WASHINGTON: The newly created national cyber director should immediately create a “declarative policy” clearly telling adversaries what they risk should they launch cyberattacks against the US, Sen. Angus King, who co-chaired the commission which recommended creation of the post, said today.
“We have to reimagine conflict,” King said. “I can’t tell you how serious I think this problem is. If there are not consequences for people doing this, then they’ll keep doing it. It’s almost impossible to overstate this risk.”
“Someone told me I was like Chicken Little,” King added, “but I prefer Paul Revere.”
While saying he didn’t want to interfere with the new role, Sen. King said he’d like to see the national cyber director take up a few pressing priorities immediately, which include:
- Convene a public-private cyber summit to improve partnerships, because the private sector is “where the attacks are coming. This isn’t just a government problem.” But, King added, such partnership “doesn’t come naturally to either side.”
- Establish ways to communicate cyber issues effectively within government and to the public, to include improving public-private sector cyber info sharing.
- Address “gaps” in US cyber defenses, which is a point CYBERCOM and NSA chief Gen. Paul Nakasone has highlighted.
To this last point, King said, “One priority is to sort out what I would call the gap brought to light by the SolarWinds attack,” in which a foreign actor worked through US-based servers. This is a scenario to which CYBERCOM, NSA, and the CIA are blind and unable to respond because current law forbids them from monitoring US networks or carrying out cyber operations domestically. The FBI can act in cases where it has the requisite legal authority, and CISA can assist if companies reach out to collaborate.
“We don’t want these agencies spying on Americans,” King said. “On the other hand, we don’t want these countries exploiting these gaps in our ability to respond.”
As BD readers know, President Biden nominated Chris Inglis to be the first national cyber director and Jen Easterly to take the reins at CISA, DHS’s lead on domestic cyber issues.
King’s comments come on the eve of the Senate Homeland Security and Government Affairs Committee nomination hearings for Inglis and Easterly.
King worked with Inglis on the commission and said “what most impressed me was [Chris’s] demeanor as a quiet but influential leader. There’s not a single person in this area that would be better at this job than Chris.”
King, who co-chaired the Cyberspace Solarium Commission, told reporters today that Inglis is “exactly the right person for the difficult job of wrangling all the various parts of government and the private sector” to address pressing cyber matters. King also lauded Easterly’s deep cyber expertise and background, which includes time at the NSA.
But there are questions surrounding the way forward on national cyber defense. For one, the Biden administration’s proposed 2022 budget requests $15 million to fund the cyber director’s office, but that money has not yet been appropriated by Congress.
King said he hopes Congress will approve supplemental funding soon and not wait for the 2022 budget, which might not pass until late summer or fall. “We’re trying to get [short-term funding] sorted out right now,” King said.
Another issue is how the cyber director will fit into the existing, intricate web of federal agencies and entities, all working on different facets of domestic cyber issues. For instance, CISA, the FBI, the Secret Service, and several entities under DHS all have cyber functions. The national cyber director will need to coordinate all these entities, as well as the White House and private sector, on domestic cyber strategy, policy, and operations. The cyber director will also directly advise the President, who in turn could order CYBERCOM or the NSA to conduct cyber operations outside the purview of federal agencies — such as overseas offensive campaigns.
“I don’t see the national cyber director and CISA as rivals or competitors,” King said. “I don’t see [them] as competing power centers.”
King also noted that Inglis, Easterly, and Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger all know one another and have worked together for years.
The senator said he couldn’t predict when the nominees would get a floor vote. But he has not detected any “partisan opposition” to the nominees. “I don’t expect controversy,” Sen. King said. “Confirmation should be timely, ideally in the month of June.”
Enterprise-wide training: the Army’s $3.5B program for multi-service combat readiness
The competition for Warfighter Training and Readiness Solutions will bring together training networks, combat training centers and live ranges across the DoD enterprise.
UK pledges ‘generational’ leap in defense spending, industry to go on ‘war footing’
Under the new plan, London wants to spend a cumulative extra of £75 billion ($93 billion) over the next six years, culminating in a 2030 annual defense budget of £87 billion ($108 billion), which would make it second in NATO only to the US in defense expenditure.
