Can Congress salvage a broken cyber strategy?
A cyberspace ambassador. An exchange program between government and private security experts. A cyber blue-ribbon commission based on nuclear age strategy.
These are among the scattershot of proposals that Congress has considered this week as lawmakers attempt to articulate a national cybersecurity strategy in the face of continued digital hostility from Russia and China.
Amid a barrage of recent criticism leveled at both the Trump and Obama administrations for a cybersecurity policy that is either entirely absent or timid, the proposed legislation is sending a message: America needs a plan. Yet in comparison to the crisp Chinese five-year plans and Russian digital assaults, the cyber plan forged by Congress appears increasingly scattershot to analysts.
“States like China and Israel have comprehensive national strategies for the cyber domain that integrate national security and economic concerns,” said Bobby Chesney, a professor at the University of Texas at Austin.
“The United States has not been nearly so strategic under either Obama or Trump, and now many Senators are doing what they can to try to force smarter strategic thinking.”
In recent negotiations with China, experts say that Trump has been willing to trade away the cybersecurity of American citizens for a friendlier business climate. And in May, the White House eliminated the position of cybersecurity coordinator. Only 13 percent of security experts believe that Congress and the White House understand the cyberthreat, according to a recent survey by the firm Black Hat.
Chesney said several provisions aim to force the administration to take a tough line in response to malicious Russian cyber activity, but he added it is hard to force action. On the other hand, Chesney supported the proposed bipartisan “Cyber Solarium Commission,” which would examine the nation’s cyber strategy.
The commission hopes to strengthen America’s cybersecurity through sociology techniques that were used during the Eisenhower administration.
Congressional staff are working this week to reconcile the defense spending bill that contains the tough language and the commission, but it is just one out of several proposals that is creating a blurred digital road-map.
A new plan for how the U.S. government should respond to state-sponsored cyberattacks was also approved in the House Foreign Affairs Committee June 28. It came one week after former President Obama’s top cyber official confirmed a report that he was ordered to “stand down” in the face of Russian digital aggression. The proposal from Rep. Ted Yoho, R-Fla., now faces a full House and Senate vote.
And amid a hollowed out State Department, a Senate committee approved the creation of a new chief cybersecurity diplomat June 26. It is a direct rebuttal of former Secretary of State Rex Tillerson, who scrapped a previous office that coordinated digital issues.
Speaking at George Washington University June 28, the president of FireEye, Kevin Mandia, laid out the challenges for protecting America’s digital infrastructure. Most of the U.S. critical infrastructure is in the private sector, according to Mandia, as opposed to other countries who have nationalized the systems that underlie their society.
“We are in a $10 million glass house and North Korea is in a mud hut with seven IP addresses,” said Mandia