During a hearing of the Senate Armed Services Committee, U.S. Sen. Angus King (I-Maine) prodded federal officials on the nation’s cyberdefenses and the need for a national doctrine for deterrence of cyber attacks.
Witnesses included Christopher Krebs, the senior official undertaking duties of the Department of Homeland Security’s Under Secretary for the National Protection and Programs Directorate; Scott Smith, assistant director of the FBI’s cyber division; and Kenneth Rapuano, assistant secretary of defense for Homeland Defense and Global Security. King pressed Rapuano regarding the status of a report on deterrence of adversaries in cyberspace, which had been due in June. Rapuano said the report was “forthcoming.”
“If all we do is try to patch networks and defend ourselves, we will ultimately lose,” King said. “Right now, we are not imposing much in the way of consequences.”
While the hearing was meant to address efforts to respond to threats to U.S. infrastructure by national threats such as Russia and North Korea, that was complicated by the fact that the White House’s own Rob Joyce, Cybersecurity Coordinator for the National Security Council, was not in attendance. According to U.S. Sen. John McCain (R-AZ), this was due to executive privilege cited by the White House.
Senators, including King, appeared largely unimpressed by efforts that were thus far undertaken on the cyber front.
“We need a doctrine where our adversaries know if they do ‘X’, ‘Y’ will happen to them,” King said. “Just being on the defensive isn’t going to work in the end. If you’re in a boxing match, and you can bob and weave and you’re the best bobber and weaver in the history of the world, if you’re not allowed to ever punch, then you’re going to lose that boxing match…In reality, a secret deterrent is not a deterrent. The other side has to know what’s liable to happen to them.”