies that find themselves closer to the bulls-eye for a hacker looking to do widespread damage.
"I know this is a little more controversial," Chertoff said. "I think you may need a regulatory framework for critical infrastructure that really pushes to make sure they (companies likes banks and utility services) have certain standards in effect. It doesn't mean the government has to micro-manage, saying you have to have this kind of tool on your network, and this kind of password. It does mean having the government work with the private sector to come up with an agreed set of requirements or standards."
The former head of the National Security Agency, retired Gen. Michael Hayden, who now works for Chertoff and regularly testifies and speaks on the issue of cyber threats, agrees.
"We, the universal America, have not yet decided what we want the government to do, or what we will permit the government to do in this domain," said Hayden, who points out that his old agency could take a much more aggressive approach in going after hackers and other countries who use the Internet for espionage purposes, if they only had the correct legal guidance.
"There are specific policy and legal guidelines that the NSA would need before it could engage all the power it has," says Hayden, who insists that the super secret surveillance agency has all of the tools it needs to go to war in cyberspace. "We've got a lot of good players on the sidelines."
At the hearing on Tuesday, senators questioned why there is not a greater sense of urgency in dealing with the threats.
"My question is, is Napolitano in charge," asked Sen. Barbara Mikulski, D-Maryland. "We know the president's in charge. OK, we know the president's in charge. But what is the president in charge of? And I need to know who would respond and so on, because I feel that it is the governance issue that are the number one issues and continue to diddle, dither and punt."
Caryn Wagner, under secretary for intelligence and analysis at the Department of Homeland Security, replied by saying, "There's never a simple answer to that question, especially in this town, because we all have pieces of the pie." Wagner then said that DHS is responsible for protecting the government domains and the private domains that are associated with critical infrastructure and resources.
Robert Mueller, the director of the Federal Bureau of Investigation, said the FBI is responsible for finding out who is responsible for attacks, along with the intelligence community. He also noted that assigning responsibility to one agency does not work.
"You can't allocate it to a particular agency, which is why we developed the national cyber-investigative task force, with the FBI, CIA, DIA, NSA, Secret Service, all of those who have a role to address this kind of threat," Mueller said.
Another senator was exasperated by the seeming lack of urgency to legislate an approach.
"This is our number one national security threat, and you're in the threat business, to say that 'I don't - this is not necessarily what we do,' frankly, I'm just using this forum to scream out, who is going to start paying attention to this," asked Sen. John Rockefeller, D-West Virginia.
The FBI director noted it is a tough environment when it comes to a singular legislative approach.
"There are 47 states that have different requirements for reporting data breaches. There has to be a national data breach requirement for reporting, and we should be recipients of that reporting," Mueller responded.