Sen. Mike Rounds: Time for a real strategy to keep Americans safe from cyber threats
It is alleged that in recent months, the Russian government conducted cyber hacks of the Democratic National Committee (DNC) server and attempted to hack the Republican National Committee (RNC) email system.
In October 2016, the Department of Homeland Security and the Director of National Intelligence stated that the cyber hackers “intended to interfere with the U.S. election process” – a very serious charge.
On Dec. 16, 2016, President Obama informed reporters that he told Russian leader Vladimir Putin to “knock it off” in September after hearing of the attack on the DNC and that no further hacking attempts were made after that. Two weeks later on Dec. 29, President Obama imposed sanctions against Russian intelligence services and kicked dozens of Russian diplomats out of the country.
Meanwhile, voters of varied political viewpoints are rightfully distressed. Some Clinton supporters believe the hack swayed voters toward the president-elect, while some Trump voters assert that the publicity of the attacks stems from yet another post-mortem excuse from the losing side.
No matter which camp one is in, it should be apparent to all Americans that the United States is not immune to damaging cyber-attacks from hostile foreign nations and other bad actors. We must update our national security policies to deter such attacks before a future debilitating attack occurs, possibly on civilian critical infrastructure.
Senior officials at the Pentagon have been warning about a “Cyber 9/11” or “Cyber Pearl Harbor” for years. We already know that foreign actors have attempted to access the cyber domains of critical infrastructure in the U.S.
Imagine what would happen if a foreign actor interfered with the operations of a nuclear power plant, or shut down the communications that control aircraft operations, rail operations or water releases from large dams. Such an attack on our critical infrastructure could threaten our entire economy or – worse – lead to loss of life. Without an appropriate plan in place to stop or respond to these cyber-attacks, we put ourselves at increased risk for a catastrophic attack to occur.
As a member of the Senate Armed Services Committee, broadening our national defense policies to adequately address cyber-attacks on civilian critical infrastructure has been a priority of mine. I am glad that Congress included a provision in the 2017 National Defense Authorization Act (NDAA) which would begin the process of defining when an act in cyber space constitutes an act of war. With language similar to my Cyber Act of War Act, the NDAA will require the administration to determine when a cyber-attack on the United States requires a military response. This is vital because, while current policies permit the Pentagon to respond to a cyber-attack against military forces, our nation does not have a clear policy to govern our response to attacks on civilian infrastructure. The NDAA seeks to change that.
Now that the NDAA is law, the administration will have until December 2017 to give Congress a report on when a cyber act would warrant a military response. In preparing this report, the administration must consider (1) the ways in which the effects of a cyber-attack may be equivalent to effects of an attack using conventional kinetic weapons, including with respect to physical destruction and casualties, and (2) intangible effects of significant scope, intensity or duration.
Defining when a cyber-attack requires a military response is but one in a series of steps we must take to deter our enemies from attacking the United States with this new, sophisticated form of aggression.
While our national focus may be on whether the Russian hack allegations warrant an investigation and Obama’s recent retaliation will deter future attacks, we must not lose sight of the fact we need a defined strategy for how to keep Americans safe from cyber-threats.
We cannot know if the alleged hacks in 2016 would have been thwarted had the provisions of my Cyber Act of War Act had already been in law. What we do know is that, absent a clear message to our adversaries as to when a cyber-attack may warrant a U.S. military response, we will not have done all we can to deter devastating attacks in the future. Recent events have shown that such action is urgently needed.
(Note – this piece originally appeared on the Fox News Opinion website)