Biden nominees highlight tough cyber security challenges
Senators warn government cyber security operations are in disarray
President Joe Biden's nominations for top defense, intelligence, and homeland security positions committed to reviewing and refining cyber security operations under the new government in hearings yesterday. They testified as senators slammed the government's performance in dealing with the recent SolarWinds attack that affected numerous agencies.
Senators held confirmation hearings for Alejandro Mayorkas, nominee for Secretary of Homeland Security; Avril Haines, who Biden has chosen as his Director of National Intelligence; and Lloyd Austin, who testified for his appointment as Secretary of Defense. Between them, they addressed various issues, including the SolarWinds hack, the need to bolster internal cyber security operations, and the structure of US military cyber space operations.
Mayorkas, who was Deputy Secretary of Homeland Security in the Obama administration before returning to private legal practice during the Trump years, said the US had to do "a much better job" on cyber security.
The Department of Homeland Defense's Cybersecurity and Infrastructure Security Agency (CISA) would need to shoulder a lot of that work, Mayorkas added. He would explore two programs to see if they could stop future cyber attacks: the Einstein network security program, and the Continuous Diagnostic and Mitigation program.
Haines, former Deputy Director of the CIA under Obama, also called for strong action to shore up cybersecurity defenses in the US.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
"Here at home, we must strengthen our cybersecurity, safeguard our critical infrastructure, and turn the ongoing technological revolution from a threat to an advantage by integrating new technologies to improve the capacity and superiority of our intelligence into the future," Haines said during prepared remarks.
Haines said she was committed to recruiting more people into the intelligence community, following work completed on a Trusted Workforce 2.0 initiative to reform security clearances.
Austin, who has served as head of US Central Command, said he would continue to support an offensive cyber security policy that the US government has already implemented. The Department of Defense formalized this policy, known as “defend forward,” in October 2018 as a way to disrupt enemy engagement in cyber space before they happen.
"Having an offensive capability that we're able to use is really important," he said, highlighting the need for fast action in cyberspace. "Speed matters, so anything we can do to facilitate the work of the operators is goodness." He also said that Russia needed to be held accountable for its role in the SolarWinds hack.
Austin and Haynes separately said they would review the relationship between the National Security Agency (NSA) and US Cyber Command, which have shared leadership since the latter’s creation. The idea of placing the two under different leadership has been a recurring theme among defense and intelligence officials for several years. The Trump administration proposed doing so during its final days.
Senators expressed dissatisfaction with the government's current cyber security capabilities during the hearings. Republican Senator Roy Blunt complained Congress hadn't received a report on the SolarWinds attack. Senate Intelligence Committee Vice Chairman Mark Warner said the government had to rely on a private-sector company to find out about it. "One part of the government doesn't seem to know what the other is doing," Warner said.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now