McCaul: Russia is messing with U.S. election tech
Rep. Michael McCaul, chairman of the House Homeland Security Committee, is calling for the White House to strongly condemn Russia's hack of election databases.
Russia is trying to disrupt U.S. elections, according to a lawmaker who has received classified briefings on the subject.
"It's real -- a real attempt to undermine the integrity of the election process," House Homeland Security Committee Chairman Michael McCaul (R-Texas) said.
"The FBI has reached some conclusions" about attempts to penetrate voter information databases in Arizona and Illinois, he added in remarks at the Internet Security Alliance conference on Sept. 15. "I hope [the White House] will come out strongly about what Russia has done."
McCaul said the motives for the attacks on the election databases are not known, but they did not seem to be an attempt to alter election results. Nevertheless, he added, President Barack Obama should "call out the Russians for it.... We can't let foreign adversaries attack and get away with it. I hope for bold denouncement and a plan to respond."
When asked what that response might be, McCaul deferred to the White House and said he could not discuss the details because he had received a classified briefing on the attacks. However, he likened the growing adversarial cyber relationship between Russia and the U.S. as Cold War-like, with "mutually assured destruction" scenarios.
"We know they have the capability" to hack and disrupt via the internet, he said. "We do, too."
McCaul also called on the Senate to pass his Cybersecurity and Infrastructure Protection Agency Act, which supports reorganizing the National Protection and Programs Directorate (NPPD) at DHS into an operational component called Cyber Infrastructure Protection.
A new 'social contract' for cyber
At the same event, White House Cybersecurity Coordinator Michael Daniel and Bruce Andrews, deputy secretary at the Commerce Department, said they hoped to get industry to join the government in the battle against rapidly growing cyberthreats.
To that end, the Internet Security Alliance unveiled an updated Cybersecurity Social Contract model that seeks to make internet security a joint public/private responsibility.
Suzanne Spaulding, NPPD undersecretary, said she agreed with some of the ideas in the ISA document and endorsed its holistic approach. "You can't put [cybersecurity] in an IT stovepipe" and expect it to work, she added.
Although she said she adhered to the Obama administration's request for a 35 percent increase in cybersecurity spending, she praised the ISA document's recommendation for an approximately threefold increase in spending but noted that "it takes awhile to move an aircraft carrier."
Along those lines, Andrews unveiled a draft cybersecurity self-assessment tool based on the National Institute of Standards and Technology's Cybersecurity Framework and developed with input from U.S. CIO Tony Scott. Andrews said companies could use the tool to help integrate the framework into their operations.
The initiative, which also draws on NIST's Baldridge Performance Excellence Program, is intended be an open-ended document. NIST is accepting public comments on the draft until Dec. 15.