Three weeks after the White House released its long-awaited National Cybersecurity Strategy, Acting National Cyber Director Kemba Walden testified before a House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation.
The strategy calls for software developers to take responsibility for defending cyberspace, a move that “will rebalance the responsibility for managing cyber risk onto those who are most able to bear it,” Walden said on March 23.
Software developers are better equipped to protect cyberspace than end users like businesses, individuals, and local governments, she said.
“The biggest, most capable, and best-positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risk and keeping us all safe.”
Rep. William Timmons (R-S.C.) noted that, even with trying to implement “the best cybersecurity possible,” businesses of all sizes can fall victim to attacks.
“Do you think that the federal government has a role in backstopping those businesses, assuming they’re doing everything possible to avoid an attack?” Timmons asked Walden.
Protecting Businesses
“The private sector pretty much owns and controls most of the infrastructure that underlines cyberspace, so we have to work together,” Walden explained. “One of the core tenets of the cybersecurity strategy is to make sure that those small and medium businesses don’t bear the significant brunt of cybersecurity risks all on their own.”As part of its 10-year plan, the strategy includes exploring a national insurance backstop to supplement the existing cyber insurance market in the case of a catastrophic cyber attack, incentivizing long-term investments into cybersecurity, prioritizing cybersecurity research and development for newer technologies, and spending money on expanding the cyber workforce.
A focus on international partnerships with like-minded nations to fight threats and establish secure global supply chains for communications technology is also part of the framework.
“The governments of China, Russia, Iran, North Korea, and other autocratic states with hostile intent are aggressively using advanced cyber capabilities to pursue objectives that harm U.S. interests and global peace and security,” Walden said. “Their disruptive and destabilizing cyberspace behavior is threatening both U.S. national security and economic prosperity.”
China’s growing cyber capabilities have brought warnings from U.S. officials with growing concerns about targeting the power grid, polluting waterways, and hijacking telecommunications.
Urgency of Threats Is Real
“The urgency of the threats we face in cyberspace is real. The world is entering a new phase of deepening digital dependencies,” Walden said. “Driven by emerging technologies and ever more complex and interdependent systems, dramatic shifts in the coming decade will unlock new possibilities for human flourishing and prosperity, but also multiply the systemic risks posed by unsecure systems.“Today, an attack on one organization, sector, or state can rapidly spill over to other sectors and regions. Malicious cyber activity has evolved from nuisance defacement to espionage and intellectual property theft, damaging attacks against critical infrastructure, ransomware attacks and cyber-enabled influence campaigns designed to undermine public trust in the foundation of our democracy,” Walden added.
In 2015, the U.S. Office of Personal Management (OPM) was hit with a data breach that targeted around 22.1 million records, including documents related to government employees, and individuals who had undergone background checks, and their family members and friends. Records of millions of fingerprints were also hacked.
The OPM breach resulted in a Congressional investigation and the resignation of OPM executives.
Multiple federal agencies were victimized when software supplier SolarWinds was hacked in 2020.
A 2021 attack on the Colonial Pipeline shut down gasoline supplies on the East Coast.
“In my state, we saw Colonial Pipeline hacked, and that’s when we saw gas prices start to go up, and they really have never come back down since then,” said Rep. Nancy Mace (R-S.C.), chair of the Cybersecurity, Information Technology, and Government Innovation subcommittee. “This is an issue that affects everybody, whether in the public or the private sector. Aside from the enormous costs, these breaches erode trust and key institutions.”
The administration has said it intends to work with Congress on measures that would hold software makers liable for security flaws along with other regulations.
House Republicans Push Back
House Republicans have pushed back on some of the strategy’s language.Rep. Mark Green (R-Tenn.) is chairman of the House Homeland Security Committee. Rep. Andrew Garbarino (R-N.Y.) is chairman of its Cybersecurity and Infrastructure Protection Committee.
After Biden’s cybersecurity plan was announced, Green and Garbarino issued a statement encouraging the administration to streamline existing regulations and support partnerships instead of punishing private sector businesses.“The key to building trust with our private sector partners is employing harmonization across government, rather than encouraging disparate and competing efforts,” the statement explained. “We must clarify federal cybersecurity roles and responsibilities, not create additional burdens, to minimize confusion and redundancies across the government.”
Subcommittee Ranking Member Rep. Gerry Connolly (D-Va.) said that “serious numbers” of government employees will retire over the next five years and asked Walden her thoughts about how to persuade millennials to choose public service over the private sector.
“In my experience, you can’t imagine yourself in a particular career unless you see yourself in that career. So it’s important to me, for example, to make sure that I am out there in front, motivating people to consider this,” Walden said.
“The private sector cannot compete with the government on mission. And quite frankly, the government cannot compete with the private sector on pay. We can do better. And that’s one of the opportunities we’re looking at in this new legislative proposal, being flexible on how we pay.“ she said. ”But what we really offer is the mission, and a sense of moral enlightenment.”
Friends Read Free