McCaskill slams 'turf wars' over cyber
Why some senators and private sector players think big changes are needed in the U.S. approach to cybersecurity.
Sen. Claire McCaskill (D-Mo.) complained about "turf wars" in U.S. cybersecurity policy and enforcement.
The federal government needs to define its strategies and authorities to defend against a growing wave of electronic threats from criminal and nation-state organizations, said lawmakers and private industry officials in a Senate panel on the current cyberthreat landscape.
"It is worse than spaghetti," said Senate Homeland Security and Governmental Affairs Committee Ranking Member Sen. Claire McCaskill, (D-Mo.), describing the various groups in the U.S. military and at DHS responsible for U.S. cyber security and defense.
"It is so confusing, so disparate there's no wonder we're having these turf wars," she said at a May 10 committee hearing.
"We have got to figure out how to break through the bureaucratic rules, our pay scales and how do we engage the private sector, so we literally do have the best and brightest" working on the issue, said committee Chairman Ron Johnson (R-Wis.).
Johnson promised more hearings to sort out that tangle and generate solutions, with the help of more nimble commercial companies and private organizations
Steven Chabinsky, global chair of data, privacy and cyber security at international law firm White & Case, hopes to see a new approach.
Chabinsky, a former deputy assistant director of the FBI's Cyber Division, called for 10 percent of the defense budget to be devoted to developing higher level cyber protections by the U.S. government, as well as a "180 degree" shift in how the government addresses threats.
Rather than focus on hygiene at the user level, the federal government should push higher-level protection functions by the government. The recommendations were included in the White House Cybersecurity Commission Report issued in December 2016.
"The problem is getting worse and we are losing," Chabinsky said. "We are following a failed strategy that can and must be changed."
Additional solutions could also be more innovative approaches by the military and the federal government, according to Johnson and McCaskill.
The Missouri National Guard, said McCaskill, has a unique program called Response Operation Collection Kit Network Security Monitoring to provide a readily available tool to combat cyber attacks.
That program, according to Missouri National Guard Captain Kevin Keene, was developed to protect critical infrastructure by allowing more controlled interaction with cyberthreat adversaries. The kit is now used by over 40 different government entities and commercial companies, said Keene, who works in cybersecurity at the agribusiness firm Monsanto.
"Rules of engagement are needed," said Sen. Steve Daines (R.-Mont.). Cyber attacks that destroy corporate digital assets, he said, are akin to destruction of physical assets and call for some kind of consequence. The current approach is "building a bigger and better fence" to keep cyberattackers out, he said. Consequences for getting caught breaching that fence, he added, are not well defined.