During a recent hearing on encryption and cybersecurity, Sen. John McCain, R-Ariz., introduced the idea of creating a policy that will define what actions the United States would take in the case of a (serious) cyberthreat or cyberattack. Basically, McCain told Adm. Mike Rogers, commander of U.S. Cyber Command, director of the National Security Agency and Chief of the Central Security Service, and Marcel Lettre, under secretary of defense for intelligence: "If you don't act, I guarantee you Congress will act."
This clearly indicated the increased level of concern and attention being given to national security issues emanating from the cyber domain. The first hot topic appears to be the growing use of encryption by criminals, terrorists and rogue nation-states to obscure their communications when planning all aspects of their operations including attacks (physical and cyber). It is clear that this is a substantial issue for national security organizations and for law enforcement.
The second hot topic is how best to bridge the huge gap in cyberthreat intelligence and actions related to cyberattacks on the targets within the United States (including private companies). McCain was not the lone voice. Sen. Jeanne Shaheen. D-N.H., talked about inhibiting factors and the reluctance of the private sector to cooperate by sharing data.
There is nothing new in most of the exchanges. However, what was rather unusual was the question about just how the nation will address the growing issues from the cyber domain on a scale and at a speed that is necessary in this environment. The conversation made it clear: Continuously adding bodies and thus increasing the budget demands was not an acceptable answer. We must look toward new technology! And do it fast.
Featured Video
