Barring closer scrutiny, harsher consequences and stronger leadership, the nation hasn’t reached the upper limit of devastating cyber attacks, particularly from Russian hackers, former Cybersecurity Infrastructure and Security Agency (CISA) director Christopher Krebs and other security officials told lawmakers at a recent Congressional hearing.
In testimony to the House Homeland Security Committee, Krebs, who former President Trump fired after the 2020 presidential election, said a confluence of factors embolden cyber attackers. “As long as the tools are available, vulnerabilities exist, money and secrets are to be had, and the lack of meaningful consequences persist, there will be malicious cyber actors,” Krebs said, The Hill reported.
The statements emerge amid recent efforts by the Biden Administration to significantly strengthen the federal government's overall cybersecurity brainpower and strategy.
Here’s what Krebs and other security experts are urging on Congress: (per The Hill)
Stronger deterrence.
Krebs is not a one-off in calling for more powerful measures to make cyber attackers think twice before launching an offensive. Michael Daniel, the president and chief executive of the Cyber Threat Alliance, told the committee that the relatively few number of successful attacks on critical infrastructure owed to stronger online deterrence measures.
“The level of activity that we have not been able to deter is still too high,” Daniel, who served as White House cybersecurity coordinator in the Obama administration, said. “In the nation state context we have to put it in that geo-strategic context…and figure out how to raise the cost on our adversaries in a way that would cause them to change their behavior,” he reportedly said.
Whole-of-government approach.
Sue Gordon, the ex-principal deputy director of national security in the Trump administration, said a whole-of-government approach that combines the public and private sector and foreign allies is what’s needed. “We need to bring the problem into the light ruthlessly, because evil cannot survive there,” Gordon testified.
Stronger federal leadership.
“The behavior will continue until the leadership has decided that it cannot tolerate further behavior,” Krebs said.
Treaty cybersecurity as a threat to national security.
Bennie Thompson (D-MS), who chairs the Committee, said more meetings will be held to get a better grasp on cybersecurity threats. “We must do as President Biden has done and treat cybersecurity as a central national security priority and not a ‘boutique add-on,’” Thompson said.
Committee ranking member John Katko (R-NY) called cybersecurity the “preeminent” threat to national and homeland security. “I want this to be a hearing about opportunity for action, not just admiration of the problem,” Katko said. “We have already ceded critical ground to our global cyber adversaries, and there is simply no time to waste.”